#!/usr/bin/env bash # test-scenario-c.sh — Scenario C: Full expansion (LLDAP→OpenLDAP + KeyCape→Keycloak) # # This script verifies the full migration path: # LLDAP → canonical → OpenLDAP (directory migration) # KeyCape → canonical → Keycloak (IAM migration) # privacyIDEA MFA remains stable (no re-enrollment) # # Prerequisites: docker, docker compose set -euo pipefail REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" cd "$REPO_ROOT" echo "=== Scenario C: Full Expansion Test ===" # Step 1: Export canonical data from LLDAP echo "--- Step 1: Export canonical data ---" ./src/bin/lldap-export \ --url "${LLDAP_URL:-ldap://localhost:3890}" \ --bind-dn "${LLDAP_BIND_DN:-cn=admin,ou=people,dc=netkingdom,dc=local}" \ --bind-pw "${LLDAP_BIND_PW:-adminpassword}" \ --base-dn "dc=netkingdom,dc=local" \ --output /tmp/canonical-export.yaml # Step 2a: Generate LDIF for OpenLDAP echo "--- Step 2a: Generate OpenLDAP LDIF ---" ./src/bin/lldap-to-ldap \ --input /tmp/canonical-export.yaml \ --target openldap \ --base-dn "dc=netkingdom,dc=local" \ --output /tmp/migration.ldif # Step 2b: Transform to Keycloak realm echo "--- Step 2b: Transform to Keycloak realm ---" ./src/bin/keycape-to-keycloak \ --input /tmp/canonical-export.yaml \ --realm netkingdom \ --issuer "${ISSUER:-https://auth.netkingdom.local}" \ --output /tmp/keycloak-realm-import.json # Step 3: Start OpenLDAP + Keycloak echo "--- Step 3: Start expanded stack ---" docker compose -f docker-compose.scenario-c.yml up -d openldap keycloak echo "Waiting for OpenLDAP..." timeout 60 bash -c 'until ldapsearch -x -H ldap://localhost:389 -b dc=netkingdom,dc=local > /dev/null 2>&1; do sleep 3; done' echo "Waiting for Keycloak..." timeout 120 bash -c 'until curl -sf http://localhost:8080/realms/netkingdom/.well-known/openid-configuration > /dev/null; do sleep 3; done' # Step 4: Import LDIF into OpenLDAP echo "--- Step 4: Import LDIF ---" ldapadd -x -H ldap://localhost:389 -D "cn=admin,dc=netkingdom,dc=local" -w adminpassword -f /tmp/migration.ldif # Step 5: Run profile tests against Keycloak + OpenLDAP echo "--- Step 5: Run profile tests ---" KEYCAPE_TEST_ISSUER="http://localhost:8080/realms/netkingdom" \ /home/worsch/go/bin/go test ./src/tests/profile/... -v -count=1 echo "=== Scenario C PASSED ==="