testprogs/blackbox/ldapcmp_restoredc.sh

   1 #!/bin/sh
   2 # Does an ldapcmp between a newly restored testenv and the original testenv it
   3 # was based on
   4
   5 if [ $# -lt 2 ]; then
   6         cat <<EOF
   7 Usage: $0 ORIG_DC_PREFIX RESTORED_DC_PREFIX
   8 EOF
   9         exit 1
  10 fi
  11
  12 ORIG_DC_PREFIX_ABS="$1"
  13 RESTORED_DC_PREFIX_ABS="$2"
  14 shift 2
  15
  16 . $(dirname $0)/subunit.sh
  17 . "$(dirname "${0}")/common_test_fns.inc"
  18
  19 ldbsearch=$(system_or_builddir_binary ldbsearch "${BINDIR}")
  20
  21 basedn()
  22 {
  23         SAMDB_PATH=$1
  24         ${ldbsearch} -H $SAMDB_PATH --basedn='' --scope=base defaultNamingContext | grep defaultNamingContext | awk '{print $2}'
  25 }
  26
  27 ldapcmp_with_orig()
  28 {
  29
  30         DB1_PATH="tdb://$ORIG_DC_PREFIX_ABS/private/sam.ldb"
  31         DB2_PATH="tdb://$RESTORED_DC_PREFIX_ABS/private/sam.ldb"
  32
  33         # check if the 2 DCs are in different domains
  34         DC1_BASEDN=$(basedn $DB1_PATH)
  35         DC2_BASEDN=$(basedn $DB2_PATH)
  36         BASE_DN_OPTS=""
  37
  38         # if necessary, pass extra args to ldapcmp to handle the difference in base DNs
  39         if [ "$DC1_BASEDN" != "$DC2_BASEDN" ]; then
  40                 BASE_DN_OPTS="--base=$DC1_BASEDN --base2=$DC2_BASEDN"
  41         fi
  42
  43         # the restored DC will remove DNS entries for the old DC(s)
  44         IGNORE_ATTRS="dnsRecord,dNSTombstoned"
  45
  46         # DC2 joined DC1, so it will have different DRS info
  47         IGNORE_ATTRS="$IGNORE_ATTRS,msDS-NC-Replica-Locations,msDS-HasInstantiatedNCs"
  48         IGNORE_ATTRS="$IGNORE_ATTRS,interSiteTopologyGenerator"
  49
  50         # there's a servicePrincipalName that uses the objectGUID of the DC's NTDS
  51         # Settings that will differ between the two DCs
  52         IGNORE_ATTRS="$IGNORE_ATTRS,servicePrincipalName"
  53
  54         # the restore changes the new DC's password twice
  55         IGNORE_ATTRS="$IGNORE_ATTRS,lastLogonTimestamp"
  56
  57         # The RID pools get bumped during the restore process
  58         IGNORE_ATTRS="$IGNORE_ATTRS,rIDAllocationPool,rIDAvailablePool"
  59
  60         # these are just differences between provisioning a domain and joining a DC
  61         IGNORE_ATTRS="$IGNORE_ATTRS,localPolicyFlags,operatingSystem,displayName"
  62
  63         # the restored DC may use a different side compared to the original DC
  64         IGNORE_ATTRS="$IGNORE_ATTRS,serverReferenceBL,msDS-IsDomainFor"
  65
  66         # Like serverReferenceBL etc, this will point to a DC that
  67         # created the object, and as part of the backup and restore,
  68         # this DC will be deleted.  It is just for tracking the object
  69         # creation, so this is fine.
  70         IGNORE_ATTRS="$IGNORE_ATTRS,msKds-DomainID"
  71
  72         LDAPCMP_CMD="$PYTHON $BINDIR/samba-tool ldapcmp"
  73         $LDAPCMP_CMD $DB1_PATH $DB2_PATH --two --skip-missing-dn --filter=$IGNORE_ATTRS $BASE_DN_OPTS
  74 }
  75
  76 # check that the restored testenv DC basically matches the original
  77 testit "orig_dc_matches" ldapcmp_with_orig
  78
  79 exit $failed