1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16PCACHETTL=${PCACHETTL-"1m"}
17PCACHENTTL=${PCACHENTTL-"1m"}
18PCACHESTTL=${PCACHESTTL-"1m"}
19PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"}
20PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"}
21PCACHETTR=${PCACHETTR-"2"}
22PCACHEBTTR=${PCACHEBTTR-"5"}
23
24. $SRCDIR/scripts/defines.sh
25
26LVL=0x100
27
28if test $PROXYCACHE = pcacheno; then
29          echo "Proxy cache overlay not available, test skipped"
30          exit 0
31fi
32
33if test $BACKLDAP = "ldapno" ; then
34          echo "LDAP backend not available, test skipped"
35          exit 0
36fi
37
38if test $BACKEND = ldif ; then
39          # The (mail=example.com*) queries hit a sizelimit, so which
40          # entry is returned depends on the ordering in the backend.
41          echo "Test does not support $BACKEND backend, test skipped"
42          exit 0
43fi
44
45mkdir -p $TESTDIR $DBDIR1 $DBDIR2
46
47# Test proxy caching:
48# - start provider
49# - start proxy cache
50# - populate provider
51# - perform a first search
52# - verify cacheability
53# - perform a second search with the same filter and same user
54# - verify answerability and cacheability of the bind
55# - perform a third search with the same user but a different filter
56# - verify cacheability of the bind and the non-answerability of the result
57
58echo "Starting provider slapd on TCP/IP port $PORT1..."
59. $CONFFILTER < $PROXYAUTHZPROVIDERCONF > $CONF1
60$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
61PID=$!
62if test $WAIT != 0 ; then
63          echo PID $PID
64          read foo
65fi
66KILLPIDS="$PID"
67
68sleep 1
69
70echo "Using ldapsearch to check that provider slapd is running..."
71for i in 0 1 2 3 4 5; do
72          $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
73                    -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1
74          RC=$?
75          if test $RC = 0 ; then
76                    break
77          fi
78          echo "Waiting 5 seconds for slapd to start..."
79          sleep 5
80done
81
82if test $RC != 0 ; then
83          echo "ldapsearch failed ($RC)!"
84          test $KILLSERVERS != no && kill -HUP $KILLPIDS
85          exit $RC
86fi
87
88echo "Using ldapadd to populate the provider directory..."
89$LDAPADD -x -D "$MANAGERDN" -H $URI1 -w $PASSWD < \
90          $LDIFORDERED > /dev/null 2>&1
91RC=$?
92if test $RC != 0 ; then
93          echo "ldapadd failed ($RC)!"
94          test $KILLSERVERS != no && kill -HUP $KILLPIDS
95          exit $RC
96fi
97
98echo "Starting proxy cache on TCP/IP port $PORT2..."
99. $CONFFILTER < $PROXYAUTHZCONF | sed \
100          -e "s/@TTL@/${PCACHETTL}/"                        \
101          -e "s/@NTTL@/${PCACHENTTL}/"            \
102          -e "s/@STTL@/${PCACHENTTL}/"            \
103          -e "s/@TTR@/${PCACHETTR}/"                        \
104          -e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/"       \
105          -e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/"                       \
106          -e "s/@BTTR@/${PCACHEBTTR}/"                      \
107          > $CONF2
108
109$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 &
110CACHEPID=$!
111if test $WAIT != 0 ; then
112          echo CACHEPID $CACHEPID
113          read foo
114fi
115KILLPIDS="$KILLPIDS $CACHEPID"
116
117sleep 1
118
119echo "Using ldapsearch to check that proxy slapd is running..."
120for i in 0 1 2 3 4 5; do
121          $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
122                    -D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1
123          RC=$?
124          if test $RC = 0 ; then
125                    break
126          fi
127          echo "Waiting 5 seconds for slapd to start..."
128          sleep 5
129done
130
131if test $RC != 0 ; then
132          echo "ldapsearch failed ($RC)!"
133          test $KILLSERVERS != no && kill -HUP $KILLPIDS
134          exit $RC
135fi
136
137cat /dev/null > $SEARCHOUT
138
139echo "Making queries on the proxy cache..."
140CNT=0
141
142
143CNT=`expr $CNT + 1`
144USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
145UPASSWD="jaj"
146echo "Query $CNT: $USERDN"
147echo "# Query $CNT: $USERDN" >> $SEARCHOUT
148
149$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
150          -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
151RC=$?
152
153if test $RC != 0 ; then
154          echo "ldapsearch failed ($RC)!"
155          test $KILLSERVERS != no && kill -HUP $KILLPIDS
156          exit $RC
157fi
158
159# Check that the bind is cached
160grep "CACHING BIND for $USERDN" $LOG2 > /dev/null
161
162RC=$?
163if test $RC != 0 ; then
164          echo "Refresh failed"
165          test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
166          exit 1
167fi
168
169CNT=`expr $CNT + 1`
170USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
171UPASSWD="jaj"
172echo "Query $CNT: (Bind should be cached)"
173echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
174
175$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
176          -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
177
178RC=$?
179if test $RC != 0 ; then
180          echo "ldapsearch failed ($RC)!"
181          test $KILLSERVERS != no && kill -HUP $KILLPIDS
182          exit $RC
183fi
184
185grep "CACHED BIND for $USERDN" $LOG2 > /dev/null
186RC=$?
187if test $RC != 0 ; then
188          echo "Refresh failed"
189          test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
190          exit 1
191fi
192
193CNT=`expr $CNT + 1`
194USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
195
196echo "Query $CNT: (Bind should be cached)"
197echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
198$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
199          -D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
200
201RC=$?
202if test $RC != 0 ; then
203          echo "ldapsearch failed ($RC)!"
204          test $KILLSERVERS != no && kill -HUP $KILLPIDS
205          exit $RC
206fi
207
208RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l`
209if test $RC != 2 ; then
210          echo "Bind wasn't answered from cache"
211          test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
212          exit 1
213fi
214
215echo "=== New search on (sn=jo*)"
216cat /dev/null > $SEARCHOUT
217echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
218$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
219          -D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT
220
221RC=$?
222if test $RC != 0 ; then
223          echo "ldapsearch failed ($RC)!"
224          test $KILLSERVERS != no && kill -HUP $KILLPIDS
225          exit $RC
226fi
227
228RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l`
229if test $RC != 3 ; then
230          echo "Bind wasn't answered from cache"
231          test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
232          exit 1
233fi
234
235RC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l`
236if test $RC != 3 ; then
237          echo "Search wasn't searched on remote peer"
238          test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
239          exit 1
240fi
241
242RC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l`
243if test $RC != 1 ; then
244          echo "Search wasn't retrieved on remote peer"
245          test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
246          exit 1
247fi
248
249echo "Test succeeded"
250
251test $KILLSERVERS != no && kill -HUP $KILLPIDS
252
253test $KILLSERVERS != no && wait
254
255exit 0
256