diff options
Diffstat (limited to 'testprogs')
-rwxr-xr-x | testprogs/blackbox/join_ldapcmp.sh | 41 | ||||
-rwxr-xr-x | testprogs/blackbox/ldapcmp_restoredc.sh | 65 |
2 files changed, 106 insertions, 0 deletions
diff --git a/testprogs/blackbox/join_ldapcmp.sh b/testprogs/blackbox/join_ldapcmp.sh new file mode 100755 index 00000000000..30d3e1e0192 --- /dev/null +++ b/testprogs/blackbox/join_ldapcmp.sh @@ -0,0 +1,41 @@ +#!/bin/sh +# Does a join against the testenv's DC and then runs ldapcmp on the resulting DB + +. `dirname $0`/subunit.sh + +TARGET_DIR="$PREFIX_ABS/join_$SERVER" + +cleanup_output_dir() +{ + if [ -d $TARGET_DIR ]; then + rm -fr $TARGET_DIR + fi +} + +SAMBA_TOOL="$PYTHON $BINDIR/samba-tool" + +join_dc() { + JOIN_ARGS="--targetdir=$TARGET_DIR --server=$SERVER -U$USERNAME%$PASSWORD" + $SAMBA_TOOL domain join $REALM dc $JOIN_ARGS --option="netbios name = TESTJOINDC" +} + +ldapcmp_result() { + DB1_PATH="tdb://$PREFIX_ABS/$SERVER/private/sam.ldb" + DB2_PATH="tdb://$TARGET_DIR/private/sam.ldb" + + # interSiteTopologyGenerator gets periodically updated. With the restored + # testenvs, it can sometimes point to the old/deleted DC object still + $SAMBA_TOOL ldapcmp $DB1_PATH $DB2_PATH --filter=interSiteTopologyGenerator +} + +cleanup_output_dir + +# check that we can join this DC +testit "check_dc_join" join_dc + +# check resulting DB matches server DC +testit "new_db_matches" ldapcmp_result + +cleanup_output_dir + +exit $failed diff --git a/testprogs/blackbox/ldapcmp_restoredc.sh b/testprogs/blackbox/ldapcmp_restoredc.sh new file mode 100755 index 00000000000..51951ba8ce2 --- /dev/null +++ b/testprogs/blackbox/ldapcmp_restoredc.sh @@ -0,0 +1,65 @@ +#!/bin/sh +# Does an ldapcmp between a newly restored testenv and the original testenv it +# was based on + +if [ $# -lt 2 ]; then +cat <<EOF +Usage: $0 ORIG_DC_PREFIX RESTORED_DC_PREFIX +EOF +exit 1; +fi + +ORIG_DC_PREFIX_ABS="$1" +RESTORED_DC_PREFIX_ABS="$2" +shift 2 + +. `dirname $0`/subunit.sh + +basedn() { + SAMDB_PATH=$1 + $BINDIR/ldbsearch -H $SAMDB_PATH --basedn='' -s base defaultNamingContext | grep defaultNamingContext | awk '{print $2}' +} + +ldapcmp_with_orig() { + + DB1_PATH="tdb://$ORIG_DC_PREFIX_ABS/private/sam.ldb" + DB2_PATH="tdb://$RESTORED_DC_PREFIX_ABS/private/sam.ldb" + + # check if the 2 DCs are in different domains + DC1_BASEDN=$(basedn $DB1_PATH) + DC2_BASEDN=$(basedn $DB2_PATH) + BASE_DN_OPTS="" + + # if necessary, pass extra args to ldapcmp to handle the difference in base DNs + if [ "$DC1_BASEDN" != "$DC2_BASEDN" ] ; then + BASE_DN_OPTS="--base=$DC1_BASEDN --base2=$DC2_BASEDN" + fi + + # the restored DC will remove DNS entries for the old DC(s) + IGNORE_ATTRS="dnsRecord,dNSTombstoned" + + # DC2 joined DC1, so it will have different DRS info + IGNORE_ATTRS="$IGNORE_ATTRS,msDS-NC-Replica-Locations,msDS-HasInstantiatedNCs" + IGNORE_ATTRS="$IGNORE_ATTRS,interSiteTopologyGenerator" + + # there's a servicePrincipalName that uses the objectGUID of the DC's NTDS + # Settings that will differ between the two DCs + IGNORE_ATTRS="$IGNORE_ATTRS,servicePrincipalName" + + # the restore changes the new DC's password twice + IGNORE_ATTRS="$IGNORE_ATTRS,lastLogonTimestamp" + + # The RID pools get bumped during the restore process + IGNORE_ATTRS="$IGNORE_ATTRS,rIDAllocationPool,rIDAvailablePool" + + # these are just differences between provisioning a domain and joining a DC + IGNORE_ATTRS="$IGNORE_ATTRS,localPolicyFlags,operatingSystem,displayName" + + LDAPCMP_CMD="$PYTHON $BINDIR/samba-tool ldapcmp" + $LDAPCMP_CMD $DB1_PATH $DB2_PATH --two --filter=$IGNORE_ATTRS $BASE_DN_OPTS +} + +# check that the restored testenv DC basically matches the original +testit "orig_dc_matches" ldapcmp_with_orig + +exit $failed |