MSAD add basic test

Requires additional envvars to be set before running.
2026-02-03 20:40:05 -05:00 · 2018-12-22 09:09:56 -08:00 · 2018-12-22 09:09:56 -08:00 · a1bf7f3ddc
commit a1bf7f3ddc
parent ff6a671e64
5 changed files with 739 additions and 0 deletions
--- a/tests/data/slapd-dirsync1.conf
+++ b/tests/data/slapd-dirsync1.conf
@ -0,0 +1,67 @@
+# slave slapd config -- for testing of MSAD DIRSYNC replication
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2018 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/nis.schema
+include		@SCHEMADIR@/msuser.schema
+#
+pidfile		@TESTDIR@/slapd.2.pid
+argsfile	@TESTDIR@/slapd.2.args
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#syncprovmod#modulepath ../servers/slapd/overlays/
+#syncprovmod#moduleload syncprov.la
+
+attributeoptions range=
+
+#######################################################################
+# consumer database definitions
+#######################################################################
+
+database	@BACKEND@
+suffix		"@MSAD_SUFFIX@"
+rootdn		"cn=Replica,@BASEDN@"
+rootpw		secret
+#null#bind		on
+#~null~#directory	@TESTDIR@/db.2.a
+#indexdb#index		objectClass	eq
+#indexdb#index		cn,sn,uid	pres,eq,sub
+#indexdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
+
+# Don't change syncrepl spec yet
+syncrepl	rid=1
+		provider=@URI1@
+		binddn="@MSAD_ADMINDN@"
+		bindmethod=simple
+		credentials="@MSAD_ADMINPW@"
+		searchbase="@MSAD_SUFFIX@"
+		filter="(|(associatedDomain=test.openldap.org)(objectclass=inetorgperson)(objectclass=groupofnames)(objectclass=groupofuniquenames))"
+		schemachecking=off
+		scope=sub
+		type=dirSync
+		interval=00:00:00:03
+updateref	@URI1@
+
+overlay		syncprov
+syncprov-sessionlog 100
+
+#monitor#database	monitor
--- a/tests/data/test-dirsync-cp.ldif
+++ b/tests/data/test-dirsync-cp.ldif
@ -0,0 +1,12 @@
+#LEAD COMMENT
+dn: ou=OpenLDAPtest,dc=example,dc=com
+ou: OpenLDAPtest
+#EMBEDDED COMMENT
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+l: Anytown, Michigan
+st: Michigan
+description: The Example, Inc. at Anytown
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associatedDomain: test.openldap.org
--- a/tests/data/test-dirsync-nocp.ldif
+++ b/tests/data/test-dirsync-nocp.ldif
@ -0,0 +1,272 @@
+#LEAD COMMENT
+dn: ou=People,dc=example,dc=com
+#EMBEDDED COMMENT
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+ou: People
+associatedDomain: test.openldap.org
+
+dn: ou=Groups,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+ou: Groups
+associatedDomain: test.openldap.org
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+ou: Alumni Association
+associatedDomain: test.openldap.org
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+ou: Information Technology Division
+associatedDomain: test.openldap.org
+description: MSAD doesn't like long descriptions
+description: 5K and 3K are too big
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Barbara Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+userpassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homepostaladdress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+carLicense: water
+homephone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimiletelephonenumber: +1 313 555 2274
+telephonenumber: +1 313 555 9022
+associatedDomain: test.openldap.org
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Bjorn Jensen
+sn: Jensen
+uid: bjorn
+userpassword:: Ympvcm4=
+homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+carLicense: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postaladdress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homephone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimiletelephonenumber: +1 313 555 2177
+telephonenumber: +1 313 555 0355
+associatedDomain: test.openldap.org
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Dorothy Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+carLicense: Lemonade
+homepostaladdress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimiletelephonenumber: +1 313 555 3223
+telephonenumber: +1 313 555 3664
+mail: dots@mail.alumni.example.com
+homephone: +1 313 555 0454
+associatedDomain: test.openldap.org
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: James A Jones 1
+sn: Jones
+uid: jaj
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+userpassword:: amFq
+homepostaladdress: 3882 Beverly Rd. $ Anytown, MI 48105
+homephone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj@mail.alumni.example.com
+facsimiletelephonenumber: +1 313 555 4332
+telephonenumber: +1 313 555 0895
+associatedDomain: test.openldap.org
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: James A Jones 2
+sn: Doe
+uid: jjones
+homepostaladdress: 933 Brooks $ Anytown, MI 48104
+homephone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postaladdress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimiletelephonenumber: +1 313 555 8688
+telephonenumber: +1 313 555 7334
+associatedDomain: test.openldap.org
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Jane Doe
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+carLicense: diet coke
+description: Enthusiastic
+mail: jdoe@woof.net
+homephone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimiletelephonenumber: +1 313 555 2311
+telephonenumber: +1 313 555 4774
+associatedDomain: test.openldap.org
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Jennifer Smith
+sn: Smith
+uid: jen
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+carLicense: Sam Adams
+homepostaladdress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen@mail.alumni.example.com
+homephone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimiletelephonenumber: +1 313 555 2756
+telephonenumber: +1 313 555 8232
+associatedDomain: test.openldap.org
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: John Doe
+sn: Doe
+uid: johnd
+postaladdress: ITD $ 535 W. William $ Anytown, MI 48109
+homepostaladdress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homephone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimiletelephonenumber: +1 313 555 4544
+telephonenumber: +1 313 555 9394
+associatedDomain: test.openldap.org
+
+dn: cn=Manager,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Manager
+sn: Manager
+description: Manager of the directory
+userpassword:: c2VjcmV0
+associatedDomain: test.openldap.org
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Mark Elliot
+sn: Elliot
+uid: melliot
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198
+homephone: +1 313 555 0388
+carLicense: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimiletelephonenumber: +1 313 555 7762
+telephonenumber: +1 313 555 4177
+associatedDomain: test.openldap.org
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectclass: inetorgperson
+objectclass: domainRelatedObject
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postaladdress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+homepostaladdress: 123 Anystreet $ Anytown, MI 48104
+mail: uham@mail.alumni.example.com
+homephone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimiletelephonenumber: +1 313 555 9700
+telephonenumber: +1 313 555 5331
+associatedDomain: test.openldap.org
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectclass: groupofnames
+objectclass: domainRelatedObject
+associatedDomain: test.openldap.org
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectclass: groupofuniquenames
+objectclass: domainRelatedObject
+uniquemember: cn=Manager,dc=example,dc=com
+uniquemember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=example,dc=com 
+uniquemember: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com 
+uniquemember: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+associatedDomain: test.openldap.org
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectclass: groupofnames
+objectclass: domainRelatedObject
+associatedDomain: test.openldap.org
+
+dn: ou=testdomain1,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+ou: testdomain1
+description: Example, Inc. modify+modrdn test domain
+associatedDomain: test.openldap.org
+
+dn: ou=testdomain2,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: domainRelatedObject
+ou: testdomain2
+description: Example, Inc. modify then modrdn test domain 
+associatedDomain: test.openldap.org
--- a/tests/scripts/confdirsync.sh
+++ b/tests/scripts/confdirsync.sh
@ -0,0 +1,18 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2018 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+sed -e "s/@BASEDN@/${BASEDN}/"				\
+	-e "s/@MSAD_ADMINDN@/${MSAD_ADMINDN}/"		\
+	-e "s/@MSAD_ADMINPW@/${MSAD_ADMINPW}/"		\
+	-e "s/@MSAD_SUFFIX@/${MSAD_SUFFIX}/"
--- a/tests/scripts/test071-dirsync
+++ b/tests/scripts/test071-dirsync
@ -0,0 +1,370 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2018 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+# requires MSAD_URI, MSAD_SUFFIX, MSAD_ADMINDN, MSAD_ADMINPW
+if test -z "$MSAD_URI"; then
+	echo "No MSAD envvars set, test skipped"
+	exit 0
+fi
+if test $SYNCPROV = syncprovno; then 
+	echo "Syncrepl provider overlay not available, test skipped"
+	exit 0
+fi 
+
+mkdir -p $TESTDIR $DBDIR2
+
+URI1=$MSAD_URI
+BASEDN="ou=OpenLDAPtest,$MSAD_SUFFIX"
+DC=`echo $MSAD_SUFFIX | sed -e 's/dc=//' -e 's/,.*//'`
+
+#
+# Test replication:
+# - populate MSAD over ldap
+# - start consumer
+# - perform some modifies and deletes
+# - attempt to modify the consumer (referral)
+# - retrieve database over ldap and compare against expected results
+#
+
+# Notes:
+# We use a separate OU under the MSAD suffix to contain our test objects,
+# since we can't just wipe out the entire directory when starting over.
+# The replication search filter is thus more convoluted than would normally
+# be needed. Typically it would only need (|(objectclass=user)(objectclass=group))
+#
+# MSAD does referential integrity by default, so to get 1-to-1 modifications
+# we must add users before creating groups that reference them, and we
+# should delete group memberships before deleting users. If we delete
+# users first, MSAD will automatically remove them from their groups,
+# but won't notify us of these changed groups.
+# We could use the refint overlay to duplicate this behavior, but that's
+# beyond the scope of this test.
+
+echo "Using ldapsearch to check that MSAD is running..."
+$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -s base -b "$MSAD_SUFFIX" -H $MSAD_URI 'objectclass=*' > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	exit $RC
+fi
+
+echo "Using ldapdelete to delete old MSAD test tree, if any..."
+$LDAPDELETE -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW -r "$BASEDN"
+RC=$?
+
+echo "Using ldapadd to create the test context entry in MSAD..."
+sed -e "s/dc=example,dc=com/$MSAD_SUFFIX/" < $LDIFDIRSYNCCP | \
+	$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapadd failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Starting consumer slapd on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND $MONITORDB < $DIRSYNC1CONF | . $CONFDIRSYNC > $CONF2
+$SLAPADD -f $CONF2 <<EOMODS
+dn: $MSAD_SUFFIX
+dc: $DC
+objectclass: organization
+objectclass: dcObject
+o: OpenLDAP Testing
+
+EOMODS
+$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+    echo SLAVEPID $SLAVEPID
+    read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that consumer slapd is running..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+
+echo "Using ldapsearch to check that consumer received context entry..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for syncrepl to catch up..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Using ldapadd to populate MSAD..."
+sed -e "s/dc=example,dc=com/$BASEDN/" < $LDIFDIRSYNCNOCP | \
+	$LDAPADD -D "$MSAD_ADMINDN" -H $MSAD_URI -w $MSAD_ADMINPW > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapadd failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+echo "Using ldapmodify to modify provider directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
+changetype: modify
+add: carLicense
+carLicense: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
+changetype: modify
+replace: carLicense
+carLicense: Iced Tea
+carLicense: Mad Dog 20/20
+
+dn: cn=ITD Staff,ou=Groups,$BASEDN
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
+uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, $BASEDN
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, $BASEDN
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, $BASEDN
+
+dn: cn=All Staff,ou=Groups,$BASEDN
+changetype: modify
+replace: description
+description: The whole universe
+-
+delete: member
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,$BASEDN
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, $BASEDN
+changetype: add
+objectclass: inetorgperson
+objectclass: domainrelatedobject
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, $BASEDN
+carLicense: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen@mailgw.example.com
+homephone: +1 313 555 8844
+associateddomain: test.openldap.org
+
+dn: ou=Retired, ou=People, $BASEDN
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
+changetype: add
+objectclass: inetorgperson
+objectclass: domainrelatedobject
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+associateddomain: test.openldap.org
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, $BASEDN
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, $BASEDN
+
+dn: ou=testdomain1,$BASEDN
+changetype: modrdn
+newrdn: ou=itsdomain1
+deleteoldrdn: 1
+
+dn: ou=itsdomain1,$BASEDN
+changetype: modify
+replace: description
+description: Example, Inc. ITS test domain
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+echo "Performing modrdn alone on the provider..."
+$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
+	$TESTOUT 2>&1 << EOMODS
+dn: ou=testdomain2,$BASEDN
+changetype: modrdn
+newrdn: ou=itsdomain2
+deleteoldrdn: 1
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+echo "Performing modify alone on the provider..."
+$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
+	$TESTOUT 2>&1 << EOMODS
+dn: ou=itsdomain2,$BASEDN
+changetype: modify
+replace: description
+description: Example, Inc. itsdomain2 test domain
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+echo "Performing larger modify on the provider..."
+$LDAPMODIFY -v -H $MSAD_URI -D "$MSAD_ADMINDN" -w $MSAD_ADMINPW > \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, $BASEDN
+changetype: delete
+
+dn: cn=Alumni Assoc Staff,ou=Groups,$BASEDN
+changetype: modify
+replace: description
+description: blablabla
+-
+replace: member
+member: cn=Manager,$BASEDN
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,$BASEDN
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN
+member: cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,$BASEDN
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,$BASEDN
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting $SLEEP1 seconds for syncrepl to receive changes..."
+sleep $SLEEP1
+
+OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
+
+echo "Using ldapsearch to read all the entries from the provider..."
+$LDAPSEARCH -D $MSAD_ADMINDN -w $MSAD_ADMINPW -S "" -H $MSAD_URI -b "$MSAD_SUFFIX" -E \!dirsync=0/0 -o ldif_wrap=120 \
+	'(associatedDomain=test.openldap.org)' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed at provider ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the consumer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 -o ldif_wrap=120 \
+	'(objectclass=*)' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed at consumer ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering provider results..."
+$LDIFFILTER -s a < $MASTEROUT | sed -e 's/CN=/cn=/g' -e 's/OU=/ou=/g' -e 's/DC=/dc=/g' > $MASTERFLT
+echo "Filtering consumer results..."
+$LDIFFILTER -s a < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from provider and consumer..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "test failed - provider and consumer databases differ"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0