head 1.1;
branch 1.1.1;
access;
symbols
netbsd-11-0-RC4:1.1.1.1
netbsd-11-0-RC3:1.1.1.1
netbsd-11-0-RC2:1.1.1.1
netbsd-11-0-RC1:1.1.1.1
OPENLDAP2_6_10:1.1.1.2
perseant-exfatfs-base-20250801:1.1.1.1
netbsd-11:1.1.1.1.0.6
netbsd-11-base:1.1.1.1
netbsd-10-1-RELEASE:1.1.1.1
perseant-exfatfs-base-20240630:1.1.1.1
perseant-exfatfs:1.1.1.1.0.4
perseant-exfatfs-base:1.1.1.1
netbsd-10-0-RELEASE:1.1.1.1
netbsd-10-0-RC6:1.1.1.1
netbsd-10-0-RC5:1.1.1.1
netbsd-10-0-RC4:1.1.1.1
netbsd-10-0-RC3:1.1.1.1
netbsd-10-0-RC2:1.1.1.1
netbsd-10-0-RC1:1.1.1.1
netbsd-10:1.1.1.1.0.2
netbsd-10-base:1.1.1.1
OPENLDAP2_5_6:1.1.1.1
OPENLDAP:1.1.1;
locks; strict;
comment @# @;
1.1
date 2021.08.14.16.05.11; author christos; state Exp;
branches
1.1.1.1;
next ;
commitid KGC86c2DM9XNjX4D;
1.1.1.1
date 2021.08.14.16.05.11; author christos; state Exp;
branches;
next 1.1.1.2;
commitid KGC86c2DM9XNjX4D;
1.1.1.2
date 2025.09.05.21.09.34; author christos; state Exp;
branches;
next ;
commitid fYrnJMLV6F5flz9G;
desc
@@
1.1
log
@Initial revision
@
text
@#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test $WITH_SASL = no ; then
echo "SASL support not available, test skipped"
exit 0
fi
CONFDIR=$TESTDIR/slapd.d
CONFLDIF=$TESTDIR/slapd.ldif
mkdir -p $TESTDIR $DBDIR1 $CONFDIR
cp -r $DATADIR/tls $TESTDIR
$SLAPPASSWD -g -n >$CONFIGPWF
echo "Starting KDC for SASL/GSSAPI tests..."
. $SRCDIR/scripts/setup_kdc.sh
echo "Configuring slapd..."
cat > $CONFLDIF < $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
sleep 1
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "" -H $URI1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
$LDAPSEARCH -x -H $URI1 -s "base" -b "" supportedSASLMechanisms > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
grep GSSAPI $TESTOUT
RC=$?
if test $RC != 0 ; then
echo "failed: GSSAPI mechanism not in supportedSASLMechanisms."
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo -n "Using ldapwhoami with SASL/GSSAPI: "
$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
else
echo "success"
fi
echo -n "Validating mapped SASL/GSSAPI ID: "
echo "dn:uid=$KUSER,cn=$KRB5REALM,cn=gssapi,cn=auth" > $TESTDIR/dn.out
$CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT
RC=$?
if test $RC != 0 ; then
echo "Comparison failed"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
else
echo "success"
fi
if test $WITH_TLS = no ; then
echo "SASL/GSSAPI: TLS support not available, skipping TLS part."
else
echo -n "Using ldapwhoami with SASL/GSSAPI with start-tls: "
$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 -ZZ -o tls_reqcert=allow \
-o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
else
echo "success"
fi
echo -n "Using ldapwhoami with SASL/GSSAPI with ldaps: "
$LDAPSASLWHOAMI -N -Y GSSAPI -H $SURI2 -o tls_reqcert=allow \
-o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
else
echo "success"
fi
fi
if test $WITH_TLS = no ; then
echo "TLS support not available, skipping channel-binding test"
elif test $HAVE_SASL_GSS_CBIND = no ; then
echo "SASL has no channel-binding support in GSSAPI, test skipped"
else
echo "Testing SASL/GSSAPI with SASL_CBINDING..."
for acb in "none" "tls-unique" "tls-endpoint" ; do
echo "Modifying slapd's olcSaslCBinding to ${acb} ..."
$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF < $TESTOUT 2>&1
dn: cn=config
changetype: modify
replace: olcSaslCBinding
olcSaslCBinding: ${acb}
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
for icb in "none" "tls-unique" "tls-endpoint" ; do
# The gnutls implementation of "tls-unique" seems broken
if test $icb = "tls-unique" -o $acb = "tls-unique" ; then
if test $WITH_TLS_TYPE = gnutls ; then
continue
fi
fi
fail="no"
if test $icb != $acb -a $acb != "none" ; then
# This currently fails in MIT, but it is planned to be
# fixed not to fail like in heimdal - avoid testing.
if test $icb = "none" ; then
continue
fi
# Otherwise unmatching bindings are expected to fail.
fail="yes"
fi
echo -n "Using ldapwhoami with SASL/GSSAPI and SASL_CBINDING "
echo -n "(client: ${icb}, server: ${acb}): "
$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 -ZZ -o tls_reqcert=allow \
-o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
-o SASL_CBINDING=$icb > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
if test $fail = "no" ; then
echo "test failed ($RC)!"
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
elif test $fail = "yes" ; then
echo "failed: command succeeded unexpectedly."
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
echo "success"
RC=0
done
done
fi
kill $KDCPROC
test $KILLSERVERS != no && kill -HUP $KILLPIDS
if test $RC != 0 ; then
echo ">>>>> Test failed"
else
echo ">>>>> Test succeeded"
RC=0
fi
test $KILLSERVERS != no && wait
exit $RC
@
1.1.1.1
log
@Import OpenLDAP 2.5.6:
OpenLDAP 2.5.6 Release (2021/07/27)
Fixed libldap buffer overflow (ITS#9578)
Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590)
Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747)
Fixed slapd multiple config defaults (ITS#9363)
Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603)
Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608)
Build
Fixed library symbol versioning on Solaris (ITS#9591)
Fixed compile warning in libldap/tpool.c (ITS#9601)
Fixed compile wraning in libldap/tls_o.c (ITS#9602)
Contrib
Fixed ppm module for sysconfdir (ITS#7832)
Documentation
Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614)
OpenLDAP 2.5.5 Release (2021/06/03)
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)
Added slapd-meta tcp-user-timeout support (ITS#9502)
Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
Fixed libldap typo in util-int.c (ITS#9541)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546)
Fixed lloadd multiple issues (ITS#8747)
Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537)
Fixed slapd typo in daemon.c (ITS#9541)
Fixed slapd slapi compilation (ITS#9544)
Fixed slapd to handle empty DN in extended filters (ITS#9551)
Fixed slapd syncrepl searches with empty base (ITS#6467)
Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
Fixed slapd abort due to typo (ITS#9561)
Fixed slapd-asyncmeta quarantine handling (ITS#8721)
Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555)
Fixed slapd-ldap quarantine handling (ITS#8721)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapd-meta quarantine handling (ITS#8721)
Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
Fixed slapo-pcache locking during expiration (ITS#9529)
Build
Fixed slappw-argon2 module installation (ITS#9548)
Contrib
Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820)
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
OpenLDAP 2.5.4 Release (2021/04/29)
Initial release for "general use".
OpenLDAP 2.4.59 Release (2021/06/03)
Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295)
Fixed slapd-mdb cursor init check (ITS#9526)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapo-pcache locking during expiration (ITS#9529)
Contrib
Fixed slapo-autogroup to not thrash thread context (ITS#9494)
Documentation
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
OpenLDAP 2.4.58 Release (2021/03/16)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454)
Fixed slapd to alloc new conn struct after freeing old one (ITS#9458)
Fixed slapd syncrepl to check all contextCSNs (ITS#9282)
Fixed slapd-bdb lockdetect config (ITS#9449)
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486)
OpenLDAP 2.4.53 Release (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
OpenLDAP 2.4.52 Release (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of uninitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
@
text
@@
1.1.1.2
log
@Import OpenLDAP 2.6.10 (previous was 2.5.6)
A.1. New Features and Enhancements in 2.6
A.1.1. New features in slapd
slapd now supports logging directly to a file, bypassing syslog.
A.1.2. New features in lloadd
lloadd now supports additional balancing mechansims
A.2. Obsolete Features Removed From 2.6
These features were strongly deprecated in 2.5 and removed in 2.6.
A.2.1. back-ndb
The experimental and incomplete back-ndb backend was removed.
See CHANGES for the complete list of bugfixes.
@
text
@d5 1
a5 1
## Copyright 1998-2024 The OpenLDAP Foundation.
@