1636N/A<?xml version="1.0" encoding="UTF-8" standalone="no"?>
2887N/A<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
1636N/A<!--
1636N/A ! CDDL HEADER START
1636N/A !
1636N/A ! The contents of this file are subject to the terms of the
1636N/A ! Common Development and Distribution License, Version 1.0 only
1636N/A ! (the "License"). You may not use this file except in compliance
1636N/A ! with the License.
1636N/A !
1636N/A ! You can obtain a copy of the license at
1636N/A ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
1636N/A ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
1636N/A ! See the License for the specific language governing permissions
1636N/A ! and limitations under the License.
1636N/A !
1636N/A ! When distributing Covered Code, include this CDDL HEADER in each
1636N/A ! file and include the License file at
1636N/A ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
1636N/A ! add the following below this CDDL HEADER, with the fields enclosed
1636N/A ! by brackets "[]" replaced with your own identifying information:
1636N/A ! Portions Copyright [yyyy] [name of copyright owner]
1636N/A !
1636N/A ! CDDL HEADER END
1636N/A !
4618N/A ! Copyright 2008-2009 Sun Microsystems, Inc.
6184N/A ! Portions Copyright 2011-2013 Forgerock AS
1636N/A ! -->
1636N/A<stax>
1636N/A
1636N/A <defaultcall function="privileges_users"/>
1636N/A
1636N/A <function name="privileges_users">
1636N/A
1636N/A <sequence>
1636N/A
1636N/A <block name="'privileges-users'">
4618N/A
4618N/A <try>
1636N/A
4618N/A <sequence>
4618N/A
4618N/A <script>
4618N/A if not CurrentTestPath.has_key('group'):
4618N/A CurrentTestPath['group']='privileges'
4618N/A CurrentTestPath['suite']=STAXCurrentBlock
4618N/A </script>
4618N/A
4618N/A <call function="'testSuite_Preamble'"/>
4618N/A
4618N/A <!---
4618N/A Place suite-specific test information here.
4618N/A #@TestSuiteName Privileges Users Tests
4618N/A #@TestSuitePurpose Test the basic Privileges Support in regrad to basic users.
4618N/A #@TestSuiteGroup Basic Privileges Users Tests
4618N/A #@TestScript privileges_users.xml
4618N/A -->
4618N/A
4618N/A
4618N/A <call function="'common_setup'">
4618N/A {
4618N/A 'quickStart' : False ,
4618N/A 'startServer' : True ,
4618N/A 'loadData' : True ,
4618N/A 'ldifFile' : '%s/privileges/privileges_startup.ldif' % remote.data ,
4618N/A 'stopServer' : False
4618N/A }
4618N/A </call>
1636N/A
4618N/A <import machine="STAF_LOCAL_HOSTNAME"
4618N/A file="'%s/testcases/privileges/privileges_acis.xml' % (TESTS_DIR)"/>
4618N/A <call function="'privileges_acis'"/>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName bypass-acl
6184N/A #@TestIssue none
4618N/A #@TestPurpose bypass-acl privilege for normal users
4618N/A #@TestPreamble User searches entry.
4618N/A #@TestStep Admin removes global search ACI.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin puts back global search ACI.
4618N/A #@TestStep User searches entry.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 0
4618N/A for all other ldap operations.
4618N/A Proper entries returned for allowed searches.
4618N/A -->
4618N/A <testcase name="getTestCaseName('bypass-acl')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, preamble check default privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, removing search global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'remove' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: Putting Back Search Global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid' }
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName bypass-acl with proxy
6184N/A #@TestIssue none
4618N/A #@TestPurpose bypass-acl privilege for normal users with proxy permission
4618N/A #@TestPreamble Admin removes global search ACI.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Proxied user searches entry.
4618N/A #@TestStep Admin adds proxy ACI.
4618N/A #@TestStep Proxied user searches entry.
4618N/A #@TestStep Admin deletes proxy ACI.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin puts back global search ACI.
4618N/A #@TestStep User searches entry.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 0
4618N/A for all ldap operations.
4618N/A Proper entries returned for allowed searches.
4618N/A -->
4618N/A <testcase name="getTestCaseName('bypass-acl with proxy')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, preamble, removing search global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'remove' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
4618N/A </message>
1636N/A
4618N/A <call function="'SearchObject'">
1636N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1636N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ProxyRules' ,
1636N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
1636N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid' }
4618N/A </call>
1636N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
1636N/A
4618N/A <call function="'searchStringForSubstring'">
1636N/A { 'returnString' : returnString ,
2084N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
1636N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, adding proxy aci'
4618N/A </message>
1636N/A
4618N/A <script>
4618N/A proxy_aci="(target=\"ldap:///ou=People, o=Privileges Tests, dc=example,dc=com\")(targetattr=\"*\")(version 3.0; acl \"add_proxy_aci\"; allow (proxy) userdn=\"ldap:///uid=aproxy, ou=People, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : proxy_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
1636N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1636N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ProxyRules' ,
1636N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
1636N/A 'dsFilter' : 'objectclass=*' ,
2263N/A 'attributes' : 'cn sn uid' }
4618N/A </call>
1636N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
1636N/A
4618N/A <call function="'searchStringForSubstring'">
1636N/A { 'returnString' : returnString ,
2084N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
1636N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin deleting ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : proxy_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, Putting Back Search Global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName bypass-acl removal with minus notation
6184N/A #@TestIssue none
4618N/A #@TestPurpose bypass-acl privilege for normal users with minus notation
4618N/A #@TestPreamble Admin removes global search ACI.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin adds privilege with minus notation.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin removes privilege with minus notation.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin puts back global search ACI.
4618N/A #@TestStep User searches entry.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 0
4618N/A for all ldap operations.
4618N/A Proper entries returned for allowed searches.
4618N/A -->
4618N/A <testcase name="getTestCaseName('bypass-acl with minus notation')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, preamble, removing search global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'remove' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, Admin adding privilege with minus notation'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : '-bypass-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, Admin deleting privilege with minus notation'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : '-bypass-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, Putting Back Search Global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl with minus notation, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName bypass-acl self-modify add
6184N/A #@TestIssue none
4618N/A #@TestPurpose bypass-acl privilege for normal users with self-modify add
4618N/A #@TestPreamble Admin removes global search ACI.
4618N/A #@TestStep User adds ACI to itself.
4618N/A #@TestStep User searches entry.
4618N/A #@TestStep Admin puts back global search ACI.
4618N/A #@TestStep User searches entry.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for step 1, and 0
4618N/A for all other ldap operations.
4618N/A Proper entries returned for allowed searches.
4618N/A -->
4618N/A <testcase name="getTestCaseName('bypass-acl self-modify add')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl self-modify add, preamble, removing search global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'remove' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl self-modify add, user adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'bypass-acl' ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl self-modify add, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '0' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl self-modify add, Putting Back Search Global ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyGlobalAci'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'aciValue' : GLOBAL_ACI_SEARCH ,
4618N/A 'opType' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: bypass-acl self-modify add, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'cn sn uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'checktestString'">
4618N/A { 'returnString' : returnString ,
4618N/A 'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName modify-acl - add aci
6184N/A #@TestIssue none
4618N/A #@TestPurpose modify-acl privilege for normal users - add aci
4618N/A #@TestPreamble none
4618N/A #@TestStep User adds ACI, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User adds ACI.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User adds ACI.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User adds second ACI.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep Admin deletes user-added ACI.
4618N/A #@TestStep User adds second ACI.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 3, 7 and 10, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('modify-acl - add aci')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, check default, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, user adding second ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search2_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting user-added ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, user adding second ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search3_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
1636N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName modify-acl - add aci - disable privilege
6184N/A #@TestIssue none
4618N/A #@TestPurpose disable privilege for modify-acl privilege for normal users - add aci
4618N/A #@TestPreamble none
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User adds ACI.
4618N/A #@TestStep Admin adds disabled-privilege.
4618N/A #@TestStep User adds ACI.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep User adds second ACI.
4618N/A #@TestStep Admin deletes disabled-privilege.
4618N/A #@TestStep Admin deletes user-added ACI.
4618N/A #@TestStep User adds second ACI.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 2, 6, and 9, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('modify-acl - add aci - disable privilege')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50 }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin disabling privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'modify-acl' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search2_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin un-disabling privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'modify-acl' ,
4618N/A 'modifyType' : 'remove' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting user-added ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search3_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
1636N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName modify-acl - replace aci
6184N/A #@TestIssue none
4618N/A #@TestPurpose modify-acl privilege for normal users - replace aci
4618N/A #@TestPreamble none
4618N/A #@TestStep User replaces ACI, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User replaces ACI.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User replaces ACI.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep User replaces ACI.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User replaces ACI.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 3, 7 and 9, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('modify-acl - replace aci')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, check default, user replacing ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'replace' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - replace aci, user replacing ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
1636N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!--
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName modify-acl - delete aci
6184N/A #@TestIssue none
4618N/A #@TestPurpose modify-acl privilege for normal users - delete aci
4618N/A #@TestPreamble none
4618N/A #@TestStep User deletes ACI, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User deletes ACI.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User deletes ACI.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1 and 3, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('modify-acl - delete aci')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, preamble, check default, user deleting ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci_dmiller="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_dmiller\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci_dmiller ,
4618N/A 'changetype' : 'delete' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, user deleting ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci_dmiller ,
4618N/A 'changetype' : 'delete' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, user deleting ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci_dmiller ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - delete aci, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
1636N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName config-read
6184N/A #@TestIssue none
4618N/A #@TestPurpose config-read privilege for normal users
4618N/A #@TestPreamble none
4618N/A #@TestStep User searches cn=config, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User searches cn=config.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User searches cn=config.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1 and 5, and 0
4618N/A for all other ldap operations.
4618N/A Proper entries returned for allowed searches.
4618N/A -->
4618N/A <testcase name="getTestCaseName('config-read')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read, check default privilege, user searching cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'cn=config' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read, user searching cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'cn=config' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' }
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'ds-cfg-check-schema:' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read, user searching cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'cn=config' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A 'expectedRC' : 50 }
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'checktestStringNotPresent'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName config-read - disable privilege
6184N/A #@TestIssue none
4618N/A #@TestPurpose config-read privilege for normal users
4618N/A #@TestPreamble none
4618N/A #@TestStep User searches cn=config, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User searches cn=config.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User searches cn=config.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1 and 5, and 0
4618N/A for all other ldap operations.
4618N/A Proper entries returned for allowed searches.
4618N/A -->
4618N/A <testcase name="getTestCaseName('config-read - disable privilege')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read - disable privilege, check default privilege, user searching cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'cn=config' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read - disable privilege, Admin disabling privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'config-read' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read - disable privilege, user searching cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'cn=config' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' }
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'ds-cfg-check-schema:' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read - disable privilege, Admin un-disabling privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'dsconfigSet'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'objectName' : 'global-configuration' ,
4618N/A 'attributeName' : 'disabled-privilege' ,
4618N/A 'attributeValue' : 'config-read' ,
4618N/A 'modifyType' : 'remove' }
4618N/A </call>
1636N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-read - disable privilege, user searching cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'dsBaseDN' : 'cn=config' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'ds-cfg-check-schema' ,
4618N/A 'extraParams' : '-s base' ,
4618N/A 'expectedRC' : 50 }
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'checktestStringNotPresent'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: cn=config' }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName config-write
6184N/A #@TestIssue none
4618N/A #@TestPurpose config-write privilege for normal users
4618N/A #@TestPreamble none
4618N/A #@TestStep User modifies cn=config, check default behavior.
4618N/A #@TestStep Admin adds write privilege.
4618N/A #@TestStep User modifies cn=config.
4618N/A #@TestStep Admin adds read privilege.
4618N/A #@TestStep User modifies cn=config.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User modifies cn=config.
4618N/A #@TestStep Admin removes read privilege.
4618N/A #@TestStep User modifies cn=config.
4618N/A #@TestStep Admin removes write privilege.
4618N/A #@TestStep User modifies cn=config.
4618N/A #@TestStep Admin removes write ACI.
4618N/A #@TestStep User modifies cn=config.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 3, 5, 9, 11, and 13, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('config-write')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, check default privilege, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"ds-cfg-check-schema\")(version 3.0; acl \"add_write_config\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write, user modifying cn=config'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-check-schema' ,
4618N/A 'newAttributeValue' : 'true' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
2263N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName config-write - add global aci
6184N/A #@TestIssue none
4618N/A #@TestPurpose config-write privilege for normal users - add global aci
4618N/A #@TestPreamble none
4618N/A #@TestStep User adds global ACI, check default behavior.
4618N/A #@TestStep Admin adds read privilege.
4618N/A #@TestStep User adds global ACI.
4618N/A #@TestStep Admin adds write privilege.
4618N/A #@TestStep User adds global ACI.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User adds global ACI.
4618N/A #@TestStep Admin removes write privilege.
4618N/A #@TestStep User adds second global ACI.
4618N/A #@TestStep Admin removes read privilege.
4618N/A #@TestStep User adds second global ACI.
4618N/A #@TestStep Admin removes write ACI.
4618N/A #@TestStep Admin removes user-added global ACI.
4618N/A #@TestStep User adds second global ACI.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 3, 5, 9, 11, and 14, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('config-write - add global aci')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, check default, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"ds-cfg-global-aci\")(version 3.0; acl \"add_allow_global_aci\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-write' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : global2_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'config-read' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : global2_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=config' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci',
4618N/A 'newAttributeValue' : another_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: config-write - add global aci, user adding ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : global2_aci ,
4618N/A 'changetype' : 'add' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
2263N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName password-reset
6184N/A #@TestIssue none
4618N/A #@TestPurpose config-write privilege for normal users
4618N/A #@TestPreamble Admin adds write ACI
4618N/A #@TestStep User resets another users password, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User resets another users password.
4618N/A #@TestStep Other user binds with search operation.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep User resets another users password.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User resets another users password.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 6, and 8, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('password-reset')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, preamble, Admin adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"userpassword\")(version 3.0; acl \"add_modify_acl\"; allow (write,add,delete) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, check default privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'password-reset' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, user resetting password'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'changetype' : 'replace' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=bhall,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'bananas' ,
4618N/A 'dsBaseDN' : 'ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=bhall,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'uid: bhall' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset - delete aci, Admin deleting ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, user resetting password'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'password-reset' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, user resetting password'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'userpassword' ,
4618N/A 'newAttributeValue' : 'bananas' ,
4618N/A 'changetype' : 'replace' ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
2263N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName update-schema
6184N/A #@TestIssue none
4618N/A #@TestPurpose update-schema privilege for normal users
4618N/A #@TestPreamble Admin adds write ACI
4618N/A #@TestStep User adds new schema object, check default behavior.
4618N/A #@TestStep Admin adds new entry that uses new object class.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User adds new schema object.
4618N/A #@TestStep Admin adds new entry that uses new object class.
4618N/A #@TestStep Admin searches new entry.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for step 1, 65 for step 2, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('update-schema')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, preamble, Admin adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(target=\"ldap:///cn=schema\")(targetattr=\"objectclasses\")(version 3.0; acl \"add_global_write_schema\"; allow (all) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
5370N/A
5370N/A <message>
5370N/A 'Privileges: Users: update-schema, preamble, Admin add subentry-write privilege'
5370N/A </message>
5370N/A
5370N/A <call function="'modifyAnAttribute'">
5370N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5370N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5370N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5370N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5370N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
5370N/A 'attributeName' : 'ds-privilege-name' ,
5370N/A 'newAttributeValue' : 'subentry-write' ,
5370N/A 'changetype' : 'add' }
5370N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, check default privilege, user adding new schema object'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'entryToBeModified' : '%s/privileges/addmozobj.ldif' % remote.data ,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, Admin adding entry that uses new object class'
4618N/A </message>
4618N/A
4618N/A <call function="'addEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'entryToBeAdded' : '%s/privileges/add_entry_with_new_objclass.ldif' % remote.data ,
4618N/A 'expectedRC' : 65
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'update-schema' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, user adding new schema object'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'entryToBeModified' : '%s/privileges/addmozobj.ldif' % remote.data }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, Admin adding entry that users new object class'
4618N/A </message>
4618N/A
4618N/A <!--
4618N/A <script>
4618N/A listAttr=[]
4631N/A listAttr.append('objectclass:top')
4631N/A listAttr.append('objectclass:person')
4631N/A listAttr.append('objectclass:mozillaobject')
4631N/A listAttr.append('cn:Salmon Fish')
4631N/A listAttr.append('sn:Fish')
4631N/A listAttr.append('givenname:Salmon')
4631N/A listAttr.append('l:Cupertino')
4631N/A listAttr.append('uid:sfish')
4618N/A </script>
4618N/A
4618N/A <call function="'addAnEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToAdd' : 'uid=sfish, ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributesToAdd' : listAttr }
4618N/A </call>
4618N/A -->
4618N/A
4618N/A <call function="'addEntry'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'entryToBeAdded' : '%s/privileges/add_entry_with_new_objclass.ldif' % remote.data }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: password-reset, user searching entry'
4618N/A </message>
4618N/A
4618N/A <call function="'SearchObject'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'dsBaseDN' : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsFilter' : 'objectclass=*' ,
4618N/A 'attributes' : 'uid'}
4618N/A </call>
4618N/A
4618N/A <script>
4618N/A returnString = STAXResult[0][1]
4618N/A </script>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'dn: uid=sfish,ou=People,o=Privileges Tests' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <call function="'searchStringForSubstring'">
4618N/A { 'returnString' : returnString ,
4618N/A 'testString' : 'uid: sfish' ,
4618N/A 'expectedResult' : '1' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: update-schema, Admin deleting ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
5370N/A 'Privileges: Users: update-schema, Admin deleting update-schema privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'update-schema' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
5370N/A
5370N/A <message>
5370N/A 'Privileges: Users: update-schema, Admin deleting subentry-write privilege'
5370N/A </message>
5370N/A
5370N/A <call function="'modifyAnAttribute'">
5370N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5370N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5370N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5370N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5370N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
5370N/A 'attributeName' : 'ds-privilege-name' ,
5370N/A 'newAttributeValue' : 'subentry-write' ,
5370N/A 'changetype' : 'delete' }
5370N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName privilege-change
6184N/A #@TestIssue none
4618N/A #@TestPurpose privilege-change privilege for normal users
4618N/A #@TestPreamble Admin adds write ACI
4618N/A #@TestStep Admin adds privilege-change privilege to first user.
4618N/A #@TestStep First user adds modify-acl privilege to second user.
4618N/A #@TestStep Second user adds an ACI.
4618N/A #@TestStep Admin removes modify-acl privilege.
4618N/A #@TestStep Admin removes privilege-change privilege.
4618N/A #@TestStep Admin deletes user-added ACI.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('privilege-change')">
4618N/A <sequence>
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, Admin adding write ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, Admin adding privilege to first user'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'privilege-change' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, first user adding privilege to second user'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, second user adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules' ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'modify-acl' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'privilege-change' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, Admin deleting ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: privilege-change, Admin deleting write ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'dc=example,dc=com' ,
4618N/A 'attributeName' : 'aci' ,
4618N/A 'newAttributeValue' : write_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
2263N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
4618N/A </sequence>
4618N/A </testcase>
4618N/A
4618N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName server-shutdown
6184N/A #@TestIssue none
4618N/A #@TestPurpose server-shutdown privilege for normal users
4618N/A #@TestPreamble none
4618N/A #@TestStep User adds shutdown task, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User adds shutdown task.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User adds shutdown task.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User adds shutdown task.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep User adds shutdown task.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 3, 7, and 9, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('server-shutdown')">
4618N/A
1636N/A <sequence>
4618N/A
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A </message>
4618N/A
4618N/A <call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
1636N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
2263N/A 'expectedRC' : 50
2263N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-shutdown' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A </message>
4618N/A
4618N/A <call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
2263N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
1840N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, Admin adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A </message>
4618N/A
4618N/A <call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
5370N/A 'taskID' : '%s-OK' % STAXCurrentTestcase,
1840N/A }
4618N/A </call>
4618N/A
4618N/A <if expr="STAFCmdRC != 0">
4618N/A <tcstatus result="'fail'"/>
4865N/A <else>
4865N/A <sequence>
4865N/A <!--- Start DS -->
4865N/A <message>
4618N/A 'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
4865N/A </message>
4865N/A
4865N/A <call function="'StartDsWithScript'">
4865N/A { 'location' : STAF_REMOTE_HOSTNAME }
4865N/A </call>
4865N/A
4865N/A <!--- Check that DS started -->
4865N/A <call function="'isAlive'">
4618N/A { 'noOfLoops' : 10 ,
4618N/A 'noOfMilliSeconds' : 2000 }
4865N/A </call>
4865N/A </sequence>
4865N/A <!--- End Block DS Process Active -->
4865N/A </else>
4865N/A </if>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-shutdown' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A </message>
4618N/A
4618N/A <call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
5370N/A 'taskID' : '%s-nopriv' % STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
1840N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, Admin removing ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-shutdown, user adding server shutdown task'
4618N/A </message>
4618N/A
4618N/A <call function="'shutdownTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
5370N/A 'taskID' : '%s-noaci' % STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
1840N/A }
4618N/A </call>
4618N/A
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
1636N/A </sequence>
1636N/A </testcase>
4618N/A
1636N/A <!---
4618N/A Place test-specific test information here.
4618N/A The tag, TestMarker, must be the same as the tag, TestSuiteName.
4618N/A #@TestMarker Privileges Users Tests
4618N/A #@TestName server-restart
6184N/A #@TestIssue none
4618N/A #@TestPurpose server-restart privilege for normal users
4618N/A #@TestPreamble none
4618N/A #@TestStep User adds restart task, check default behavior.
4618N/A #@TestStep Admin adds privilege.
4618N/A #@TestStep User adds restart task.
4618N/A #@TestStep Admin adds write ACI.
4618N/A #@TestStep User adds restart task.
4618N/A #@TestStep Admin removes privilege.
4618N/A #@TestStep User adds restart task.
4618N/A #@TestStep Admin deletes write ACI.
4618N/A #@TestStep User adds restart task.
4618N/A #@TestPostamble none
4618N/A #@TestResult Success if OpenDS returns 50
4618N/A for steps 1, 3, 7, and 9, and 0
4618N/A for all other ldap operations.
4618N/A -->
4618N/A <testcase name="getTestCaseName('server-restart')">
4618N/A
1636N/A <sequence>
4618N/A
4618N/A <call function="'testCase_Preamble'"/>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A </message>
4618N/A
4618N/A <call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
1840N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, Admin adding privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-restart' ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A </message>
4618N/A
4618N/A <call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
1840N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, Admin adding ACI'
4618N/A </message>
4618N/A
4618N/A <script>
4618N/A search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
4618N/A </script>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'add' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A </message>
4618N/A
4618N/A <call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, Admin deleting privilege'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'attributeName' : 'ds-privilege-name' ,
4618N/A 'newAttributeValue' : 'server-restart' ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <!--
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A </message>
4618N/A
4618N/A <call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, Admin removing ACI'
4618N/A </message>
4618N/A
4618N/A <call function="'modifyAnAttribute'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
4618N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
4618N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
4618N/A 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
4618N/A 'attributeName' : 'ds-cfg-global-aci' ,
4618N/A 'newAttributeValue' : search_aci ,
4618N/A 'changetype' : 'delete' }
4618N/A </call>
4618N/A
4618N/A <message>
4618N/A 'Privileges: Users: server-restart, user adding server restart task'
4618N/A </message>
4618N/A
4618N/A <call function="'restartTask'">
4618N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
4618N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
4618N/A 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
4618N/A 'dsInstancePswd' : 'ACIRules',
4618N/A 'taskID' : STAXCurrentTestcase,
4618N/A 'expectedRC' : 50
4618N/A }
4618N/A </call>
4618N/A -->
4618N/A <call function="'testCase_Postamble'"/>
4618N/A
1636N/A </sequence>
1636N/A </testcase>
1636N/A
4618N/A </sequence>
1636N/A
4618N/A <finally>
1636N/A <sequence>
4618N/A <!-- Test Suite Cleanup -->
4618N/A <message>'Finally: Global Privileges Users Cleanup.'</message>
4618N/A <try>
4618N/A <call function="'common_cleanup'" />
4618N/A <catch exception="'STAFException'">
4618N/A <sequence>
4618N/A <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
4618N/A </sequence>
4618N/A </catch>
4618N/A <finally>
4618N/A <call function="'testSuite_Postamble'"/>
4618N/A </finally>
4618N/A </try>
1636N/A </sequence>
4618N/A </finally>
2175N/A
4618N/A </try>
1636N/A
1636N/A </block>
1636N/A
1636N/A </sequence>
1636N/A
1636N/A </function>
1636N/A
1636N/A</stax>