mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-01-08 16:04:47 -05:00
ITS#9400 Added test case for back-ldap retry failure
This commit is contained in:
Tero Saarni
Howard Chu
parent
12523b0f29
commit
a3abd12729
2 changed files with 206 additions and 0 deletions
161
tests/data/regressions/its9400/its9400
Executable file
161
tests/data/regressions/its9400/its9400
Executable file
|
|
@ -0,0 +1,161 @@
|
|||
#! /bin/sh
|
||||
# $OpenLDAP$
|
||||
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
||||
##
|
||||
## Copyright 1998-2020 The OpenLDAP Foundation.
|
||||
## All rights reserved.
|
||||
##
|
||||
## Redistribution and use in source and binary forms, with or without
|
||||
## modification, are permitted only as authorized by the OpenLDAP
|
||||
## Public License.
|
||||
##
|
||||
## A copy of this license is available in the file LICENSE in the
|
||||
## top-level directory of the distribution or, alternatively, at
|
||||
## <http://www.OpenLDAP.org/license.html>.
|
||||
|
||||
echo "running defines.sh"
|
||||
. $SRCDIR/scripts/defines.sh
|
||||
|
||||
ITS=9400
|
||||
ITSDIR=$DATADIR/regressions/its$ITS
|
||||
|
||||
if test $BACKLDAP = "ldapno" ; then
|
||||
echo "LDAP backend not available, test skipped"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
mkdir -p $TESTDIR $DBDIR1 $DBDIR2
|
||||
cp -r $DATADIR/tls $TESTDIR
|
||||
|
||||
echo "This test checks that back-ldap does retry binds after the remote LDAP server"
|
||||
echo "has abruptly disconnected the (idle) LDAP connection."
|
||||
|
||||
#
|
||||
# Start slapd that acts as a remote LDAP server that will be proxied
|
||||
#
|
||||
echo "Running slapadd to build database for the remote slapd server..."
|
||||
. $CONFFILTER $BACKEND < $CONF > $CONF1
|
||||
$SLAPADD -f $CONF1 -l $LDIFORDERED
|
||||
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "slapadd failed ($RC)!"
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
|
||||
echo "Starting remote slapd server on TCP/IP port $PORT1..."
|
||||
$SLAPD -f $CONF1 -h "$URI1" -d $LVL > $LOG1 2>&1 &
|
||||
SERVERPID=$!
|
||||
if test $WAIT != 0 ; then
|
||||
echo SERVERPID $SERVERPID
|
||||
read foo
|
||||
fi
|
||||
|
||||
|
||||
#
|
||||
# Start ldapd that will proxy for the remote server
|
||||
#
|
||||
echo "Starting slapd proxy on TCP/IP port $PORT2..."
|
||||
. $CONFFILTER $BACKEND < $ITSDIR/slapd-proxy-idassert.conf > $CONF2
|
||||
$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
|
||||
PROXYPID=$!
|
||||
if test $WAIT != 0 ; then
|
||||
echo PROXYPID $PROXYPID
|
||||
read foo
|
||||
fi
|
||||
KILLPIDS="$KILLPIDS $PROXYPID"
|
||||
|
||||
sleep 1
|
||||
|
||||
|
||||
#
|
||||
# Successful searches
|
||||
#
|
||||
|
||||
echo "Using ldapsearch with bind that will be passed through to remote server..."
|
||||
$LDAPSEARCH -S "" -b "$BASEDN" \
|
||||
-D "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" \
|
||||
-H $URI2 \
|
||||
-w "bjensen" \
|
||||
'objectclass=*' > $TESTOUT 2>&1
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapsearch failed at proxy ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
|
||||
echo "Using ldapsearch with idassert-bind..."
|
||||
$LDAPSEARCH -S "" -b "$BASEDN" -D "cn=Manager,dc=local,dc=com" -H $URI2 -w "secret" \
|
||||
'objectclass=*' >> $TESTOUT 2>&1
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapsearch failed at proxy ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
|
||||
#
|
||||
# Now kill the remote slapd that is being proxied for.
|
||||
# This will invalidate the current TCP connections that proxy has to remote.
|
||||
#
|
||||
echo "Killing remote server"
|
||||
kill $SERVERPID
|
||||
sleep 1
|
||||
|
||||
echo "Re-starting remote slapd server on TCP/IP port $PORT1..."
|
||||
$SLAPD -f $CONF1 -h "$URI1" -d $LVL >> $LOG1 2>&1 &
|
||||
SERVERPID=$!
|
||||
if test $WAIT != 0 ; then
|
||||
echo SERVERPID $SERVERPID
|
||||
read foo
|
||||
fi
|
||||
KILLPIDS="$KILLPIDS $SERVERPID"
|
||||
|
||||
sleep 2
|
||||
|
||||
|
||||
echo "-------------------------------------------------" >> $TESTOUT
|
||||
echo "Searches after remote slapd server has restarted:" >> $TESTOUT
|
||||
echo "-------------------------------------------------" >> $TESTOUT
|
||||
|
||||
#
|
||||
# Successful search
|
||||
#
|
||||
echo "Using ldapsearch with bind that will be passed through to remote server..."
|
||||
$LDAPSEARCH -S "" -b "$BASEDN" \
|
||||
-D "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" \
|
||||
-H $URI2 \
|
||||
-w "bjensen" \
|
||||
'objectclass=*' >> $TESTOUT 2>&1
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapsearch failed at proxy ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
#
|
||||
# UNSUCCESFUL SEARCH
|
||||
#
|
||||
echo "Using ldapsearch with idassert-bind..."
|
||||
$LDAPSEARCH -S "" -b "$BASEDN" -D "cn=Manager,dc=local,dc=com" -H $URI2 -w "secret" \
|
||||
'objectclass=*' >> $TESTOUT 2>&1
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapsearch failed at proxy ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
|
||||
echo ">>>>> Test succeeded"
|
||||
|
||||
test $KILLSERVERS != no && wait
|
||||
|
||||
exit 0
|
||||
45
tests/data/regressions/its9400/slapd-proxy-idassert.conf
Normal file
45
tests/data/regressions/its9400/slapd-proxy-idassert.conf
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
# provider slapd config -- for testing
|
||||
# $OpenLDAP$
|
||||
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
||||
##
|
||||
## Copyright 1998-2020 The OpenLDAP Foundation.
|
||||
## All rights reserved.
|
||||
##
|
||||
## Redistribution and use in source and binary forms, with or without
|
||||
## modification, are permitted only as authorized by the OpenLDAP
|
||||
## Public License.
|
||||
##
|
||||
## A copy of this license is available in the file LICENSE in the
|
||||
## top-level directory of the distribution or, alternatively, at
|
||||
## <http://www.OpenLDAP.org/license.html>.
|
||||
|
||||
include @SCHEMADIR@/core.schema
|
||||
include @SCHEMADIR@/cosine.schema
|
||||
include @SCHEMADIR@/inetorgperson.schema
|
||||
include @SCHEMADIR@/openldap.schema
|
||||
include @SCHEMADIR@/nis.schema
|
||||
pidfile @TESTDIR@/slapd.m.pid
|
||||
argsfile @TESTDIR@/slapd.m.args
|
||||
|
||||
#######################################################################
|
||||
# database definitions
|
||||
#######################################################################
|
||||
|
||||
# here the proxy is not only acting as a proxy, but it also has a local database dc=local,dc=com"
|
||||
database @BACKEND@
|
||||
suffix "dc=local,dc=com"
|
||||
rootdn "cn=Manager,dc=local,dc=com"
|
||||
rootpw "secret"
|
||||
#~null~#directory @TESTDIR@/db.2.a
|
||||
|
||||
# Configure proxy
|
||||
# - normal user binds to "*,dc=example,dc=com" are proxied through to the remote slapd
|
||||
# - admin bind to local "cn=Manager,dc=local,dc=com" is overwritten by using idassert-bind
|
||||
database ldap
|
||||
uri "@URI1@"
|
||||
suffix "dc=example,dc=com"
|
||||
idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials="secret"
|
||||
idassert-authzFrom "dn.exact:cn=Manager,dc=local,dc=com"
|
||||
rebind-as-user yes
|
||||
|
||||
database monitor
|
||||
Loading…
Reference in a new issue