1636N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
1636N/A ! The contents of this file are subject to the terms of the 1636N/A ! Common Development and Distribution License, Version 1.0 only 1636N/A ! (the "License"). You may not use this file except in compliance 1636N/A ! You can obtain a copy of the license at 1636N/A ! See the License for the specific language governing permissions 1636N/A ! and limitations under the License. 1636N/A ! When distributing Covered Code, include this CDDL HEADER in each 1636N/A ! file and include the License file at 1636N/A ! add the following below this CDDL HEADER, with the fields enclosed 1636N/A ! by brackets "[]" replaced with your own identifying information: 1636N/A ! Portions Copyright [yyyy] [name of copyright owner] 4618N/A ! Copyright 2008-2009 Sun Microsystems, Inc. 6184N/A ! Portions Copyright 2011-2013 Forgerock AS 1636N/A <
defaultcall function="privileges_users"/>
1636N/A <
function name="privileges_users">
1636N/A <
block name="'privileges-users'">
4618N/A CurrentTestPath['group']='privileges'
4618N/A CurrentTestPath['suite']=STAXCurrentBlock
4618N/A <
call function="'testSuite_Preamble'"/>
4618N/A Place suite-specific test information here. 4618N/A #@TestSuiteName Privileges Users Tests 4618N/A #@TestSuitePurpose Test the basic Privileges Support in regrad to basic users. 4618N/A #@TestSuiteGroup Basic Privileges Users Tests 4618N/A <
call function="'common_setup'">
4618N/A <
import machine="STAF_LOCAL_HOSTNAME" 4618N/A <
call function="'privileges_acis'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose bypass-acl privilege for normal users 4618N/A #@TestPreamble User searches entry. 4618N/A #@TestStep Admin removes global search ACI. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin puts back global search ACI. 4618N/A #@TestStep User searches entry. 4618N/A #@TestResult Success if OpenDS returns 0 4618N/A for all other ldap operations. 4618N/A Proper entries returned for allowed searches. 4618N/A <
testcase name="getTestCaseName('bypass-acl')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: bypass-acl, preamble check default privilege'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl, removing search global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: Putting Back Search Global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid' }
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName bypass-acl with proxy 4618N/A #@TestPurpose bypass-acl privilege for normal users with proxy permission 4618N/A #@TestPreamble Admin removes global search ACI. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Proxied user searches entry. 4618N/A #@TestStep Admin adds proxy ACI. 4618N/A #@TestStep Proxied user searches entry. 4618N/A #@TestStep Admin deletes proxy ACI. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin puts back global search ACI. 4618N/A #@TestStep User searches entry. 4618N/A #@TestResult Success if OpenDS returns 0 4618N/A Proper entries returned for allowed searches. 4618N/A <
testcase name="getTestCaseName('bypass-acl with proxy')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: bypass-acl with proxy, preamble, removing search global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
4618N/A <
call function="'SearchObject'">
1636N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1636N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ProxyRules' ,
1636N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
1636N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid' }
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
1636N/A { 'returnString' : returnString ,
2084N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, adding proxy aci'
4618N/A proxy_aci="(target=\"ldap:///ou=People, o=Privileges Tests, dc=example,dc=com\")(targetattr=\"*\")(version 3.0; acl \"add_proxy_aci\"; allow (proxy) userdn=\"ldap:///uid=aproxy, ou=People, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : proxy_aci ,
4618N/A 'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
4618N/A <
call function="'SearchObject'">
1636N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1636N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ProxyRules' ,
1636N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
1636N/A 'dsFilter' : 'objectclass=*' ,
2263N/A 'attributes' : 'cn sn uid' }
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
1636N/A { 'returnString' : returnString ,
2084N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin deleting ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : proxy_aci ,
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, Putting Back Search Global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl with proxy, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName bypass-acl removal with minus notation 4618N/A #@TestPurpose bypass-acl privilege for normal users with minus notation 4618N/A #@TestPreamble Admin removes global search ACI. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin adds privilege with minus notation. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin removes privilege with minus notation. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin puts back global search ACI. 4618N/A #@TestStep User searches entry. 4618N/A #@TestResult Success if OpenDS returns 0 4618N/A Proper entries returned for allowed searches. 4618N/A <
testcase name="getTestCaseName('bypass-acl with minus notation')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: bypass-acl with minus notation, preamble, removing search global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, Admin adding privilege with minus notation'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : '-bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, Admin deleting privilege with minus notation'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : '-bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, Putting Back Search Global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName bypass-acl self-modify add 4618N/A #@TestPurpose bypass-acl privilege for normal users with self-modify add 4618N/A #@TestPreamble Admin removes global search ACI. 4618N/A #@TestStep User adds ACI to itself. 4618N/A #@TestStep User searches entry. 4618N/A #@TestStep Admin puts back global search ACI. 4618N/A #@TestStep User searches entry. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for all other ldap operations. 4618N/A Proper entries returned for allowed searches. 4618N/A <
testcase name="getTestCaseName('bypass-acl self-modify add')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: bypass-acl self-modify add, preamble, removing search global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl self-modify add, user adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'Privileges: Users: bypass-acl self-modify add, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'Privileges: Users: bypass-acl self-modify add, Putting Back Search Global ACI'
4618N/A <
call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'Privileges: Users: bypass-acl self-modify add, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName modify-acl - add aci 4618N/A #@TestPurpose modify-acl privilege for normal users - add aci 4618N/A #@TestStep User adds ACI, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User adds second ACI. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep Admin deletes user-added ACI. 4618N/A #@TestStep User adds second ACI. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 3, 7 and 10, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('modify-acl - add aci')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: modify-acl - add aci, check default, user adding ACI'
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: modify-acl - add aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: modify-acl - add aci, user adding second ACI'
4618N/A search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search2_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting user-added ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci, user adding second ACI'
4618N/A search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search3_aci ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName modify-acl - add aci - disable privilege 4618N/A #@TestPurpose disable privilege for modify-acl privilege for normal users - add aci 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep Admin adds disabled-privilege. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep User adds second ACI. 4618N/A #@TestStep Admin deletes disabled-privilege. 4618N/A #@TestStep Admin deletes user-added ACI. 4618N/A #@TestStep User adds second ACI. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 2, 6, and 9, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('modify-acl - add aci - disable privilege')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin disabling privilege'
4618N/A <
call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'modify-acl' }
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
4618N/A search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search2_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin un-disabling privilege'
4618N/A <
call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting user-added ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
4618N/A search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search3_aci ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName modify-acl - replace aci 4618N/A #@TestPurpose modify-acl privilege for normal users - replace aci 4618N/A #@TestStep User replaces ACI, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User replaces ACI. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep User replaces ACI. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep User replaces ACI. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User replaces ACI. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 3, 7 and 9, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('modify-acl - replace aci')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: modify-acl - replace aci, check default, user replacing ACI'
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName modify-acl - delete aci 4618N/A #@TestPurpose modify-acl privilege for normal users - delete aci 4618N/A #@TestStep User deletes ACI, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User deletes ACI. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep User deletes ACI. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('modify-acl - delete aci')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: modify-acl - delete aci, preamble, check default, user deleting ACI'
4618N/A write_aci_dmiller="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_dmiller\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci_dmiller ,
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: modify-acl - delete aci, user deleting ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci_dmiller ,
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - delete aci, user deleting ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci_dmiller ,
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose config-read privilege for normal users 4618N/A #@TestStep User searches cn=config, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User searches cn=config. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User searches cn=config. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for all other ldap operations. 4618N/A Proper entries returned for allowed searches. 4618N/A <
testcase name="getTestCaseName('config-read')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: config-read, check default privilege, user searching cn=config'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A 'Privileges: Users: config-read, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-read, user searching cn=config'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' }
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' ,
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'ds-cfg-check-schema:' ,
4618N/A 'Privileges: Users: config-read, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-read, user searching cn=config'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'checktestStringNotPresent'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' }
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName config-read - disable privilege 4618N/A #@TestPurpose config-read privilege for normal users 4618N/A #@TestStep User searches cn=config, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User searches cn=config. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User searches cn=config. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for all other ldap operations. 4618N/A Proper entries returned for allowed searches. 4618N/A <
testcase name="getTestCaseName('config-read - disable privilege')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: config-read - disable privilege, check default privilege, user searching cn=config'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A 'Privileges: Users: config-read - disable privilege, Admin disabling privilege'
4618N/A <
call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'config-read' }
4618N/A 'Privileges: Users: config-read - disable privilege, user searching cn=config'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' }
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' ,
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'ds-cfg-check-schema:' ,
4618N/A 'Privileges: Users: config-read - disable privilege, Admin un-disabling privilege'
4618N/A <
call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-read - disable privilege, user searching cn=config'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'checktestStringNotPresent'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' }
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose config-write privilege for normal users 4618N/A #@TestStep User modifies cn=config, check default behavior. 4618N/A #@TestStep Admin adds write privilege. 4618N/A #@TestStep User modifies cn=config. 4618N/A #@TestStep Admin adds read privilege. 4618N/A #@TestStep User modifies cn=config. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep User modifies cn=config. 4618N/A #@TestStep Admin removes read privilege. 4618N/A #@TestStep User modifies cn=config. 4618N/A #@TestStep Admin removes write privilege. 4618N/A #@TestStep User modifies cn=config. 4618N/A #@TestStep Admin removes write ACI. 4618N/A #@TestStep User modifies cn=config. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 3, 5, 9, 11, and 13, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('config-write')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: config-write, check default privilege, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'Privileges: Users: config-write, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'Privileges: Users: config-write, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'Privileges: Users: config-write, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"ds-cfg-check-schema\")(version 3.0; acl \"add_write_config\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'Privileges: Users: config-write, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'Privileges: Users: config-write, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName config-write - add global aci 4618N/A #@TestPurpose config-write privilege for normal users - add global aci 4618N/A #@TestStep User adds global ACI, check default behavior. 4618N/A #@TestStep Admin adds read privilege. 4618N/A #@TestStep User adds global ACI. 4618N/A #@TestStep Admin adds write privilege. 4618N/A #@TestStep User adds global ACI. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep User adds global ACI. 4618N/A #@TestStep Admin removes write privilege. 4618N/A #@TestStep User adds second global ACI. 4618N/A #@TestStep Admin removes read privilege. 4618N/A #@TestStep User adds second global ACI. 4618N/A #@TestStep Admin removes write ACI. 4618N/A #@TestStep Admin removes user-added global ACI. 4618N/A #@TestStep User adds second global ACI. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 3, 5, 9, 11, and 14, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('config-write - add global aci')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: config-write - add global aci, check default, user adding ACI'
4618N/A another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"ds-cfg-global-aci\")(version 3.0; acl \"add_allow_global_aci\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : global2_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : global2_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci',
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : global2_aci ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose config-write privilege for normal users 4618N/A #@TestPreamble Admin adds write ACI 4618N/A #@TestStep User resets another users password, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User resets another users password. 4618N/A #@TestStep Other user binds with search operation. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep User resets another users password. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User resets another users password. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 6, and 8, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('password-reset')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: password-reset, preamble, Admin adding ACI'
4618N/A write_aci="(targetattr=\"userpassword\")(version 3.0; acl \"add_modify_acl\"; allow (write,add,delete) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: password-reset, check default privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'Privileges: Users: password-reset, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'password-reset' ,
4618N/A 'Privileges: Users: password-reset, user resetting password'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'Privileges: Users: password-reset, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=bhall,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'bananas' ,
4618N/A 'dsBaseDN' : 'ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=bhall,ou=People,o=Privileges Tests' ,
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'uid: bhall' ,
4618N/A 'Privileges: Users: password-reset - delete aci, Admin deleting ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: password-reset, user resetting password'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'Privileges: Users: password-reset, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'password-reset' ,
4618N/A 'Privileges: Users: password-reset, user resetting password'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose update-schema privilege for normal users 4618N/A #@TestPreamble Admin adds write ACI 4618N/A #@TestStep User adds new schema object, check default behavior. 4618N/A #@TestStep Admin adds new entry that uses new object class. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User adds new schema object. 4618N/A #@TestStep Admin adds new entry that uses new object class. 4618N/A #@TestStep Admin searches new entry. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for step 1, 65 for step 2, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('update-schema')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: update-schema, preamble, Admin adding ACI'
4618N/A write_aci="(target=\"ldap:///cn=schema\")(targetattr=\"objectclasses\")(version 3.0; acl \"add_global_write_schema\"; allow (all) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : write_aci ,
5370N/A 'Privileges: Users: update-schema, preamble, Admin add subentry-write privilege'
5370N/A <
call function="'modifyAnAttribute'">
5370N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5370N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5370N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5370N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5370N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
5370N/A 'attributeName' : 'ds-privilege-name' ,
5370N/A 'newAttributeValue' : 'subentry-write' ,
4618N/A 'Privileges: Users: update-schema, check default privilege, user adding new schema object'
4618N/A <
call function="'modifyEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'Privileges: Users: update-schema, Admin adding entry that uses new object class'
4618N/A <
call function="'addEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'Privileges: Users: update-schema, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'update-schema' ,
4618N/A 'Privileges: Users: update-schema, user adding new schema object'
4618N/A <
call function="'modifyEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'Privileges: Users: update-schema, Admin adding entry that users new object class'
4618N/A <call function="'addAnEntry'"> 4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 4618N/A 'DNToAdd' : 'uid=sfish, ou=People, o=Privileges Tests, dc=example,dc=com' , 4618N/A 'attributesToAdd' : listAttr } 4618N/A <
call function="'addEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'Privileges: Users: password-reset, user searching entry'
4618N/A <
call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'dsBaseDN' : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A returnString = STAXResult[0][1]
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=sfish,ou=People,o=Privileges Tests' ,
4618N/A <
call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'uid: sfish' ,
4618N/A 'Privileges: Users: update-schema, Admin deleting ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : write_aci ,
5370N/A 'Privileges: Users: update-schema, Admin deleting update-schema privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'update-schema' ,
5370N/A 'Privileges: Users: update-schema, Admin deleting subentry-write privilege'
5370N/A <
call function="'modifyAnAttribute'">
5370N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5370N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5370N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5370N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5370N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
5370N/A 'attributeName' : 'ds-privilege-name' ,
5370N/A 'newAttributeValue' : 'subentry-write' ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestName privilege-change 4618N/A #@TestPurpose privilege-change privilege for normal users 4618N/A #@TestPreamble Admin adds write ACI 4618N/A #@TestStep Admin adds privilege-change privilege to first user. 4618N/A #@TestStep First user adds modify-acl privilege to second user. 4618N/A #@TestStep Second user adds an ACI. 4618N/A #@TestStep Admin removes modify-acl privilege. 4618N/A #@TestStep Admin removes privilege-change privilege. 4618N/A #@TestStep Admin deletes user-added ACI. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestResult Success if OpenDS returns 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('privilege-change')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: privilege-change, Admin adding write ACI'
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'Privileges: Users: privilege-change, Admin adding privilege to first user'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'privilege-change' ,
4618N/A 'Privileges: Users: privilege-change, first user adding privilege to second user'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: privilege-change, second user adding ACI'
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: privilege-change, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'Privileges: Users: privilege-change, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'privilege-change' ,
4618N/A 'Privileges: Users: privilege-change, Admin deleting ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: privilege-change, Admin deleting write ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose server-shutdown privilege for normal users 4618N/A #@TestStep User adds shutdown task, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User adds shutdown task. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep User adds shutdown task. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User adds shutdown task. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep User adds shutdown task. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 3, 7, and 9, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('server-shutdown')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A <
call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
1636N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'Privileges: Users: server-shutdown, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-shutdown' ,
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A <
call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
2263N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'Privileges: Users: server-shutdown, Admin adding ACI'
4618N/A search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A <
call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
5370N/A 'taskID' : '%s-OK' % STAXCurrentTestcase,
4618N/A <
tcstatus result="'fail'"/>
4618N/A 'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
4865N/A <
call function="'StartDsWithScript'">
4865N/A { 'location' : STAF_REMOTE_HOSTNAME }
4865N/A <!--- Check that DS started --> 4865N/A <
call function="'isAlive'">
4618N/A 'noOfMilliSeconds' : 2000 }
4865N/A <!--- End Block DS Process Active --> 4618N/A 'Privileges: Users: server-shutdown, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-shutdown' ,
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A <
call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
5370N/A 'taskID' : '%s-nopriv' % STAXCurrentTestcase,
4618N/A 'Privileges: Users: server-shutdown, Admin removing ACI'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A <
call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
5370N/A 'taskID' : '%s-noaci' % STAXCurrentTestcase,
4618N/A <
call function="'testCase_Postamble'"/>
4618N/A Place test-specific test information here. 4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 4618N/A #@TestMarker Privileges Users Tests 4618N/A #@TestPurpose server-restart privilege for normal users 4618N/A #@TestStep User adds restart task, check default behavior. 4618N/A #@TestStep Admin adds privilege. 4618N/A #@TestStep User adds restart task. 4618N/A #@TestStep Admin adds write ACI. 4618N/A #@TestStep User adds restart task. 4618N/A #@TestStep Admin removes privilege. 4618N/A #@TestStep User adds restart task. 4618N/A #@TestStep Admin deletes write ACI. 4618N/A #@TestStep User adds restart task. 4618N/A #@TestResult Success if OpenDS returns 50 4618N/A for steps 1, 3, 7, and 9, and 0 4618N/A for all other ldap operations. 4618N/A <
testcase name="getTestCaseName('server-restart')">
4618N/A <
call function="'testCase_Preamble'"/>
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A <
call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'Privileges: Users: server-restart, Admin adding privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-restart' ,
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A <
call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'Privileges: Users: server-restart, Admin adding ACI'
4618N/A search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A <
call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'Privileges: Users: server-restart, Admin deleting privilege'
4618N/A <
call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-restart' ,
4618N/A 'Privileges: Users: server-restart, user adding server restart task' 4618N/A <call function="'restartTask'"> 4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' , 4618N/A 'dsInstancePswd' : 'ACIRules', 4618N/A 'taskID' : STAXCurrentTestcase, 4618N/A 'Privileges: Users: server-restart, Admin removing ACI' 4618N/A <call function="'modifyAnAttribute'"> 4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' , 4618N/A 'attributeName' : 'ds-cfg-global-aci' , 4618N/A 'newAttributeValue' : search_aci , 4618N/A 'Privileges: Users: server-restart, user adding server restart task' 4618N/A <call function="'restartTask'"> 4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' , 4618N/A 'dsInstancePswd' : 'ACIRules', 4618N/A 'taskID' : STAXCurrentTestcase, 4618N/A <
call function="'testCase_Postamble'"/>
4618N/A <!-- Test Suite Cleanup --> 4618N/A <
message>'Finally: Global Privileges Users Cleanup.'</
message>
4618N/A <
call function="'common_cleanup'" />
4618N/A <
catch exception="'STAFException'">
4618N/A <
message log="1" level="'fatal'">'Cleanup of test suite failed.'</
message>
4618N/A <
call function="'testSuite_Postamble'"/>