<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008-2009 Sun Microsystems, Inc.
! Portions Copyright 2013 ForgeRock AS
! -->
<stax>
<defaultcall function="privileges_new_root_user"/>
<function name="privileges_new_root_user">
<sequence>
<block name="'privileges-new-root-user'">
<try>
<sequence>
<script>
if not CurrentTestPath.has_key('group'):
CurrentTestPath['group']='privileges'
CurrentTestPath['suite']=STAXCurrentBlock
</script>
<call function="'testSuite_Preamble'"/>
<!---
Place suite-specific test information here.
#@TestSuiteName Privileges Directory Manager Tests
#@TestSuitePurpose Test the basic Privileges Support in regard to basic Directory Manager.
#@TestSuiteGroup Basic Privileges Users Tests
#@TestScript privileges_directory_manager.xml
-->
<call function="'common_setup'">
{
'quickStart' : False ,
'startServer' : True ,
'loadData' : True ,
'ldifFile' : '%s/privileges/privileges_startup.ldif' % remote.data ,
'stopServer' : False
}
</call>
<import machine="STAF_LOCAL_HOSTNAME"
file="'%s/testcases/privileges/privileges_acis.xml' % (TESTS_DIR)"/>
<call function="'privileges_acis'"/>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName preamble
#@TestIssue none
#@TestPurpose Preamble - add a new root user
#@TestPreamble none
#@TestStep Admin adds a new root user.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
and entry is returned only for step 1.
-->
<testcase name="getTestCaseName('preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: preamble, Admin adding new root user'
</message>
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeAdded' : '%s/privileges/add_new_root_user.ldif' % remote.data }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName bypass-acl
#@TestIssue none
#@TestPurpose bypass-acl privilege for new root user
#@TestPreamble Alternate root user removes global search ACI.
#@TestStep New root user searches entry.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user searches entry.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user searches entry.
#@TestStep Alternate root user puts back global search ACI.
#@TestStep New root user searches entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('bypass-acl')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: bypass-acl, alternative root user removing search global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Privileges: New Root User: bypass-acl, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'sn: Carter' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: New Root User: bypass-acl, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-bypass-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: bypass-acl, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: New Root User: bypass-acl, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-bypass-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: bypass-acl, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'sn: Carter' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: New Root User: bypass-acl, alternative root user putting back global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<message>
'Privileges: New Root User: bypass-acl, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName bypass-acl, alternate bind DN
#@TestIssue none
#@TestPurpose bypass-acl privilege for new root user using alternate bind dn
#@TestPreamble Alternate root user removes global search ACI.
#@TestStep New root user searches entry.
#@TestStep Alternate root user removes privilege.
#@TestStep Alternate root user puts back global search ACI.
#@TestStep New root user searches entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 32
for step 2, and 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('bypass-acl, alternate bind DN')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user removing search global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Privileges: New Root User: bypass-acl, alternate bind DN, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'sn: Carter' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-bypass-acl' ,
'changetype' : 'add' ,
'expectedRC' : 32
}
</call>
<message>
'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user putting back global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<message>
'Privileges: New Root User: bypass-acl, alternate bind DN, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName modify-acl - add aci
#@TestIssue none
#@TestPurpose modify-acl privilege for new root user - add aci
#@TestPreamble none
#@TestStep New root user adds ACI, default behavior.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user adds second ACI.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user adds second ACI.
#@TestStep Alternate root removes first ACI.
#@TestStep Alternate root removes second ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - add aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: modify-acl - add aci, check default, new root user adding ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: modify-acl - add aci, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: modify-acl - add aci, new root user adding second ACI'
</message>
<script>
search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: modify-acl - add aci, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-modify-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: modify-acl - add aci, new root user adding second ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search2_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: modify-acl - add aci, alternative root user deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: modify-acl - add aci, alternative root user deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search2_aci ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName modify-acl - replace aci
#@TestIssue none
#@TestPurpose modify-acl privilege for new root user - replace aci
#@TestPreamble none
#@TestStep New root user replaces ACI, default behavior.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user replaces second ACI.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user replaces second ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - replace aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: modify-acl - replace aci, preamble, check default, new root user replacing ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' }
</call>
<message>
'Privileges: New Root User: modify-acl - replace aci, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: modify-acl - replace aci, new root user replacing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: modify-acl - replace aci, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-modify-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: modify-acl - replace aci, new root user replacing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName modify-acl - delete aci
#@TestIssue none
#@TestPurpose modify-acl privilege for new root user - delete aci
#@TestPreamble none
#@TestStep New root user deletes ACI, default behavior.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user deletes second ACI.
#@TestStep Alternate root user puts back privilege.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - delete aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: modify-acl - delete aci, preamble, check default, new root user deleting ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_gfarmer\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=gfarmer, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: modify-acl - delete aci, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: modify-acl - delete aci, new root user delete ACI'
</message>
<script>
search2_aci="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_abergin\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=abergin, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search2_aci ,
'changetype' : 'delete' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: modify-acl - delete aci, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-modify-acl' ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName config-read
#@TestIssue none
#@TestPurpose config-read privilege for new root user
#@TestPreamble none
#@TestStep New root user searches cn=config, default behavior.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user searches cn=config.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user searches cn=config.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, and 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('config-read')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: config-read, new root user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: cn=config' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'ds-cfg-check-schema:' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: New Root User: config-read, alternative root removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-read' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-read, new root user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: config-read, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-read' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: config-read, new root user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: cn=config' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName config-write
#@TestIssue none
#@TestPurpose config-write privilege for new root user
#@TestPreamble none
#@TestStep New root user modifies cn=config, default behavior.
#@TestStep Alternate root user removes read privilege.
#@TestStep New root user modifies cn=config.
#@TestStep Alternate root user removes write privilege.
#@TestStep New root user modifies cn=config.
#@TestStep Alternate root user puts back read privilege.
#@TestStep New root user modifies cn=config.
#@TestStep Alternate root user puts back write privilege.
#@TestStep New root user modifies cn=config.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, 5, and 7 and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('config-write')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: config-write, new root user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' }
</call>
<message>
'Privileges: New Root User: config-write, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-read' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-write, new root user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: config-write, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-write' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-write, new root user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: config-write, altrnative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-read' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: config-write, new root user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: config-write, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-write' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: config-write, new root user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName config-write - add global aci
#@TestIssue none
#@TestPurpose config-write privilege for new root user - add global aci
#@TestPreamble none
#@TestStep New root user adds global ACI, default behavior.
#@TestStep Alternate root user removes read privilege.
#@TestStep New root user adds global ACI.
#@TestStep Alternate root user removes write privilege.
#@TestStep Alternate root user puts back read privilege.
#@TestStep New root user modifies cn=config.
#@TestStep Alternate root user puts back write privilege.
#@TestStep New root user modifies cn=config.
#@TestStep Alternate root deletes first added global aci.
#@TestStep Alternate root deletes second added global aci.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, 6, and 8, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('config-write - add global aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: config-write - add global aci, new root user adding global ACI'
</message>
<script>
another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : another_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, alternative root user removing config-read privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-read' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, new root user adding ACI'
</message>
<script>
global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: config-write - add global aci, altrnative user removing config-write privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-write' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, alternative root user putting back config-read privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-read' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, new root user adding global ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: config-write - add global aci, alternative root user putting back config-write privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-config-write' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, new root user adding global ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, new root user deleting write global ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : another_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: config-write - add global aci, new root user deleting write global ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName password-reset
#@TestIssue none
#@TestPurpose password-reset privilege for new root user
#@TestPreamble none
#@TestStep New root user resets user password, default behavior.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user resets user password.
#@TestStep Alternate root user puts privilege.
#@TestStep New root user resets user password.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('password-reset')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: password-reset, new root user resetting password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'pickles' ,
'changetype' : 'replace' }
</call>
<message>
'Privileges: New Root User: password-reset, alternative root user adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-password-reset' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: password-reset, new root user resetting password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'pickles' ,
'changetype' : 'replace',
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: password-reset, alternative root user deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-password-reset' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: password-reset, new root user resetting password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'pickles' ,
'changetype' : 'replace' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName update-schema
#@TestIssue none
#@TestPurpose update-schema privilege for new root user
#@TestPreamble none
#@TestStep Alternate root user adds entry that uses new object class.
#@TestStep Alternate root user removes privilege.
#@TestStep New root user adds new schema object.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user adds new schema object.
#@TestStep Alternate root user adds entry that uses new object class.
#@TestStep Alternate root user searches new entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 3, 65 for step 1, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('update-schema')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: update-schema, alternate root user adding entry that users new object class'
</message>
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'entryToBeAdded' : '%s/privileges/add_entry_with_new_objclass.ldif' % remote.data ,
'expectedRC' : 65
}
</call>
<message>
'Privileges: New Root User: update-schema, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-update-schema' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: update-schema, new root user adding new schema object'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'entryToBeModified' : '%s/privileges/addmozobj.ldif' % remote.data ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: update-schema, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-update-schema' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: update-schema, new root user adding new schema object'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'entryToBeModified' : '%s/privileges/addmozobj.ldif' % remote.data }
</call>
<message>
'Privileges: New Root User: update-schema, alternate root user adding entry that users new object class'
</message>
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'entryToBeAdded' : '%s/privileges/add_entry_with_new_objclass.ldif' % remote.data }
</call>
<message>
'Privileges: New Root User: update-schema, alternate root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=sfish,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid: sfish' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName privilege-change
#@TestIssue none
#@TestPurpose privilege-change privilege for new root user
#@TestPreamble Alternate root user adding write ACI
#@TestStep Alternate root user removes privilege.
#@TestStep New root user adds modify-acl privilege to second user.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user adds modify-acl privilege to second user.
#@TestStep Second user adds an ACI.
#@TestStep New root user removes modify-acl privilege from second user.
#@TestStep Alternate root user deletes user-added ACI.
#@TestStep Alternate root user deletes write ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 2, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('privilege-change')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: privilege-change, alternative root user adding write ACI'
</message>
<script>
write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: privilege-change, alternative root user removing privilege from new root user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-privilege-change' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: privilege-change, new root user adding privilege to second user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: privilege-change, alternative root user putting back privilege to new root user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-privilege-change' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: privilege-change, new root user adding privilege to second user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: privilege-change, second user adding ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: privilege-change, new root user removing privilege to second user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: privilege-change, alternative root user deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: privilege-change, alternative root user deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName server-shutdown
#@TestIssue none
#@TestPurpose server-shutdown privilege for new root user
#@TestPreamble none
#@TestStep Alternate root user removes privilege.
#@TestStep New root user adds shutdown task.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user adds shutdown task.
#@TestStep New root user searches for an entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 2, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('server-shutdown')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: server-shutdown, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-server-shutdown' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: server-shutdown, new root user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: server-shutdown, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-server-shutdown' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: server-shutdown, new root user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'taskID' : STAXCurrentTestcase,
}
</call>
<if expr="STAFCmdRC != 0">
<tcstatus result="'fail'"/>
<else>
<sequence>
<!--- Start DS -->
<message>
'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
</message>
<call function="'StartDsWithScript'">
{ 'location' : STAF_REMOTE_HOSTNAME }
</call>
<!--- Check that DS started -->
<call function="'isAlive'">
{ 'noOfLoops' : 10 ,
'noOfMilliSeconds' : 2000 }
</call>
</sequence>
<!--- End Block DS Process Active -->
</else>
</if>
<message>
'Privileges: New Root User: server-shutdown, new root user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges New Root User Tests
#@TestName server-restart
#@TestIssue none
#@TestPurpose server-restart privilege for new root user
#@TestPreamble none
#@TestStep Alternate root user removes privilege.
#@TestStep New root user adds restart task.
#@TestStep Alternate root user puts back privilege.
#@TestStep New root user adds restart task.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 2, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('server-restart')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: New Root User: server-restart, alternative root user removing privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-server-restart' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: New Root User: server-restart, new root user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: New Root User: server-restart, alternative root user putting back privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Aroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-server-restart' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: New Root User: server-restart, new root user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Zroot' ,
'dsInstancePswd' : 'PrivsRule' ,
'taskID' : STAXCurrentTestcase
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
<finally>
<sequence>
<!-- Test Suite Cleanup -->
<message>'Finally: Global Privileges Root User Cleanup.'</message>
<try>
<call function="'common_cleanup'" />
<catch exception="'STAFException'">
<sequence>
<message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
</sequence>
</catch>
<finally>
<call function="'testSuite_Postamble'"/>
</finally>
</try>
</sequence>
</finally>
</try>
</block>
</sequence>
</function>
</stax>