diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2013-10-20 17:11:50 +0200 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-10-22 19:54:40 +0200 |
commit | 7cbb439621c48b52cc385dfdd6b5e58ce9b74008 (patch) | |
tree | d7d60f68a6bea83ff22f32a65c351a1da41c8264 /tests | |
parent | aeccbfe4fd969330ededc3dcd4af358632de3879 (diff) |
Provide a script for setting up slapd
The setup_slapd.sh script can be used to set up and start a slapd
instance in a single (temporary) directory. The slapd instance is
configured and loaded with test data for use in the test environment.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/config.ldif | 119 | ||||
-rwxr-xr-x | tests/setup_slapd.sh | 191 |
2 files changed, 310 insertions, 0 deletions
diff --git a/tests/config.ldif b/tests/config.ldif new file mode 100644 index 0000000..66ae428 --- /dev/null +++ b/tests/config.ldif @@ -0,0 +1,119 @@ +dn: cn=config +objectClass: olcGlobal +cn: config +olcArgsFile: @BASEDIR@/slapd.args +olcPidFile: @BASEDIR@/slapd.pid +olcToolThreads: 1 +olcSizeLimit: unlimited +olcTimeLimit: unlimited + +dn: cn=module{0},cn=config +objectClass: olcModuleList +cn: module{0} +olcModuleLoad: back_bdb +olcModuleLoad: ppolicy + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file:///etc/ldap/schema/core.ldif +include: file:///etc/ldap/schema/cosine.ldif +include: file:///etc/ldap/schema/nis.ldif +include: file:///etc/ldap/schema/inetorgperson.ldif +include: file:///etc/ldap/schema/misc.ldif +include: file:///etc/ldap/schema/ppolicy.ldif + +dn: cn=samba,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: samba +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcObjectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName ) ) +olcObjectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) ) +olcObjectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) ) +olcObjectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) +olcObjectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $gidNumber ) ) +olcObjectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST sambaSID ) + +dn: cn=autofs,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: autofs +olcAttributeTypes: ( 1.3.6.1.1.1.1.25 NAME 'automountInformation' DESC 'Information used by the autofs automounter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcObjectClasses: ( 1.3.6.1.1.1.1.13 NAME 'automount' DESC 'An entry in an automounter map' SUP top STRUCTURAL MUST ( cn $ automountInformation $ objectclass ) MAY description ) +olcObjectClasses: ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' DESC 'An group of related automount objects' SUP top STRUCTURAL MUST ou ) + +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +olcAccess: to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break +olcAccess: to dn.exact="" + by * read +olcAccess: to dn.base="cn=Subschema" + by * read + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcAccess: to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break +olcRootDN: cn=admin,cn=config + +dn: olcDatabase={1}bdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcBdbConfig +olcDatabase: {1}bdb +olcDbDirectory: @BASEDIR@/ldapdb +olcSuffix: dc=test,dc=tld +olcAccess: to attrs=userPassword + by self write + by anonymous auth + by dn="cn=admin,dc=test,dc=tld" write + by * none +olcAccess: to attrs=shadowLastChange + by dn.base="cn=admin,dc=test,dc=tld" write + by * read +olcAccess: to dn.base="" + by * read +olcAccess: to * + by self write + by dn="cn=admin,dc=test,dc=tld" write + by * read +olcRootDN: cn=admin,dc=test,dc=tld +olcRootPW: test +olcDbCheckpoint: 512 30 +olcDbConfig: set_cachesize 0 2097152 0 +olcDbConfig: set_lk_max_objects 1500 +olcDbConfig: set_lk_max_locks 1500 +olcDbConfig: set_lk_max_lockers 1500 +olcDbIndex: objectClass eq + +dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config +objectClass: olcOverlayConfig +objectClass: olcPPolicyConfig +olcOverlay: {0}ppolicy +olcPPolicyDefault: cn=default,ou=policies,dc=test,dc=tld diff --git a/tests/setup_slapd.sh b/tests/setup_slapd.sh new file mode 100755 index 0000000..8f8874f --- /dev/null +++ b/tests/setup_slapd.sh @@ -0,0 +1,191 @@ +#!/bin/sh + +# run_slapd.sh - configure and run a slapd instance +# +# Copyright (C) 2013 Arthur de Jong +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 USA + +set -e + +# find source directory (used for finding LDIF files) +srcdir="${srcdir-`dirname "$0"`}" + +# present usage information +usage() { + echo "Usage: $0 PATH {setup|start|stop|clean|dump_config|dump_db}" >&2 +} + +# examine directory for usability +check_dir() { + if ! [ -e "$1" ] + then + echo "notfound" + elif ! [ -d "$1" ] + then + echo "unknown" + elif [ -z "$(find "$basedir" -mindepth 1 -maxdepth 1 2>/dev/null || true)" ] + then + echo "empty" + elif [ -d "$1/ldapdb" ] + then + if [ -f "$basedir/setup-complete" ] + then + echo "complete" + else + echo "incomplete" + fi + else + echo "unknown" + fi +} + +# check whether our slapd is running +our_slapd_is_running() { + if [ -f "$basedir/slapd.pid" ] && kill -s 0 `cat "$basedir/slapd.pid"` > /dev/null 2>&1 + then + return 0 # is running + fi + return 1 +} + +# the directory where to construct the environment +if test $# -ne 2 +then + usage + exit 1 +fi +basedir="$1" + +# gather configuration information +user="$( (getent passwd openldap || getent passwd ldap || getent passwd nobody) | sed 's/:.*//')" +group="$( (getent group openldap || getent group ldap || getent group nogroup) | sed 's/:.*//')" + +case "$2" in + setup) + if our_slapd_is_running + then + "$0" "$basedir" stop + fi + echo -n "Creating blank $basedir slapd environment..." + case `check_dir "$basedir"` in + notfound|empty|complete|incomplete) ;; + *) + echo "FAILED: already exists and is not empty or old environment" + exit 1 + ;; + esac + rm -rf "$basedir" + mkdir -p "$basedir/slapd.d" "$basedir/ldapdb" || (echo " FAILED"; exit 1) + echo " done." + echo "Loading cn=config..." + tmpldif=`mktemp -t slapadd.XXXXXX` + sed "s|@BASEDIR@|$basedir|g" < "$srcdir/config.ldif" > "$tmpldif" + slapadd -v -F "$basedir/slapd.d" -b "cn=config" -l "$tmpldif" || (echo " FAILED"; exit 1) + rm -f "$tmpldif" + echo "Loading dc=test,dc=tld..." + slapadd -F "$basedir/slapd.d" -b "dc=test,dc=tld" -l "$srcdir/test.ldif" || (echo " FAILED"; exit 1) + echo -n "Fixing permissions..." + chown -R "$user":"$group" "$basedir" || (echo " FAILED"; exit 1) + touch "$basedir/setup-complete" + echo " done." + exit 0 + ;; + start) + echo -n "Starting OpenLDAP: slapd" + case `check_dir "$basedir"` in + complete) ;; + *) + echo " FAILED: environment not ready" + exit 1 + ;; + esac + if our_slapd_is_running + then + echo " already running." + exit 0 + fi + slapd -F "$basedir/slapd.d" -u "$user" -g "$group" \ + -h "ldap:/// ldaps:/// ldapi:///" || (echo " FAILED"; exit 1) + echo "." + ;; + stop) + # (perhaps implement stop-any) + echo -n "Stopping OpenLDAP: slapd" + if ! our_slapd_is_running + then + echo " not running." + exit 0 + fi + for i in 1 2 3 4 5 + do + [ -f "$basedir/slapd.pid" ] && kill `cat "$basedir/slapd.pid"` > /dev/null 2>&1 || true + sleep 0.1 > /dev/null 2>&1 || true + if ! our_slapd_is_running + then + echo " done." + exit 0 + fi + echo -n " ." + sleep 1 + done + echo " FAILED" + exit 1 + ;; + clean) + if our_slapd_is_running + then + "$0" "$basedir" stop + fi + echo -n "Cleaning $basedir... " + case `check_dir "$basedir"` in + complete|incomplete) ;; + *) + echo "FAILED: does not contain environment" + exit 1 + ;; + esac + rm -rf "$basedir" + echo "done." + exit 0 + ;; + dump_config) + case `check_dir "$basedir"` in + complete) ;; + *) + echo "Dumping config FAILED: environment not ready" + exit 1 + ;; + esac + slapcat -F "$basedir/slapd.d" -b "cn=config" -o ldif-wrap=no \ + | sed '/^\(structuralObjectClass\|entryUUID\|creatorsName\|createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp\):/d;$d' + ;; + dump_db) + case `check_dir "$basedir"` in + complete) ;; + *) + echo "Dumping database FAILED: environment not ready" + exit 1 + ;; + esac + slapcat -F "$basedir/slapd.d" -b "dc=test,dc=tld" -o ldif-wrap=no \ + | sed '/^\(structuralObjectClass\|entryUUID\|creatorsName\|createTimestamp\|entryCSN\|modifiersName\|modifyTimestamp\):/d;$d' + ;; + *) + usage + exit 1 + ;; +esac |