testprogs/blackbox/ldapcmp_restoredc.sh

   1 #!/bin/sh
   2 # Does an ldapcmp between a newly restored testenv and the original testenv it
   3 # was based on
   4
   5 if [ $# -lt 2 ]; then
   6 cat <<EOF
   7 Usage: $0 ORIG_DC_PREFIX RESTORED_DC_PREFIX
   8 EOF
   9 exit 1;
  10 fi
  11
  12 ORIG_DC_PREFIX_ABS="$1"
  13 RESTORED_DC_PREFIX_ABS="$2"
  14 shift 2
  15
  16 . `dirname $0`/subunit.sh
  17
  18 basedn() {
  19     SAMDB_PATH=$1
  20     $BINDIR/ldbsearch -H $SAMDB_PATH --basedn='' -s base defaultNamingContext | grep defaultNamingContext | awk '{print $2}'
  21 }
  22
  23 ldapcmp_with_orig() {
  24
  25     DB1_PATH="tdb://$ORIG_DC_PREFIX_ABS/private/sam.ldb"
  26     DB2_PATH="tdb://$RESTORED_DC_PREFIX_ABS/private/sam.ldb"
  27
  28     # check if the 2 DCs are in different domains
  29     DC1_BASEDN=$(basedn $DB1_PATH)
  30     DC2_BASEDN=$(basedn $DB2_PATH)
  31     BASE_DN_OPTS=""
  32
  33     # if necessary, pass extra args to ldapcmp to handle the difference in base DNs
  34     if [ "$DC1_BASEDN" != "$DC2_BASEDN" ] ; then
  35         BASE_DN_OPTS="--base=$DC1_BASEDN --base2=$DC2_BASEDN"
  36     fi
  37
  38     # the restored DC will remove DNS entries for the old DC(s)
  39     IGNORE_ATTRS="dnsRecord,dNSTombstoned"
  40
  41     # DC2 joined DC1, so it will have different DRS info
  42     IGNORE_ATTRS="$IGNORE_ATTRS,msDS-NC-Replica-Locations,msDS-HasInstantiatedNCs"
  43     IGNORE_ATTRS="$IGNORE_ATTRS,interSiteTopologyGenerator"
  44
  45     # there's a servicePrincipalName that uses the objectGUID of the DC's NTDS
  46     # Settings that will differ between the two DCs
  47     IGNORE_ATTRS="$IGNORE_ATTRS,servicePrincipalName"
  48
  49     # the restore changes the new DC's password twice
  50     IGNORE_ATTRS="$IGNORE_ATTRS,lastLogonTimestamp"
  51
  52     # The RID pools get bumped during the restore process
  53     IGNORE_ATTRS="$IGNORE_ATTRS,rIDAllocationPool,rIDAvailablePool"
  54
  55     # these are just differences between provisioning a domain and joining a DC
  56     IGNORE_ATTRS="$IGNORE_ATTRS,localPolicyFlags,operatingSystem,displayName"
  57
  58     # the restored DC may use a different side compared to the original DC
  59     IGNORE_ATTRS="$IGNORE_ATTRS,serverReferenceBL,msDS-IsDomainFor"
  60
  61     LDAPCMP_CMD="$PYTHON $BINDIR/samba-tool ldapcmp"
  62     $LDAPCMP_CMD $DB1_PATH $DB2_PATH --two --skip-missing-dn --filter=$IGNORE_ATTRS $BASE_DN_OPTS
  63 }
  64
  65 # check that the restored testenv DC basically matches the original
  66 testit "orig_dc_matches" ldapcmp_with_orig
  67
  68 exit $failed