diff --git a/tests/data/slapd-repl-slave-remote.conf b/tests/data/slapd-repl-slave-remote.conf
new file mode 100644
index 0000000000..1f2badf626
--- /dev/null
+++ b/tests/data/slapd-repl-slave-remote.conf
@@ -0,0 +1,76 @@
+# slave slapd config -- for testing of replication
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2005 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+#
+pidfile @TESTDIR@/slapd.2.pid
+argsfile @TESTDIR@/slapd.2.args
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+
+#ldapyes#overlay chain
+#ldapyes#chain-uri @URI1@
+#ldapyes#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+#ldapmod#overlay chain
+#ldapmod#chain-uri @URI1@
+#ldapmod#chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self
+
+#######################################################################
+# database definitions
+#######################################################################
+
+access to *
+ by * read
+
+database @BACKEND@
+#ldbm#cachesize 0
+suffix "dc=example,dc=com"
+directory @TESTDIR@/db.2.a
+rootdn "cn=Replica,dc=example,dc=com"
+rootpw secret
+# HACK: use the RootDN of the monitor database as UpdateDN so ACLs apply
+# whithout the need to write the UpdateDN before starting replication
+updatedn "cn=Monitor"
+updateref @URI1@
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#bdb#index entryUUID pres,eq
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#hdb#index entryUUID pres,eq
+
+# Need to strip hasSubordinates from internal searches otherwise
+# syncrepl will try to delete it, since syncprov is not sending
+# it because it's generated
+access to dn.subtree="dc=example,dc=com" attrs=hasSubordinates
+ by dn.exact="cn=Monitor" none
+ by * read
+
+access to dn.subtree="dc=example,dc=com"
+ by dn.exact="cn=Monitor" write
+ by * read
+
+#monitor#database monitor
+#monitor#rootdn "cn=Monitor"
+#monitor#rootpw monitor
diff --git a/tests/data/slapd-syncrepl-slave-persist-ldap.conf b/tests/data/slapd-syncrepl-slave-persist-ldap.conf
index e3beda58bd..f94fcd7c33 100644
--- a/tests/data/slapd-syncrepl-slave-persist-ldap.conf
+++ b/tests/data/slapd-syncrepl-slave-persist-ldap.conf
@@ -36,15 +36,21 @@ argsfile @TESTDIR@/slapd.3.args
#######################################################################
database ldap
-#restrict all
+restrict all
suffix "dc=example,dc=com"
-rootdn "cn=Replica,dc=example,dc=com"
+rootdn "cn=Whoever"
uri @URI2@
+
+# HACK: use the RootDN of the monitor database as UpdateDN so ACLs apply
+# whithout the need to write the UpdateDN before starting replication
acl-bind bindmethod=simple
- binddn="cn=Replica,dc=example,dc=com"
- credentials=secret
+ binddn="cn=Monitor"
+ credentials=monitor
# Don't change syncrepl spec yet
+
+# HACK: use the RootDN of the monitor database as UpdateDN so ACLs apply
+# whithout the need to write the UpdateDN before starting replication
syncrepl rid=1
provider=@URI1@
binddn="cn=Manager,dc=example,dc=com"
diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
index 0f45229c48..035d9e71dd 100755
--- a/tests/scripts/defines.sh
+++ b/tests/scripts/defines.sh
@@ -104,6 +104,7 @@ GLUELDAPCONF=$DATADIR/slapd-glue-ldap.conf
ACICONF=$DATADIR/slapd-aci.conf
VALSORTCONF=$DATADIR/slapd-valsort.conf
DYNLISTCONF=$DATADIR/slapd-dynlist.conf
+RSLAVECONF=$DATADIR/slapd-repl-slave-remote.conf
PLSRSLAVECONF=$DATADIR/slapd-syncrepl-slave-persist-ldap.conf
CONF1=$TESTDIR/slapd.1.conf
diff --git a/tests/scripts/test045-syncreplication-proxied b/tests/scripts/test045-syncreplication-proxied
index 6d2be1e1fb..85bd1622bd 100755
--- a/tests/scripts/test045-syncreplication-proxied
+++ b/tests/scripts/test045-syncreplication-proxied
@@ -36,6 +36,11 @@ if test $SYNCPROV = syncprovno; then
exit 0
fi
+if test $MONITORDB = no; then
+ echo "Monitor backend not available, test skipped"
+ exit 0
+fi
+
mkdir -p $TESTDIR $DBDIR1 $DBDIR2
#
@@ -63,7 +68,7 @@ sleep 1
echo "Using ldapsearch to check that master slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > /dev/null 2>&1
+ '(objectClass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
@@ -89,7 +94,7 @@ if test $RC != 0 ; then
fi
echo "Starting slave slapd on TCP/IP port $PORT2..."
-. $CONFFILTER $BACKEND $MONITORDB < $SLAVECONF > $CONF2
+. $CONFFILTER $BACKEND $MONITORDB < $RSLAVECONF > $CONF2
$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
SLAVEPID=$!
if test $WAIT != 0 ; then
@@ -103,7 +108,7 @@ sleep 1
echo "Using ldapsearch to check that slave slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > /dev/null 2>&1
+ '(objectClass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
@@ -133,7 +138,7 @@ sleep 1
echo "Using ldapsearch to check that proxy slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT3 \
- 'objectclass=*' > /dev/null 2>&1
+ '(objectClass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
@@ -164,7 +169,7 @@ sleep 15
# first check
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectClass=*)' > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -175,7 +180,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectClass=*)' > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -215,7 +220,7 @@ sleep 1
echo "Using ldapsearch to check that master slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > /dev/null 2>&1
+ '(objectClass=*)' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
@@ -323,7 +328,7 @@ sleep 15
# second check
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectClass=*)' > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -334,7 +339,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectClass=*)' > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -373,9 +378,16 @@ dn: cn=James T. Kirk, ou=Retired, ou=People, dc=example,dc=com
changetype: add
objectclass: OpenLDAPperson
sn: Kirk
-uid: jkirk
+uid: jtk
cn: James T. Kirk
+dn: cn=Tiberius J. Hooker, ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+sn: Hooker
+uid: tjh
+cn: Tiberius J. Hooker
+
EOMODS
echo "Restarting proxy..."
@@ -394,7 +406,7 @@ sleep 25
# third check
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectClass=*)' > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -405,7 +417,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectClass=*)' > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -454,7 +466,7 @@ fi
# fourth check
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectClass=*)' > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -465,7 +477,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectClass=*)' > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -518,7 +530,7 @@ sleep 25
# fifth check
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectClass=*)' > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -529,7 +541,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectClass=*)' > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -556,7 +568,7 @@ fi
#
# Modifications known to fail
#
-
+echo "(DEVEL) Performing modifications that are known to fail..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOMODS
# First, back out previous change
@@ -565,7 +577,7 @@ changetype: modify
delete: drink
drink: Mad Dog 20/20
-# From now on, place modifications that are known to fail
+# From now on, perform modifications that are known to fail
dn: cn=All Staff,ou=Groups,dc=example,dc=com
changetype: modify
delete: description
@@ -585,7 +597,7 @@ sleep 15
# sixth check
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectClass=*)' > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
@@ -596,7 +608,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectClass=*)' > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then