Commits (1)
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2020 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
ITS=9400
ITSDIR=$DATADIR/regressions/its$ITS
if test $BACKLDAP = "ldapno" ; then
echo "LDAP backend not available, test skipped"
exit 0
fi
mkdir -p $TESTDIR $DBDIR1 $DBDIR2
cp -r $DATADIR/tls $TESTDIR
echo "This test checks that back-ldap does retry binds after the remote LDAP server"
echo "has abruptly disconnected the (idle) LDAP connection."
#
# Start slapd that acts as a remote LDAP server that will be proxied
#
echo "Running slapadd to build database for the remote slapd server..."
. $CONFFILTER $BACKEND < $CONF > $CONF1
$SLAPADD -f $CONF1 -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Starting remote slapd server on TCP/IP port $PORT1..."
$SLAPD -f $CONF1 -h "$URI1" -d $LVL > $LOG1 2>&1 &
SERVERPID=$!
if test $WAIT != 0 ; then
echo SERVERPID $SERVERPID
read foo
fi
#
# Start ldapd that will proxy for the remote server
#
echo "Starting slapd proxy on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND < $ITSDIR/slapd-proxy-idassert.conf > $CONF2
$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
PROXYPID=$!
if test $WAIT != 0 ; then
echo PROXYPID $PROXYPID
read foo
fi
KILLPIDS="$KILLPIDS $PROXYPID"
sleep 1
#
# Successful searches
#
echo "Using ldapsearch with bind that will be passed through to remote server..."
$LDAPSEARCH -S "" -b "$BASEDN" \
-D "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" \
-H $URI2 \
-w "bjensen" \
'objectclass=*' > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at proxy ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Using ldapsearch with idassert-bind..."
$LDAPSEARCH -S "" -b "$BASEDN" -D "cn=Manager,dc=local,dc=com" -H $URI2 -w "secret" \
'objectclass=*' >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at proxy ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
#
# Now kill the remote slapd that is being proxied for.
# This will invalidate the current TCP connections that proxy has to remote.
#
echo "Killing remote server"
kill $SERVERPID
sleep 1
echo "Re-starting remote slapd server on TCP/IP port $PORT1..."
$SLAPD -f $CONF1 -h "$URI1" -d $LVL >> $LOG1 2>&1 &
SERVERPID=$!
if test $WAIT != 0 ; then
echo SERVERPID $SERVERPID
read foo
fi
KILLPIDS="$KILLPIDS $SERVERPID"
sleep 2
echo "-------------------------------------------------" >> $TESTOUT
echo "Searches after remote slapd server has restarted:" >> $TESTOUT
echo "-------------------------------------------------" >> $TESTOUT
#
# Successful search
#
echo "Using ldapsearch with bind that will be passed through to remote server..."
$LDAPSEARCH -S "" -b "$BASEDN" \
-D "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" \
-H $URI2 \
-w "bjensen" \
'objectclass=*' >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at proxy ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
#
# UNSUCCESFUL SEARCH
#
echo "Using ldapsearch with idassert-bind..."
$LDAPSEARCH -S "" -b "$BASEDN" -D "cn=Manager,dc=local,dc=com" -H $URI2 -w "secret" \
'objectclass=*' >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed at proxy ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
test $KILLSERVERS != no && wait
exit 0
# provider slapd config -- for testing
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2020 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include @SCHEMADIR@/core.schema
include @SCHEMADIR@/cosine.schema
include @SCHEMADIR@/inetorgperson.schema
include @SCHEMADIR@/openldap.schema
include @SCHEMADIR@/nis.schema
pidfile @TESTDIR@/slapd.m.pid
argsfile @TESTDIR@/slapd.m.args
#######################################################################
# database definitions
#######################################################################
# here the proxy is not only acting as a proxy, but it also has a local database dc=local,dc=com"
database @BACKEND@
suffix "dc=local,dc=com"
rootdn "cn=Manager,dc=local,dc=com"
rootpw "secret"
#~null~#directory @TESTDIR@/db.2.a
# Configure proxy
# - normal user binds to "*,dc=example,dc=com" are proxied through to the remote slapd
# - admin bind to local "cn=Manager,dc=local,dc=com" is overwritten by using idassert-bind
database ldap
uri "@URI1@"
suffix "dc=example,dc=com"
idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials="secret"
idassert-authzFrom "dn.exact:cn=Manager,dc=local,dc=com"
rebind-as-user yes
database monitor