Don't duplicate the ENTIRE script just to start a second LDAP instance. Add paths for homebrew on ARM. Kill existing slapd instances so we don't get errors about the database already existing.
ff
mysql-setup.sh \
openresty-setup.sh \
ldap-setup.sh \
- ldap2-setup.sh \
+ ldap1-setup.sh \
389ds-setup.sh \
redis-setup.sh; do
-#!/bin/sh
+#!/usr/bin/env bash
# Allow setup script to work with homebrew too
-export PATH="/usr/local/opt/openldap/libexec:$PATH"
+export PATH="/usr/local/opt/openldap/libexec:/opt/homebrew/opt/openldap/libexec:/opt/symas/lib:$PATH"
+
+suffix=$(echo "${0##*/}" | sed -E 's/^ldap(.*)-setup.sh$/\1/')
+
+# Kill any old processes
+[ -e "/tmp/slapd${suffix}.pid" ] && kill $(cat /tmp/slapd${suffix}.pid)
+
+base_dir="/tmp/ldap${suffix}"
+cert_dir="${base_dir}/certs"
+data_dir="${base_dir}/db"
+schema_dir="${base_dir}/schema"
+
+echo "base_dir \"${data_dir}\""
# Clean out any existing DB
-rm -rf /tmp/ldap/db
+rm -rf "${data_dir}"
# Create directory we can write DB files to
-mkdir -p /tmp/ldap/db/
+mkdir -p "${data_dir}"
# Change db location to /tmp as we can't write to /var
-sed -i -e 's/\/var\/lib\/ldap/\/tmp\/ldap\/db/' src/tests/salt-test-server/salt/ldap/base.ldif
+sed -i -e "s/\/var\/lib\/ldap/\/tmp\/ldap${suffix}\/db/" src/tests/salt-test-server/salt/ldap/base${suffix}.ldif
# Create a directory we can link schema files into
-if [ -d /tmp/ldap/schema ]; then
+if [ -d "${schema_dir}" ]; then
echo "Schema dir already linked"
# Debian
elif [ -d /etc/ldap/schema ]; then
- ln -fs /etc/ldap/schema /tmp/ldap/schema
+ ln -fs /etc/ldap/schema "${schema_dir}"
# Symas packages
elif [ -d /opt/symas/etc/openldap/schema ]; then
- ln -fs /opt/symas/etc/openldap/schema /tmp/ldap/schema
+ ln -fs /opt/symas/etc/openldap/schema "${schema_dir}"
# Redhat
elif [ -d /etc/openldap/schema ]; then
- ln -fs /etc/openldap/schema /tmp/ldap/schema
-# macOS (homebrew)
+ ln -fs /etc/openldap/schema "${schema_dir}"
+# macOS (homebrew x86)
elif [ -d /usr/local/etc/openldap/schema ]; then
- ln -fs /usr/local/etc/openldap/schema /tmp/ldap/schema
+ ln -fs /usr/local/etc/openldap/schema "${schema_dir}"
+# macOS (homebrew ARM)
+elif [ -d /opt/homebrew/opt/openldap/schema ]; then
+ ln -fs /opt/homebrew/opt/openldap/schema "${schema_dir}"
else
echo "Can't locate OpenLDAP schema dir"
exit 1
fi
-if [ -e /opt/symas/lib/slapd ]; then
- SLAPD=/opt/symas/lib/slapd
+# Clean out any old certificates
+rm -rf "${cert_dir}"
+# Create certificate directory
+mkdir -p "${cert_dir}"
+# Ensure we have some certs generated
+make -C raddb/certs
+
+# Copy certificates - whilst not stricltly LDAP certs they work fine for these tests
+cp raddb/certs/rsa/ca.pem "${cert_dir}/cacert.pem"
+cp raddb/certs/rsa/server.pem "${cert_dir}/servercert.pem"
+openssl rsa -in raddb/certs/rsa/server.key -out "${cert_dir}/serverkey.pem" -passin pass:whatever
+
+if [ -z "${suffix}" ]; then
+ ldap_port="3890"
+ ldaps_port="6360"
+ ldap_socket="ldapi://%2Ftmp%2Fldap%2Fsocket"
else
- SLAPD=slapd
+ ldap_port=$((3890+${suffix}))
+ ldaps_port=$((6360+${suffix}))
+ ldap_socket="ldapi://%2Ftmp%2Fldap${suffix}%2Fsocket"
fi
# Start slapd
-$SLAPD -d any -h "ldap://127.0.0.1:3890/ ldapi://%2Ftmp%2Fldap%2Fsocket" -f scripts/ci/ldap/slapd.conf 2>&1 > /tmp/ldap/slapd.log &
+slapd -d any -h "ldap://127.0.0.1:${ldap_port}/ ldaps://127.0.0.1:${ldaps_port}/ ${ldap_socket}" -f scripts/ci/ldap/slapd${suffix}.conf 2>&1 > ${base_dir}/slapd.log &
# Wait for LDAP to start
sleep 1
# Add test data
count=0
while [ $count -lt 10 ] ; do
- if ldapadd -v -x -H ldap://127.0.0.1:3890/ -D "cn=admin,cn=config" -w secret -f src/tests/salt-test-server/salt/ldap/base.ldif ; then
+ if ldapadd -v -x -H "${ldap_socket}" -D "cn=admin,cn=config" -w secret -f src/tests/salt-test-server/salt/ldap/base${suffix}.ldif ; then
break 2
else
echo "ldap add failed, retrying..."
# Exit code gets overwritten, so we check for failure using count
if [ $count -eq 10 ]; then
echo "Error configuring server"
- cat /tmp/ldap/slapd.log
+ cat ${base_dir}/slapd.log
exit 1
fi
#
# NB: RH Linux schemas in /etc/openldap
#
-include /tmp/ldap2/schema/core.schema
-include /tmp/ldap2/schema/cosine.schema
-include /tmp/ldap2/schema/inetorgperson.schema
-include /tmp/ldap2/schema/nis.schema
+include /tmp/ldap1/schema/core.schema
+include /tmp/ldap1/schema/cosine.schema
+include /tmp/ldap1/schema/inetorgperson.schema
+include /tmp/ldap1/schema/nis.schema
include doc/schemas/ldap/openldap/freeradius-policy.schema
include doc/schemas/ldap/openldap/freeradius-radius.schema
include doc/schemas/ldap/openldap/freeradius-clients.schema
# Note - these will not match the host name so clients need to use
# the "allow" option when checking certificates
#
-TLSCACertificateFile /tmp/ldap2/certs/cacert.pem
-TLSCertificateFile /tmp/ldap2/certs/servercert.pem
-TLSCertificateKeyFile /tmp/ldap2/certs/serverkey.pem
+TLSCACertificateFile /tmp/ldap1/certs/cacert.pem
+TLSCertificateFile /tmp/ldap1/certs/servercert.pem
+TLSCertificateKeyFile /tmp/ldap1/certs/serverkey.pem
#######################################################################
# mdb database definitions
rootpw secret
# The database directory MUST exist prior to running slapd AND
# change path as necessary
-directory /tmp/ldap2/db/
+directory /tmp/ldap1/db/
# other database parameters
# read more in slapd.conf reference section
--- /dev/null
+ldap-setup.sh
\ No newline at end of file
+++ /dev/null
-#!/bin/sh
-
-# Allow setup script to work with homebrew too
-export PATH="/usr/local/opt/openldap/libexec:$PATH"
-
-# Clean out any existing DB
-rm -rf /tmp/ldap2/db
-# Create directory we can write DB files to
-mkdir -p /tmp/ldap2/db/
-
-# Change db location to /tmp as we can't write to /var
-sed -i -e 's/\/var\/lib\/ldap/\/tmp\/ldap2\/db/' src/tests/salt-test-server/salt/ldap/base2.ldif
-
-# Create a directory we can link schema files into
-if [ -d /tmp/ldap2/schema ]; then
- echo "Schema dir already linked"
-# Debian
-elif [ -d /etc/ldap/schema ]; then
- ln -fs /etc/ldap/schema /tmp/ldap2/schema
-# Symas packages
-elif [ -d /opt/symas/etc/openldap/schema ]; then
- ln -fs /opt/symas/etc/openldap/schema /tmp/ldap2/schema
-# Redhat
-elif [ -d /etc/openldap/schema ]; then
- ln -fs /etc/openldap/schema /tmp/ldap2/schema
-# macOS (homebrew)
-elif [ -d /usr/local/etc/openldap/schema ]; then
- ln -fs /usr/local/etc/openldap/schema /tmp/ldap2/schema
-else
- echo "Can't locate OpenLDAP schema dir"
- exit 1
-fi
-
-# Clean out any old certificates
-rm -rf /tmp/ldap2/certs
-# Create certificate directory
-mkdir -p /tmp/ldap2/certs
-
-make -C raddb/certs
-
-# Copy certificates - whilst not stricltly LDAP certs they work fine for these tests
-cp raddb/certs/rsa/ca.pem /tmp/ldap2/certs/cacert.pem
-cp raddb/certs/rsa/server.pem /tmp/ldap2/certs/servercert.pem
-# OpenLDAP wants an un-encrypted key
-openssl rsa -in raddb/certs/rsa/server.key -out /tmp/ldap2/certs/serverkey.pem -passin pass:whatever
-
-if [ -e /opt/symas/lib/slapd ]; then
- SLAPD=/opt/symas/lib/slapd
-else
- SLAPD=slapd
-fi
-
-# Start slapd
-$SLAPD -d any -h "ldap://127.0.0.1:3891/ ldaps://127.0.0.1:6360 ldapi://%2Ftmp%2Fldap2%2Fsocket" -f scripts/ci/ldap/slapd2.conf 2>&1 > /tmp/ldap2/slapd.log &
-
-# Wait for LDAP to start
-sleep 1
-
-# Add test data
-count=0
-while [ $count -lt 10 ] ; do
- if ldapadd -x -v -H ldap://127.0.0.1:3891/ -D "cn=admin,cn=config" -w secret -f src/tests/salt-test-server/salt/ldap/base2.ldif ; then
- break 2
- else
- echo "ldap add failed, retrying..."
- count=$((count+1))
- sleep 1
- fi
-done
-
-# Exit code gets overwritten, so we check for failure using count
-if [ $count -eq 10 ]; then
- echo "Error configuring server"
- cat /tmp/ldap/slapd.log
- exit 1
-fi
test_fail
}
+&reply !* ANY
+
test_pass
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcSuffix: dc=example,dc=com
-olcDbDirectory: /tmp/ldap2/db
+olcDbDirectory: /tmp/ldap1/db
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: {SSHA}SgCZuAcGQA5HlgKi+g5xwVyI2NhXRFYh
olcDbIndex: objectClass eq
projects / thirdparty / freeradius-server.git / commitdiff
