Provide a script for setting up slapd

The setup_slapd.sh script can be used to set up and start a slapd
instance in a single (temporary) directory. The slapd instance is
configured and loaded with test data for use in the test environment.

2 files changed, 310 insertions, 0 deletions

diff --git a/tests/config.ldif b/tests/config.ldif
new file mode 100644
index 0000000..66ae428
--- /dev/null
+++ b/tests/config.ldif
@@ -0,0 +1,119 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: @BASEDIR@/slapd.args
+olcPidFile: @BASEDIR@/slapd.pid
+olcToolThreads: 1
+olcSizeLimit: unlimited
+olcTimeLimit: unlimited
+
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+olcModuleLoad: back_bdb
+olcModuleLoad: ppolicy
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+include: file:///etc/ldap/schema/misc.ldif
+include: file:///etc/ldap/schema/ppolicy.ldif
+
+dn: cn=samba,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: samba
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName ) )
+olcObjectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) )
+olcObjectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) )
+olcObjectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) )
+olcObjectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $gidNumber ) )
+olcObjectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
+
+dn: cn=autofs,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: autofs
+olcAttributeTypes: ( 1.3.6.1.1.1.1.25 NAME 'automountInformation' DESC 'Information used by the autofs automounter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.1.1.1.13 NAME 'automount' DESC 'An entry in an automounter map' SUP top STRUCTURAL MUST ( cn $ automountInformation $ objectclass ) MAY description )
+olcObjectClasses: ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' DESC 'An group of related automount objects' SUP top STRUCTURAL MUST ou )
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: to *
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
+  by * break
+olcAccess: to dn.exact=""
+  by * read
+olcAccess: to dn.base="cn=Subschema"
+  by * read
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: to *
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
+  by * break
+olcRootDN: cn=admin,cn=config
+
+dn: olcDatabase={1}bdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcBdbConfig
+olcDatabase: {1}bdb
+olcDbDirectory: @BASEDIR@/ldapdb
+olcSuffix: dc=test,dc=tld
+olcAccess: to attrs=userPassword
+  by self write
+  by anonymous auth
+  by dn="cn=admin,dc=test,dc=tld" write
+  by * none
+olcAccess: to attrs=shadowLastChange
+  by dn.base="cn=admin,dc=test,dc=tld" write
+  by * read
+olcAccess: to dn.base=""
+  by * read
+olcAccess: to *
+  by self write
+  by dn="cn=admin,dc=test,dc=tld" write
+  by * read
+olcRootDN: cn=admin,dc=test,dc=tld
+olcRootPW: test
+olcDbCheckpoint: 512 30
+olcDbConfig: set_cachesize 0 2097152 0
+olcDbConfig: set_lk_max_objects 1500
+olcDbConfig: set_lk_max_locks 1500
+olcDbConfig: set_lk_max_lockers 1500
+olcDbIndex: objectClass eq
+
+dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: {0}ppolicy
+olcPPolicyDefault: cn=default,ou=policies,dc=test,dc=tld
diff --git a/tests/setup_slapd.sh b/tests/setup_slapd.sh
new file mode 100755
index 0000000..8f8874f
--- /dev/null
+++ b/tests/setup_slapd.sh
@@ -0,0 +1,191 @@
+#!/bin/sh
+
+# run_slapd.sh - configure and run a slapd instance
+#
+# Copyright (C) 2013 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+set -e
+
+# find source directory (used for finding LDIF files)
+srcdir="${srcdir-`dirname "$0"`}"
+
+# present usage information
+usage() {
+  echo "Usage: $0 PATH {setup|start|stop|clean|dump_config|dump_db}" >&2
+}
+
+# examine directory for usability
+check_dir() {
+  if ! [ -e "$1" ]
+  then
+    echo "notfound"
+  elif ! [ -d "$1" ]
+  then
+    echo "unknown"
+  elif [ -z "$(find "$basedir" -mindepth 1 -maxdepth 1 2>/dev/null || true)" ]
+  then
+    echo "empty"
+  elif [ -d "$1/ldapdb" ]
+  then
+    if [ -f "$basedir/setup-complete" ]
+    then
+      echo "complete"
+    else
+      echo "incomplete"
+    fi
+  else
+    echo "unknown"
+  fi
+}
+
+# check whether our slapd is running
+our_slapd_is_running() {
+  if [ -f "$basedir/slapd.pid" ] && kill -s 0 `cat "$basedir/slapd.pid"` > /dev/null 2>&1
+  then
+    return 0  # is running
+  fi
+  return 1
+}
+
+# the directory where to construct the environment
+if test $# -ne 2
+then
+  usage
+  exit 1
+fi
+basedir="$1"
+
+# gather configuration information
+user="$( (getent passwd openldap || getent passwd ldap || getent passwd nobody) | sed 's/:.*//')"
+group="$( (getent group openldap || getent group ldap || getent group nogroup) | sed 's/:.*//')"
+
+case "$2" in
+  setup)
+    if our_slapd_is_running
+    then
+      "$0" "$basedir" stop
+    fi
+    echo -n "Creating blank $basedir slapd environment..."
+    case `check_dir "$basedir"` in
+      notfound|empty|complete|incomplete) ;;
+      *)
+        echo "FAILED: already exists and is not empty or old environment"
+        exit 1
+        ;;
+    esac
+    rm -rf "$basedir"
+    mkdir -p "$basedir/slapd.d" "$basedir/ldapdb" || (echo " FAILED"; exit 1)
+    echo " done."
+    echo "Loading cn=config..."
+    tmpldif=`mktemp -t slapadd.XXXXXX`
+    sed "s|@BASEDIR@|$basedir|g" < "$srcdir/config.ldif" > "$tmpldif"
+    slapadd -v -F "$basedir/slapd.d" -b "cn=config" -l "$tmpldif" || (echo " FAILED"; exit 1)
+    rm -f "$tmpldif"
+    echo "Loading dc=test,dc=tld..."
+    slapadd -F "$basedir/slapd.d" -b "dc=test,dc=tld" -l "$srcdir/test.ldif" || (echo " FAILED"; exit 1)
+    echo -n "Fixing permissions..."
+    chown -R "$user":"$group" "$basedir" || (echo " FAILED"; exit 1)
+    touch "$basedir/setup-complete"
+    echo " done."
+    exit 0
+    ;;
+  start)
+    echo -n "Starting OpenLDAP: slapd"
+    case `check_dir "$basedir"` in
+      complete) ;;
+      *)
+        echo " FAILED: environment not ready"
+        exit 1
+        ;;
+    esac
+    if our_slapd_is_running
+    then
+      echo " already running."
+      exit 0
+    fi
+    slapd -F "$basedir/slapd.d" -u "$user" -g "$group" \
+      -h "ldap:/// ldaps:/// ldapi:///" || (echo " FAILED"; exit 1)
+    echo "."
+    ;;
+  stop)
+    # (perhaps implement stop-any)
+    echo -n "Stopping OpenLDAP: slapd"
+    if ! our_slapd_is_running
+    then
+      echo " not running."
+      exit 0
+    fi
+    for i in 1 2 3 4 5
+    do
+      [ -f "$basedir/slapd.pid" ] && kill `cat "$basedir/slapd.pid"` > /dev/null 2>&1 || true
+      sleep 0.1 > /dev/null 2>&1 || true
+      if ! our_slapd_is_running
+      then
+        echo " done."
+        exit 0
+      fi
+      echo -n " ."
+      sleep 1
+    done
+    echo " FAILED"
+    exit 1
+    ;;
+  clean)
+    if our_slapd_is_running
+    then
+      "$0" "$basedir" stop
+    fi
+    echo -n "Cleaning $basedir... "
+    case `check_dir "$basedir"` in
+      complete|incomplete) ;;
+      *)
+        echo "FAILED: does not contain environment"
+        exit 1
+        ;;
+    esac
+    rm -rf "$basedir"
+    echo "done."
+    exit 0
+    ;;
+  dump_config)
+    case `check_dir "$basedir"` in
+      complete) ;;
+      *)
+        echo "Dumping config FAILED: environment not ready"
+        exit 1
+        ;;
+    esac
+    slapcat -F "$basedir/slapd.d" -b "cn=config" -o ldif-wrap=no \
+      | sed '/^\(structuralObjectClass\|entryUUID\|creatorsName\|createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp\):/d;$d'
+    ;;
+  dump_db)
+    case `check_dir "$basedir"` in
+      complete) ;;
+      *)
+        echo "Dumping database FAILED: environment not ready"
+        exit 1
+        ;;
+    esac
+    slapcat -F "$basedir/slapd.d" -b "dc=test,dc=tld" -o ldif-wrap=no \
+      | sed '/^\(structuralObjectClass\|entryUUID\|creatorsName\|createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp\):/d;$d'
+    ;;
+  *)
+    usage
+    exit 1
+    ;;
+esac