5541N/A<?xml version="1.0" encoding="UTF-8" standalone="no"?>
5541N/A<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
5541N/A<!--
5541N/A ! CDDL HEADER START
5541N/A !
5541N/A ! The contents of this file are subject to the terms of the
5541N/A ! Common Development and Distribution License, Version 1.0 only
5541N/A ! (the "License"). You may not use this file except in compliance
5541N/A ! with the License.
5541N/A !
5541N/A ! You can obtain a copy of the license at
5541N/A ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
5541N/A ! or http://forgerock.org/license/CDDLv1.0.html.
5541N/A ! See the License for the specific language governing permissions
5541N/A ! and limitations under the License.
5541N/A !
5541N/A ! When distributing Covered Code, include this CDDL HEADER in each
5541N/A ! file and include the License file at
5541N/A ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
5541N/A ! add the following below this CDDL HEADER, with the fields enclosed
5541N/A ! by brackets "[]" replaced with your own identifying information:
5541N/A ! Portions Copyright [yyyy] [name of copyright owner]
5541N/A !
5541N/A ! CDDL HEADER END
5541N/A !
6297N/A ! Copyright 2011-2013 ForgeRock AS
5541N/A ! -->
5541N/A<stax>
5541N/A
5541N/A <!-- Definition of Test Cases -->
5541N/A
5541N/A <!--- Test Cases : Basic : PTA -->
5562N/A
5562N/A <!--- Test Case information
5562N/A #@TestMarker Basic: PTA connection-timeout
5562N/A #@TestName Basic: PTA connection-timeout
5562N/A #@TestID basic_pta_001
5562N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5562N/A #@TestPreamble Setup PTA
5562N/A #@TestStep Configure LDAP PTA Policy using connection-timeout
5562N/A #@TestStep Read back the "authentication policy" object
5562N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5562N/A #@TestStep Search users entry as Directory Manager for operational attributes
5562N/A #@TestStep Search users entry as self
5562N/A #@TestStep Modify the users entry
5562N/A #@TestPostamble Cleanup PTA
5562N/A #@TestResult Test is successful if the result code is 0
5562N/A -->
5562N/A <function name="basic_pta_001" scope="local">
5562N/A <message>'Not implemented.'</message>
5562N/A </function>
5562N/A
5541N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon unmapped
5548N/A #@TestName Basic: PTA anon unmapped
5562N/A #@TestID basic_pta_002
5541N/A #@TestPurpose Verify user with a LDAP PTA unmapped policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5548N/A #@TestStep Enable AD backend on local server
5548N/A #@TestStep Configure LDAP PTA Policy as unmapped
5546N/A #@TestStep Read back the "authentication policy" object
5546N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5546N/A #@TestStep Search users entry as Directory Manager for operational attributes
5546N/A #@TestStep Search users entry as self
5546N/A #@TestStep Modify the users entry
5548N/A #@TestStep Disable AD backend on local server
5546N/A #@TestPostamble Cleanup PTA
5541N/A #@TestResult Test is successful if the result code is 0
5541N/A -->
5562N/A <function name="basic_pta_002" scope="local">
5548N/A <testcase name="getTestCaseName('PTA anon unmapped')">
5546N/A <sequence>
5546N/A <try>
5546N/A <sequence>
5546N/A <call function="'testCase_Preamble'"/>
5546N/A <message>
5546N/A 'Test Name = %s' % STAXCurrentTestcase
5546N/A </message>
5546N/A
5546N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Enable AD backend on local server.' }
5548N/A </call>
5548N/A
5548N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jwallace, ou=People, dc=AD,dc=com'] = ['linear',ldapPtaPolicyName]
5571N/A
5548N/A options=[]
5548N/A options.append('--backend-name "AD"')
5548N/A options.append('--set enabled:true')
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'set-backend-prop',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A options=[]
5546N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5548N/A options.append('--set mapping-policy:unmapped')
5546N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5546N/A options.append('--type ldap-pass-through')
5548N/A </script>
5548N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5548N/A }
5548N/A </call>
5548N/A
5548N/A </sequence>
5548N/A
5548N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5548N/A <message log="1" level="'fatal'">
5548N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5548N/A </message>
5548N/A </catch>
5548N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'pta_postamble2'"/>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5548N/A </finally>
5548N/A </try>
5548N/A </sequence>
5548N/A </testcase>
5548N/A </function>
5548N/A
5548N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon mapped-bind
5548N/A #@TestName Basic: PTA anon mapped-bind
5562N/A #@TestID basic_pta_003
5548N/A #@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5548N/A #@TestStep Configure LDAP PTA Policy for mapped-bind
5548N/A #@TestStep Read back the "authentication policy" object
5548N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5548N/A #@TestStep Search users entry as Directory Manager for operational attributes
5548N/A #@TestStep Search users entry as self
5548N/A #@TestStep Modify the users entry
5548N/A #@TestPostamble Cleanup PTA
5548N/A #@TestResult Test is successful if the result code is 0
5548N/A -->
5562N/A <function name="basic_pta_003" scope="local">
5548N/A <testcase name="getTestCaseName('PTA anon mapped-bind')">
5548N/A <sequence>
5548N/A <try>
5548N/A <sequence>
5548N/A <call function="'testCase_Preamble'"/>
5548N/A <message>
5548N/A 'Test Name = %s' % STAXCurrentTestcase
5548N/A </message>
5548N/A
5548N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-bind.' }
5548N/A </call>
5548N/A
5548N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jmcFarla, ou=People, o=example'] = ['walnut',ldapPtaPolicyName]
5571N/A
5548N/A options=[]
5548N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5548N/A options.append('--set mapped-attribute:seealso')
5548N/A options.append('--set mapping-policy:mapped-bind')
5548N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5548N/A options.append('--type ldap-pass-through')
5546N/A </script>
5546N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5546N/A }
5546N/A </call>
5546N/A
5546N/A </sequence>
5546N/A
5546N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5546N/A <message log="1" level="'fatal'">
5546N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5546N/A </message>
5546N/A </catch>
5546N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5546N/A </finally>
5546N/A </try>
5546N/A </sequence>
5546N/A </testcase>
5546N/A </function>
5541N/A
5541N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon mapped-search
5548N/A #@TestName Basic: PTA anon mapped-search
5562N/A #@TestID basic_pta_004
5541N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5546N/A #@TestStep Configure LDAP PTA Policy for mapped-search
5546N/A #@TestStep Read back the "authentication policy" object
5546N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5546N/A #@TestStep Search users entry as Directory Manager for operational attributes
5546N/A #@TestStep Search users entry as self
5546N/A #@TestStep Modify the users entry
5546N/A #@TestPostamble Cleanup PTA
5541N/A #@TestResult Test is successful if the result code is 0
5541N/A -->
5562N/A <function name="basic_pta_004" scope="local">
5548N/A <testcase name="getTestCaseName('PTA anon mapped-search')">
5541N/A <sequence>
5541N/A <try>
5541N/A <sequence>
5541N/A <call function="'testCase_Preamble'"/>
5541N/A <message>
5541N/A 'Test Name = %s' % STAXCurrentTestcase
5541N/A </message>
5541N/A
5546N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' }
5546N/A </call>
5546N/A
5541N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5541N/A options=[]
5541N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5541N/A options.append('--set mapped-attribute:cn')
5541N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5541N/A options.append('--set mapping-policy:mapped-search')
5541N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5541N/A options.append('--type ldap-pass-through')
5548N/A </script>
5548N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5548N/A }
5548N/A </call>
5548N/A
5548N/A </sequence>
5548N/A
5548N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5548N/A <message log="1" level="'fatal'">
5548N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5548N/A </message>
5548N/A </catch>
5548N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5548N/A </finally>
5548N/A </try>
5548N/A </sequence>
5548N/A </testcase>
5548N/A </function>
5548N/A
5548N/A <!--- Test Case information
5560N/A #@TestMarker Basic: PTA simple mapped-search
5560N/A #@TestName Basic: PTA simple mapped-search
5562N/A #@TestID basic_pta_005
5548N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5548N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
5548N/A #@TestStep Read back the "authentication policy" object
5548N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5548N/A #@TestStep Search users entry as Directory Manager for operational attributes
5548N/A #@TestStep Search users entry as self
5548N/A #@TestStep Modify the users entry
5548N/A #@TestPostamble Cleanup PTA
5548N/A #@TestResult Test is successful if the result code is 0
5548N/A -->
5562N/A <function name="basic_pta_005" scope="local">
5548N/A <testcase name="getTestCaseName('PTA simple mapped-search-bind')">
5548N/A <sequence>
5548N/A <try>
5548N/A <sequence>
5548N/A <call function="'testCase_Preamble'"/>
5548N/A <message>
5548N/A 'Test Name = %s' % STAXCurrentTestcase
5548N/A </message>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
5548N/A </call>
5548N/A
5548N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5548N/A options=[]
5548N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5548N/A options.append('--set mapped-attribute:cn')
5548N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5548N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5548N/A options.append('--set mapped-search-bind-password:secret12')
5548N/A options.append('--set mapping-policy:mapped-search')
5548N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5548N/A options.append('--type ldap-pass-through')
5541N/A </script>
5541N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5546N/A }
5541N/A </call>
5541N/A
5541N/A </sequence>
5541N/A
5541N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5541N/A <message log="1" level="'fatal'">
5541N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5541N/A </message>
5541N/A </catch>
5541N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5541N/A </finally>
5541N/A </try>
5541N/A </sequence>
5541N/A </testcase>
5541N/A </function>
5551N/A
5551N/A <!--- Test Case information
5562N/A #@TestMarker Basic: PTA mapped-search-bind-password-env-variable
5562N/A #@TestName Basic: PTA mapped-search-bind-password-env-variable
5562N/A #@TestID basic_pta_006
5562N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5562N/A #@TestPreamble Setup PTA
5562N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind-password-environment-variable
5562N/A #@TestStep Read back the "authentication policy" object
5562N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5562N/A #@TestStep Search users entry as Directory Manager for operational attributes
5562N/A #@TestStep Search users entry as self
5562N/A #@TestStep Modify the users entry
5562N/A #@TestPostamble Cleanup PTA
5562N/A #@TestResult Test is successful if the result code is 0
5562N/A -->
5562N/A <function name="basic_pta_006" scope="local">
5562N/A <message>'Not implemented.'</message>
5562N/A </function>
5562N/A
5562N/A <!--- Test Case information
5562N/A #@TestMarker Basic: PTA mapped-search-bind-password-file
5562N/A #@TestName Basic: PTA mapped-search-bind-password-file
5562N/A #@TestID basic_pta_007
5562N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5562N/A #@TestPreamble Setup PTA
5562N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind-password-file
5562N/A #@TestStep Read back the "authentication policy" object
5562N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5562N/A #@TestStep Search users entry as Directory Manager for operational attributes
5562N/A #@TestStep Search users entry as self
5562N/A #@TestStep Modify the users entry
5562N/A #@TestPostamble Cleanup PTA
5562N/A #@TestResult Test is successful if the result code is 0
5562N/A -->
5562N/A <function name="basic_pta_007" scope="local">
5562N/A <testcase name="getTestCaseName('PTA mapped-search-bind-password-file')">
5562N/A <sequence>
5562N/A <try>
5562N/A <sequence>
5562N/A <call function="'testCase_Preamble'"/>
5562N/A <message>
5562N/A 'Test Name = %s' % STAXCurrentTestcase
5562N/A </message>
5562N/A
5562N/A <call function="'testStep'">
5562N/A { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind-password-file.' }
5562N/A </call>
5562N/A
5562N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5562N/A options=[]
5562N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5562N/A options.append('--set mapped-attribute:cn')
5562N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5562N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5562N/A options.append('--set mapped-search-bind-password-file:%s' % remotePTAuserPswdFile)
5562N/A options.append('--set mapping-policy:mapped-search')
5562N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5562N/A options.append('--type ldap-pass-through')
5562N/A </script>
5562N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5562N/A }
5562N/A </call>
5562N/A
5562N/A </sequence>
5562N/A
5562N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5562N/A <message log="1" level="'fatal'">
5562N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5562N/A </message>
5562N/A </catch>
5562N/A <finally>
5562N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5562N/A <call function="'testCase_Postamble'"/>
5562N/A </sequence>
5562N/A </finally>
5562N/A </try>
5562N/A </sequence>
5562N/A </testcase>
5562N/A </function>
5562N/A
5562N/A <!--- Test Case information
5562N/A #@TestMarker Basic: PTA mapped-search-bind-password-property
5562N/A #@TestName Basic: PTA mapped-search-bind-password-property
5562N/A #@TestID basic_pta_008
5562N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5562N/A #@TestPreamble Setup PTA
5562N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind-password-property
5562N/A #@TestStep Read back the "authentication policy" object
5562N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5562N/A #@TestStep Search users entry as Directory Manager for operational attributes
5562N/A #@TestStep Search users entry as self
5562N/A #@TestStep Modify the users entry
5562N/A #@TestPostamble Cleanup PTA
5562N/A #@TestResult Test is successful if the result code is 0
5562N/A -->
5562N/A <function name="basic_pta_008" scope="local">
5562N/A <message>'Not implemented.'</message>
5562N/A </function>
5562N/A
5562N/A <!--- Test Case information
5551N/A #@TestMarker Basic: PTA anon mapped-search use-ssl
5551N/A #@TestName Basic: PTA anon mapped-search use-ssl
5562N/A #@TestID basic_pta_009
5551N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5551N/A #@TestPreamble Setup PTA
5551N/A #@TestStep Configure LDAP PTA Policy for mapped-search
5551N/A #@TestStep Read back the "authentication policy" object
5551N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5551N/A #@TestStep Search users entry as Directory Manager for operational attributes
5551N/A #@TestStep Search users entry as self
5551N/A #@TestStep Modify the users entry
5551N/A #@TestPostamble Cleanup PTA
5551N/A #@TestResult Test is successful if the result code is 0
5551N/A -->
5562N/A <function name="basic_pta_009" scope="local">
5551N/A <testcase name="getTestCaseName('PTA anon mapped-search use-ssl')">
5551N/A <sequence>
5551N/A <try>
5551N/A <sequence>
5551N/A <call function="'testCase_Preamble'"/>
5551N/A <message>
5551N/A 'Test Name = %s' % STAXCurrentTestcase
5551N/A </message>
5551N/A
5551N/A <call function="'testStep'">
5551N/A { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
5551N/A </call>
5551N/A
5571N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5551N/A options=[]
5551N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
5551N/A options.append('--set mapped-attribute:cn')
5551N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5551N/A options.append('--set mapping-policy:mapped-search')
5551N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
5551N/A options.append('--set trust-manager-provider:JKS')
5551N/A options.append('--set use-ssl:true')
5551N/A options.append('--type ldap-pass-through')
5551N/A </script>
5551N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5551N/A }
5551N/A </call>
5541N/A
5551N/A </sequence>
5551N/A
5551N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5551N/A <message log="1" level="'fatal'">
5551N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5551N/A </message>
5551N/A </catch>
5551N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5551N/A </finally>
5551N/A </try>
5551N/A </sequence>
5551N/A </testcase>
5551N/A </function>
5551N/A
5551N/A <!--- Test Case information
5551N/A #@TestMarker Basic: PTA simple mapped-search use-ssl
5551N/A #@TestName Basic: PTA simple mapped-search use-ssl
5562N/A #@TestID basic_pta_010
5551N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5551N/A #@TestPreamble Setup PTA
5551N/A #@TestStep Configure LDAP PTA Policy for mapped-search
5551N/A #@TestStep Read back the "authentication policy" object
5551N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5551N/A #@TestStep Search users entry as Directory Manager for operational attributes
5551N/A #@TestStep Search users entry as self
5551N/A #@TestStep Modify the users entry
5551N/A #@TestPostamble Cleanup PTA
5551N/A #@TestResult Test is successful if the result code is 0
5551N/A -->
5562N/A <function name="basic_pta_010" scope="local">
5551N/A <testcase name="getTestCaseName('PTA simple mapped-search use-ssl')">
5551N/A <sequence>
5551N/A <try>
5551N/A <sequence>
5551N/A <call function="'testCase_Preamble'"/>
5551N/A <message>
5551N/A 'Test Name = %s' % STAXCurrentTestcase
5551N/A </message>
5551N/A
5551N/A <call function="'testStep'">
5551N/A { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
5551N/A </call>
5551N/A
5551N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5551N/A options=[]
5551N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
5551N/A options.append('--set mapped-attribute:cn')
5551N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5551N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5551N/A options.append('--set mapped-search-bind-password:secret12')
5551N/A options.append('--set mapping-policy:mapped-search')
5551N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
5551N/A options.append('--set trust-manager-provider:JKS')
5551N/A options.append('--set use-ssl:true')
5551N/A options.append('--type ldap-pass-through')
5551N/A </script>
5551N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5551N/A }
5551N/A </call>
5560N/A
5560N/A </sequence>
5560N/A
5560N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5560N/A <message log="1" level="'fatal'">
5560N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5560N/A </message>
5560N/A </catch>
5560N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5560N/A </finally>
5560N/A </try>
5560N/A </sequence>
5560N/A </testcase>
5560N/A </function>
5560N/A
5560N/A <!--- Test Case information
5571N/A #@TestMarker Basic: PTA simple failover
5571N/A #@TestName Basic: PTA simple failover
5562N/A #@TestID basic_pta_011
5560N/A #@TestPurpose Verify user with a LDAP PTA policy can failover to secondary server
5560N/A #@TestPreamble Setup PTA
5560N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
5560N/A #@TestStep Read back the "authentication policy" object
5561N/A #@TestStep Add ds-pwp-password-policy-dn to users entries
5561N/A #@TestStep Search users entries as Directory Manager for ds-pwp-password-policy-dn
5561N/A #@TestStep First search users entries as self
5560N/A #@TestStep Stop the primary remote ldap server
5561N/A #@TestStep Second search users entries as self.
5561N/A #@TestStep Modify the users entries
5560N/A #@TestStep Restart the primary remote ldap server
5561N/A #@TestStep Wait for monitor heartbeat to primary remote ldap server
5561N/A #@TestStep Third search users entries as self
5561N/A #@TestStep Stop the secondary remote ldap server.
5561N/A #@TestStep Fourth search users entries as self
5560N/A #@TestPostamble Cleanup PTA
5560N/A #@TestResult Test is successful if the result code is 0
5560N/A -->
5562N/A <function name="basic_pta_011" scope="local">
5562N/A <testcase name="getTestCaseName('PTA simple failover')">
5561N/A <sequence>
5560N/A <try>
5560N/A <sequence>
5560N/A <call function="'testCase_Preamble'"/>
5560N/A <message>
5560N/A 'Test Name = %s' % STAXCurrentTestcase
5560N/A </message>
5551N/A
5551N/A <call function="'testStep'">
5560N/A { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
5551N/A </call>
5551N/A
5551N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5560N/A options=[]
5560N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5560N/A options.append('--set mapped-attribute:cn')
5560N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5560N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5560N/A options.append('--set mapped-search-bind-password:secret12')
5560N/A options.append('--set mapping-policy:mapped-search')
5560N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5560N/A options.append('--type ldap-pass-through')
5551N/A </script>
5551N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5560N/A }
5560N/A </call>
5560N/A
5571N/A <call function="'pta_test_body2'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5560N/A </call>
5560N/A
5551N/A </sequence>
5551N/A
5551N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5551N/A <message log="1" level="'fatal'">
5551N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5551N/A </message>
5551N/A </catch>
5551N/A <finally>
5560N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5560N/A <call function="'testCase_Postamble'"/>
5560N/A </sequence>
5551N/A </finally>
5551N/A </try>
5551N/A </sequence>
5551N/A </testcase>
5551N/A </function>
5560N/A
5560N/A <!--- Test Case information
5560N/A #@TestMarker Basic: PTA failover use-ssl
5560N/A #@TestName Basic: PTA failover use-ssl
5562N/A #@TestID basic_pta_012
5560N/A #@TestPurpose Verify user with a LDAP PTA policy can failover to secondary server
5560N/A #@TestPreamble Setup PTA
5560N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials over ssl
5560N/A #@TestStep Read back the "authentication policy" object
5561N/A #@TestStep Add ds-pwp-password-policy-dn to users entries
5561N/A #@TestStep Search users entries as Directory Manager for ds-pwp-password-policy-dn
5561N/A #@TestStep First search users entries as self
5560N/A #@TestStep Stop the primary remote ldap server
5561N/A #@TestStep Second search users entries as self.
5561N/A #@TestStep Modify the users entries
5560N/A #@TestStep Restart the primary remote ldap server
5561N/A #@TestStep Wait for monitor heartbeat to primary remote ldap server
5561N/A #@TestStep Third search users entries as self
5561N/A #@TestStep Stop the secondary remote ldap server.
5561N/A #@TestStep Fourth search users entries as self
5560N/A #@TestPostamble Cleanup PTA
5560N/A #@TestResult Test is successful if the result code is 0
5560N/A -->
5562N/A <function name="basic_pta_012" scope="local">
5562N/A <testcase name="getTestCaseName('PTA simple failover use-ssl')">
5561N/A <sequence>
5560N/A <try>
5560N/A <sequence>
5560N/A <call function="'testCase_Preamble'"/>
5560N/A <message>
5560N/A 'Test Name = %s' % STAXCurrentTestcase
5560N/A </message>
5560N/A
5560N/A <call function="'testStep'">
5561N/A { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials over ssl.' }
5560N/A </call>
5560N/A
5560N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
5571N/A
5560N/A options=[]
5560N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
5560N/A options.append('--set mapped-attribute:cn')
5560N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5560N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5560N/A options.append('--set mapped-search-bind-password:secret12')
5560N/A options.append('--set mapping-policy:mapped-search')
5560N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
5560N/A options.append('--set trust-manager-provider:JKS')
5560N/A options.append('--set use-ssl:true')
5560N/A options.append('--type ldap-pass-through')
5560N/A </script>
5560N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5560N/A }
5560N/A </call>
5560N/A
5571N/A <call function="'pta_test_body2'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5560N/A </call>
5571N/A
5571N/A </sequence>
5571N/A
5571N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5571N/A <message log="1" level="'fatal'">
5571N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5571N/A </message>
5571N/A </catch>
5571N/A <finally>
5571N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5571N/A <call function="'testCase_Postamble'"/>
5571N/A </sequence>
5571N/A </finally>
5571N/A </try>
5571N/A </sequence>
5571N/A </testcase>
5571N/A </function>
5560N/A
5571N/A <!--- Test Case information
5571N/A #@TestMarker Basic: PTA multiple auth policies
5571N/A #@TestName Basic: PTA multiple auth policies
5571N/A #@TestID basic_pta_013
5571N/A #@TestPurpose Verify multiple LDAP PTA policies
5571N/A #@TestPreamble Setup PTA
5571N/A #@TestStep Configure n LDAP PTA policies using mapped-search-bind credentials
5571N/A #@TestStep Read back each "authentication policy" object
5571N/A #@TestStep Add ds-pwp-password-policy-dn to users entries
5571N/A #@TestStep Search users entries as Directory Manager for ds-pwp-password-policy-dn
5571N/A #@TestStep Search users entries as self
5571N/A #@TestStep Modify the users entries
5571N/A #@TestPostamble Cleanup PTA
5571N/A #@TestResult Test is successful if the result code is 0
5571N/A -->
5571N/A <function name="basic_pta_013" scope="local">
5571N/A <testcase name="getTestCaseName('PTA multiple auth policies')">
5571N/A <sequence>
5571N/A <try>
5571N/A <sequence>
5571N/A <call function="'testCase_Preamble'"/>
5571N/A <message>
5571N/A 'Test Name = %s' % STAXCurrentTestcase
5571N/A </message>
5571N/A
5571N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'Configure LDAP PTA Policies using mapped-search-bind.' }
5560N/A </call>
5561N/A
5561N/A <script>
5571N/A userDNsAndPswds={}
5571N/A userDNsAndPswds['uid=jvedder, %s' % remotePTAuserSuffix] = ['befitting','LDAP PTA 0']
5571N/A userDNsAndPswds['uid=tmorris, %s' % remotePTAuserSuffix] = ['irrefutable','LDAP PTA 1']
5571N/A userDNsAndPswds['uid=ealexand, %s' % remotePTAuserSuffix] = ['galactose','LDAP PTA 2']
5571N/A userDNsAndPswds['uid=tjames, %s' % remotePTAuserSuffix] = ['turtle','LDAP PTA 3']
5571N/A userDNsAndPswds['uid=alangdon, %s' % remotePTAuserSuffix] = ['muzzle','LDAP PTA 4']
5571N/A userDNsAndPswds['uid=pchassin, %s' % remotePTAuserSuffix] = ['barbital','LDAP PTA 5']
5571N/A userDNsAndPswds['uid=aknutson, %s' % remotePTAuserSuffix] = ['maltose','LDAP PTA 6']
5571N/A userDNsAndPswds['uid=pworrell, %s' % remotePTAuserSuffix] = ['solicitous','LDAP PTA 7']
5571N/A userDNsAndPswds['uid=mtalbot, %s' % remotePTAuserSuffix] = ['currant','LDAP PTA 8']
5571N/A userDNsAndPswds['uid=bwalker, %s' % remotePTAuserSuffix] = ['interruptible','LDAP PTA 9']
5561N/A
5571N/A options=[]
5571N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5571N/A options.append('--set mapped-attribute:cn')
5571N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5571N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5571N/A options.append('--set mapped-search-bind-password:secret12')
5571N/A options.append('--set mapping-policy:mapped-search')
5571N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5571N/A options.append('--type ldap-pass-through')
5571N/A </script>
5571N/A
5571N/A <call function="'pta_test_body1'">
5571N/A { 'userNamePswd' : userDNsAndPswds ,
5571N/A 'dsconfigAuthPolicy' : options
5560N/A }
5560N/A </call>
5571N/A
5571N/A </sequence>
5571N/A
5571N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5571N/A <message log="1" level="'fatal'">
5571N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5571N/A </message>
5571N/A </catch>
5571N/A <finally>
5571N/A <sequence>
5571N/A <call function="'pta_postamble1'">
5571N/A { 'userNamePswd' : userDNsAndPswds }
5571N/A </call>
5571N/A <call function="'testCase_Postamble'"/>
5571N/A </sequence>
5571N/A </finally>
5571N/A </try>
5571N/A </sequence>
5571N/A </testcase>
5571N/A </function>
5560N/A
5908N/A <!--- Test Case information
5908N/A #@TestMarker Basic: PTA use cache
5908N/A #@TestName Basic: PTA use cache
5908N/A #@TestID basic_pta_014
5908N/A #@TestPurpose Verify PTA cache mechanism used when use password cache enabled
5908N/A #@TestPreamble Setup PTA
5908N/A #@TestStep Configure LDAP PTA Policy use cache true and cached password storage scheme Clear
5908N/A #@TestStep Read back the "authentication policy" object
5908N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5908N/A #@TestStep Search users entry as Directory Manager for operational attributes
5908N/A #@TestStep Search users entry as self
5908N/A #@TestStep Modify the users entry
5908N/A #@TestPostamble Cleanup PTA
5908N/A #@TestResult Test is successful if the result code is 0
5908N/A -->
5908N/A <function name="basic_pta_014" scope="local">
5908N/A <testcase name="getTestCaseName('PTA use cache')">
5908N/A <sequence>
5908N/A <try>
5908N/A <sequence>
5908N/A <call function="'testCase_Preamble'"/>
5908N/A <message>
5908N/A 'Test Name = %s' % STAXCurrentTestcase
5908N/A </message>
5908N/A
5908N/A <script>
5908N/A userDNsAndPswds={}
5908N/A userDNsAndPswds['uid=jwallace, ou=People, dc=AD,dc=com'] = ['linear',ldapPtaPolicyName]
5908N/A
5908N/A options=[]
5908N/A options.append('--backend-name "AD"')
5908N/A options.append('--set enabled:true')
5908N/A dsconfigOptions=' '.join(options)
5908N/A </script>
5908N/A
5908N/A <call function="'dsconfig'">
5908N/A { 'location' : local_ldap_server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (local_ldap_server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5908N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5908N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5908N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5908N/A 'subcommand' : 'set-backend-prop',
5908N/A 'optionsString' : dsconfigOptions
5908N/A }
5908N/A </call>
5908N/A
5908N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'Configure LDAP PTA Policy to use password caching.' }
5908N/A </call>
5908N/A
5908N/A <script>
5908N/A options=[]
5908N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5908N/A options.append('--set mapping-policy:unmapped')
5908N/A options.append('--set cached-password-storage-scheme:Clear')
5908N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5908N/A options.append('--set use-password-caching:true')
5908N/A options.append('--type ldap-pass-through')
5908N/A </script>
5908N/A
5908N/A <call function="'pta_test_body1'">
5908N/A { 'userNamePswd' : userDNsAndPswds ,
5908N/A 'dsconfigAuthPolicy' : options
5908N/A }
5908N/A </call>
5908N/A
5908N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'Change password on remote servers.' }
5908N/A </call>
5908N/A
5908N/A <iterate var="server"
5908N/A in="_topologyServerList"
5908N/A indexvar="whoami">
5908N/A <sequence>
5908N/A <if expr="whoami == local_ldap">
5908N/A <sequence>
5908N/A <message>
5908N/A 'Server is local: do nothing'
5908N/A </message>
5908N/A </sequence>
5908N/A <else>
5908N/A <sequence>
5908N/A <message>
5908N/A 'remote-ldap-server %s:%s' \
5908N/A % (server.getHostname(),server.getPort())
5908N/A </message>
5908N/A
5908N/A <iterate var="remotePTAuserName"
5908N/A in="userNamePswd.keys()"
5908N/A indexvar="usernum">
5908N/A
5908N/A <sequence>
5908N/A
5908N/A <script>
5908N/A ldapObject=[]
5908N/A ldapObject.append('userPassword:secret12')
5908N/A </script>
5908N/A
5908N/A <call function="'modifyAnAttribute'">
5908N/A { 'location' : server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : server.getHostname() ,
5908N/A 'dsInstancePort' : server.getPort(),
5908N/A 'dsInstanceDn' : server.getRootDn(),
5908N/A 'dsInstancePswd' : server.getRootPwd(),
5908N/A 'DNToModify' : remotePTAuserName ,
5908N/A 'listAttributes' : ldapObject ,
5908N/A 'changetype' : 'replace'
5908N/A }
5908N/A </call>
5908N/A
5908N/A </sequence>
5908N/A
5908N/A </iterate>
5908N/A
5908N/A </sequence>
5908N/A </else>
5908N/A </if>
5908N/A </sequence>
5908N/A </iterate>
5908N/A
5908N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'User logs in with old password - should succeed.' }
5908N/A </call>
5908N/A
5908N/A <iterate var="remotePTAuserName"
5908N/A in="userNamePswd.keys()"
5908N/A indexvar="usernum">
5908N/A
5908N/A <call function="'ldapSearchWithScript'">
5908N/A { 'location' : local_ldap_server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (local_ldap_server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5908N/A 'dsInstancePort' : local_ldap_server.getPort(),
5908N/A 'dsInstanceDn' : remotePTAuserName,
5908N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5908N/A 'dsBaseDN' : remotePTAuserName ,
5908N/A 'dsFilter' : 'objectclass=*'
5908N/A }
5908N/A </call>
5908N/A
5908N/A </iterate>
5908N/A
5908N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'User logs in with new password - should succeed and password cache/date refreshed.' }
5908N/A </call>
5908N/A
5908N/A <iterate var="remotePTAuserName"
5908N/A in="userNamePswd.keys()"
5908N/A indexvar="usernum">
5908N/A
5908N/A <call function="'ldapSearchWithScript'">
5908N/A { 'location' : local_ldap_server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (local_ldap_server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5908N/A 'dsInstancePort' : local_ldap_server.getPort(),
5908N/A 'dsInstanceDn' : remotePTAuserName,
5908N/A 'dsInstancePswd' : 'secret12' ,
5908N/A 'dsBaseDN' : remotePTAuserName ,
5908N/A 'dsFilter' : 'objectclass=*',
5908N/A 'dsAttributes' : '* +'
5908N/A }
5908N/A </call>
5908N/A
5908N/A </iterate>
5908N/A
5908N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'User logs in with old password - should fail.' }
5908N/A </call>
5908N/A
5908N/A <iterate var="remotePTAuserName"
5908N/A in="userNamePswd.keys()"
5908N/A indexvar="usernum">
5908N/A
5908N/A <call function="'ldapSearchWithScript'">
5908N/A { 'location' : local_ldap_server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (local_ldap_server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5908N/A 'dsInstancePort' : local_ldap_server.getPort(),
5908N/A 'dsInstanceDn' : remotePTAuserName,
5908N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5908N/A 'dsBaseDN' : remotePTAuserName ,
5908N/A 'dsFilter' : 'objectclass=*',
5908N/A 'dsAttributes' : '* +',
5908N/A 'expectedRC' : 49
5908N/A }
5908N/A </call>
5908N/A
5908N/A </iterate>
5908N/A
5908N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'Change back this users password.' }
5908N/A </call>
5908N/A
5908N/A <iterate var="server"
5908N/A in="_topologyServerList"
5908N/A indexvar="whoami">
5908N/A <sequence>
5908N/A <if expr="whoami == local_ldap">
5908N/A <sequence>
5908N/A <message>
5908N/A 'Server is local: do nothing'
5908N/A </message>
5908N/A </sequence>
5908N/A <else>
5908N/A <sequence>
5908N/A <message>
5908N/A 'remote-ldap-server %s:%s' \
5908N/A % (server.getHostname(),server.getPort())
5908N/A </message>
5908N/A
5908N/A <iterate var="remotePTAuserName"
5908N/A in="userNamePswd.keys()"
5908N/A indexvar="usernum">
5908N/A
5908N/A <sequence>
5908N/A
5908N/A <script>
5908N/A ldapObject=[]
5908N/A ldapObject.append('userPassword:%s' % userNamePswd[remotePTAuserName][0])
5908N/A </script>
5908N/A
5908N/A <call function="'modifyAnAttribute'">
5908N/A { 'location' : server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : server.getHostname() ,
5908N/A 'dsInstancePort' : server.getPort(),
5908N/A 'dsInstanceDn' : server.getRootDn(),
5908N/A 'dsInstancePswd' : server.getRootPwd(),
5908N/A 'DNToModify' : remotePTAuserName ,
5908N/A 'listAttributes' : ldapObject ,
5908N/A 'changetype' : 'replace'
5908N/A }
5908N/A </call>
5908N/A
5908N/A </sequence>
5908N/A
5908N/A </iterate>
5908N/A
5908N/A </sequence>
5908N/A </else>
5908N/A </if>
5908N/A </sequence>
5908N/A </iterate>
5908N/A
5908N/A </sequence>
5908N/A
5908N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5908N/A <message log="1" level="'fatal'">
5908N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5908N/A </message>
5908N/A </catch>
5908N/A <finally>
5908N/A <sequence>
5908N/A <call function="'pta_postamble1'">
5908N/A { 'userNamePswd' : userDNsAndPswds }
5908N/A </call>
5908N/A <call function="'pta_postamble2'"/>
5908N/A <call function="'testCase_Postamble'"/>
5908N/A </sequence>
5908N/A </finally>
5908N/A </try>
5908N/A </sequence>
5908N/A </testcase>
5908N/A </function>
5908N/A
5908N/A <!--- Test Case information
5908N/A #@TestMarker Basic: PTA cached-password-ttl
5908N/A #@TestName Basic: PTA cached-password-ttl
5908N/A #@TestID basic_pta_015
5908N/A #@TestPurpose Verify PTA cached password time to live when use cache password enabled
5908N/A #@TestPreamble Setup PTA
5908N/A #@TestStep Configure LDAP PTA Policy using connection-timeout
5908N/A #@TestStep Read back the "authentication policy" object
5908N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5908N/A #@TestStep Search users entry as Directory Manager for operational attributes
5908N/A #@TestStep Search users entry as self
5908N/A #@TestStep Modify the users entry
5908N/A #@TestPostamble Cleanup PTA
5908N/A #@TestResult Test is successful if the result code is 0
5908N/A -->
5908N/A <function name="basic_pta_015" scope="local">
5909N/A <testcase name="getTestCaseName('PTA cached password ttl')">
5909N/A <sequence>
5909N/A <try>
5909N/A <sequence>
5909N/A <call function="'testCase_Preamble'"/>
5909N/A <message>
5909N/A 'Test Name = %s' % STAXCurrentTestcase
5909N/A </message>
5909N/A
6297N/A <if expr="not is_windows_platform(STAF_REMOTE_HOSTNAME)">
6297N/A <!-- Unix -->
6297N/A <script>
6297N/A ttl = 10
6297N/A </script>
6297N/A <else>
6297N/A <!-- Windows -->
6297N/A <script>
6297N/A ttl = 30
6297N/A </script>
6297N/A </else>
6297N/A </if>
6297N/A
5909N/A <script>
5909N/A userDNsAndPswds={}
5909N/A userDNsAndPswds['uid=jwallace, ou=People, dc=AD,dc=com'] = ['linear',ldapPtaPolicyName]
5909N/A
5909N/A options=[]
5909N/A options.append('--backend-name "AD"')
5909N/A options.append('--set enabled:true')
5909N/A dsconfigOptions=' '.join(options)
5909N/A </script>
5909N/A
5909N/A <call function="'dsconfig'">
5909N/A { 'location' : local_ldap_server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (local_ldap_server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5909N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5909N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5909N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5909N/A 'subcommand' : 'set-backend-prop',
5909N/A 'optionsString' : dsconfigOptions
5909N/A }
5909N/A </call>
5909N/A
5909N/A <call function="'testStep'">
6297N/A { 'stepMessage' : 'Configure LDAP PTA Policy to use password caching with short ttl (%ss).' % ttl }
5909N/A </call>
5909N/A
5909N/A <script>
5909N/A options=[]
5909N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5909N/A options.append('--set mapping-policy:unmapped')
5909N/A options.append('--set cached-password-storage-scheme:Clear')
6297N/A options.append('--set cached-password-ttl:%ss' % ttl)
5909N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5909N/A options.append('--set use-password-caching:true')
5909N/A options.append('--type ldap-pass-through')
5909N/A </script>
5909N/A
5909N/A <call function="'pta_test_body1'">
5909N/A { 'userNamePswd' : userDNsAndPswds ,
5909N/A 'dsconfigAuthPolicy' : options
5909N/A }
5909N/A </call>
5909N/A
5909N/A <call function="'testStep'">
5909N/A { 'stepMessage' : 'Change password on remote servers.' }
5909N/A </call>
5909N/A
5909N/A <iterate var="server"
5909N/A in="_topologyServerList"
5909N/A indexvar="whoami">
5909N/A <sequence>
5909N/A <if expr="whoami == local_ldap">
5909N/A <sequence>
5909N/A <message>
5909N/A 'Server is local: do nothing'
5909N/A </message>
5909N/A </sequence>
5909N/A <else>
5909N/A <sequence>
5909N/A <message>
5909N/A 'remote-ldap-server %s:%s' \
5909N/A % (server.getHostname(),server.getPort())
5909N/A </message>
5909N/A
5909N/A <iterate var="remotePTAuserName"
5909N/A in="userNamePswd.keys()"
5909N/A indexvar="usernum">
5909N/A
5909N/A <sequence>
5909N/A
5909N/A <script>
5909N/A ldapObject=[]
5909N/A ldapObject.append('userPassword:secret12')
5909N/A </script>
5909N/A
5909N/A <call function="'modifyAnAttribute'">
5909N/A { 'location' : server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : server.getHostname() ,
5909N/A 'dsInstancePort' : server.getPort(),
5909N/A 'dsInstanceDn' : server.getRootDn(),
5909N/A 'dsInstancePswd' : server.getRootPwd(),
5909N/A 'DNToModify' : remotePTAuserName ,
5909N/A 'listAttributes' : ldapObject ,
5909N/A 'changetype' : 'replace'
5909N/A }
5909N/A </call>
5909N/A
5909N/A </sequence>
5909N/A
5909N/A </iterate>
5909N/A
5909N/A </sequence>
5909N/A </else>
5909N/A </if>
5909N/A </sequence>
5909N/A </iterate>
5909N/A
5909N/A <call function="'testStep'">
5909N/A { 'stepMessage' : 'User logs in with old password - should succeed.' }
5909N/A </call>
5909N/A
5909N/A <iterate var="remotePTAuserName"
5909N/A in="userNamePswd.keys()"
5909N/A indexvar="usernum">
5909N/A
5909N/A <call function="'ldapSearchWithScript'">
5909N/A { 'location' : local_ldap_server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (local_ldap_server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5909N/A 'dsInstancePort' : local_ldap_server.getPort(),
5909N/A 'dsInstanceDn' : remotePTAuserName,
5909N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5909N/A 'dsBaseDN' : remotePTAuserName ,
5909N/A 'dsFilter' : 'objectclass=*' ,
5909N/A 'dsAttributes' : '* +'
5909N/A }
5909N/A </call>
5909N/A
5909N/A </iterate>
5909N/A
5909N/A <call function="'testStep'">
6297N/A { 'stepMessage' : 'Waiting %ss for password ttl to expire.' % ttl }
5909N/A </call>
5909N/A
5909N/A <call function="'Sleep'">
6297N/A { 'sleepForMilliSeconds' : ttl*1000 }
5909N/A </call>
5909N/A
5909N/A <call function="'testStep'">
5909N/A { 'stepMessage' : 'User logs in with old password after ttl - should now fail.' }
5909N/A </call>
5909N/A
5909N/A <iterate var="remotePTAuserName"
5909N/A in="userNamePswd.keys()"
5909N/A indexvar="usernum">
5909N/A
5909N/A <call function="'ldapSearchWithScript'">
5909N/A { 'location' : local_ldap_server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (local_ldap_server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5909N/A 'dsInstancePort' : local_ldap_server.getPort(),
5909N/A 'dsInstanceDn' : remotePTAuserName,
5909N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5909N/A 'dsBaseDN' : remotePTAuserName ,
5909N/A 'dsFilter' : 'objectclass=*' ,
5909N/A 'expectedRC' : 49
5909N/A }
5909N/A </call>
5909N/A
5909N/A </iterate>
5909N/A
5909N/A
5909N/A <call function="'testStep'">
5909N/A { 'stepMessage' : 'User logs in with new password - should succeed and password cache/date refreshed.' }
5909N/A </call>
5909N/A
5909N/A <iterate var="remotePTAuserName"
5909N/A in="userNamePswd.keys()"
5909N/A indexvar="usernum">
5909N/A
5909N/A <call function="'ldapSearchWithScript'">
5909N/A { 'location' : local_ldap_server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (local_ldap_server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5909N/A 'dsInstancePort' : local_ldap_server.getPort(),
5909N/A 'dsInstanceDn' : remotePTAuserName,
5909N/A 'dsInstancePswd' : 'secret12' ,
5909N/A 'dsBaseDN' : remotePTAuserName ,
5909N/A 'dsFilter' : 'objectclass=*',
5909N/A 'dsAttributes' : '* +'
5909N/A }
5909N/A </call>
5909N/A
5909N/A </iterate>
5909N/A
5909N/A <call function="'testStep'">
5909N/A { 'stepMessage' : 'User logs in with old password - should fail.' }
5909N/A </call>
5909N/A
5909N/A <iterate var="remotePTAuserName"
5909N/A in="userNamePswd.keys()"
5909N/A indexvar="usernum">
5909N/A
5909N/A <call function="'ldapSearchWithScript'">
5909N/A { 'location' : local_ldap_server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (local_ldap_server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5909N/A 'dsInstancePort' : local_ldap_server.getPort(),
5909N/A 'dsInstanceDn' : remotePTAuserName,
5909N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5909N/A 'dsBaseDN' : remotePTAuserName ,
5909N/A 'dsFilter' : 'objectclass=*',
5909N/A 'dsAttributes' : '* +',
5909N/A 'expectedRC' : 49
5909N/A }
5909N/A </call>
5909N/A
5909N/A </iterate>
5909N/A
5909N/A <call function="'testStep'">
5909N/A { 'stepMessage' : 'Change back this users password.' }
5909N/A </call>
5909N/A
5909N/A <iterate var="server"
5909N/A in="_topologyServerList"
5909N/A indexvar="whoami">
5909N/A <sequence>
5909N/A <if expr="whoami == local_ldap">
5909N/A <sequence>
5909N/A <message>
5909N/A 'Server is local: do nothing'
5909N/A </message>
5909N/A </sequence>
5909N/A <else>
5909N/A <sequence>
5909N/A <message>
5909N/A 'remote-ldap-server %s:%s' \
5909N/A % (server.getHostname(),server.getPort())
5909N/A </message>
5909N/A
5909N/A <iterate var="remotePTAuserName"
5909N/A in="userNamePswd.keys()"
5909N/A indexvar="usernum">
5909N/A
5909N/A <sequence>
5909N/A
5909N/A <script>
5909N/A ldapObject=[]
5909N/A ldapObject.append('userPassword:%s' % userNamePswd[remotePTAuserName][0])
5909N/A </script>
5909N/A
5909N/A <call function="'modifyAnAttribute'">
5909N/A { 'location' : server.getHostname(),
5909N/A 'dsPath' : '%s/%s' \
5909N/A % (server.getDir(),OPENDSNAME),
5909N/A 'dsInstanceHost' : server.getHostname() ,
5909N/A 'dsInstancePort' : server.getPort(),
5909N/A 'dsInstanceDn' : server.getRootDn(),
5909N/A 'dsInstancePswd' : server.getRootPwd(),
5909N/A 'DNToModify' : remotePTAuserName ,
5909N/A 'listAttributes' : ldapObject ,
5909N/A 'changetype' : 'replace'
5909N/A }
5909N/A </call>
5909N/A
5909N/A </sequence>
5909N/A
5909N/A </iterate>
5909N/A
5909N/A </sequence>
5909N/A </else>
5909N/A </if>
5909N/A </sequence>
5909N/A </iterate>
5909N/A
5909N/A </sequence>
5909N/A
5909N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5909N/A <message log="1" level="'fatal'">
5909N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5909N/A </message>
5909N/A </catch>
5909N/A <finally>
5909N/A <sequence>
5909N/A <call function="'pta_postamble1'">
5909N/A { 'userNamePswd' : userDNsAndPswds }
5909N/A </call>
5909N/A <call function="'pta_postamble2'"/>
5909N/A <call function="'testCase_Postamble'"/>
5909N/A </sequence>
5909N/A </finally>
5909N/A </try>
5909N/A </sequence>
5909N/A </testcase>
5908N/A </function>
5908N/A
5571N/A <function name="pta_test_body1">
5571N/A <function-map-args>
5571N/A <function-arg-def name="userNamePswd" type="required">
5571N/A <function-arg-description>
5571N/A Dictionary of user names (dn) and passwords.
5571N/A </function-arg-description>
5571N/A <function-arg-property name="type" value="Dictionary"/>
5571N/A </function-arg-def>
5571N/A <function-arg-def name="dsconfigAuthPolicy" type="required">
5571N/A <function-arg-description>
5571N/A Authentication policy in form of a dsconfig options
5571N/A </function-arg-description>
5571N/A <function-arg-property name="type" value="List"/>
5571N/A </function-arg-def>
5571N/A </function-map-args>
5571N/A <sequence>
5571N/A
5571N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5571N/A indexvar="usernum">
5571N/A
5571N/A <sequence>
5571N/A
5571N/A <script>
5571N/A myldapPtaPolicyName = userNamePswd[remotePTAuserName][1]
5571N/A myldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % myldapPtaPolicyName
5571N/A
5571N/A options = []
5571N/A options += dsconfigAuthPolicy
5571N/A options.append('--policy-name "%s"' % myldapPtaPolicyName)
5571N/A dsconfigOptions=' '.join(options)
5571N/A </script>
5571N/A
5571N/A <call function="'dsconfig'">
5571N/A { 'location' : local_ldap_server.getHostname(),
5571N/A 'dsPath' : '%s/%s' \
5571N/A % (local_ldap_server.getDir(),OPENDSNAME),
5571N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5571N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5571N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5571N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5571N/A 'subcommand' : 'create-password-policy',
5571N/A 'optionsString' : dsconfigOptions
5571N/A }
5571N/A </call>
5560N/A
5571N/A </sequence>
5571N/A
5571N/A </iterate>
5571N/A
5571N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'Read back the "authentication policy" object.' }
5571N/A </call>
5571N/A
5571N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5571N/A indexvar="usernum">
5571N/A
5571N/A <sequence>
5571N/A
5571N/A <script>
5571N/A myldapPtaPolicyName = userNamePswd[remotePTAuserName][1]
5571N/A myldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % myldapPtaPolicyName
5571N/A
5571N/A options=[]
5571N/A options.append('--policy-name "%s"' % myldapPtaPolicyName)
5571N/A dsconfigOptions=' '.join(options)
5571N/A </script>
5571N/A
5571N/A <call function="'dsconfig'">
5571N/A { 'location' : local_ldap_server.getHostname(),
5571N/A 'dsPath' : '%s/%s' \
5571N/A % (local_ldap_server.getDir(),OPENDSNAME),
5571N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5571N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5571N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5571N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5571N/A 'subcommand' : 'get-password-policy-prop',
5571N/A 'optionsString' : dsconfigOptions
5571N/A }
5571N/A </call>
5571N/A
5571N/A </sequence>
5571N/A
5571N/A </iterate>
5571N/A
5571N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entries.' }
5571N/A </call>
5571N/A
5571N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5571N/A indexvar="usernum">
5561N/A
5571N/A <sequence>
5571N/A
5571N/A <script>
5571N/A myldapPtaPolicyName = userNamePswd[remotePTAuserName][1]
5571N/A myldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % myldapPtaPolicyName
5571N/A
5571N/A ldapObject=[]
5908N/A ldapObject.append('ds-pwp-password-policy-dn:%s' % myldapPtaPolicyDn)
5571N/A </script>
5571N/A
5571N/A <call function="'modifyAnAttribute'">
5571N/A { 'location' : local_ldap_server.getHostname(),
5571N/A 'dsPath' : '%s/%s' \
5571N/A % (local_ldap_server.getDir(),OPENDSNAME),
5571N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5571N/A 'dsInstancePort' : local_ldap_server.getPort(),
5571N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5571N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5571N/A 'DNToModify' : remotePTAuserName ,
5571N/A 'listAttributes' : ldapObject ,
5571N/A 'changetype' : 'add'
5571N/A }
5571N/A </call>
5571N/A
5571N/A </sequence>
5571N/A
5571N/A </iterate>
5571N/A
5571N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'Search users entries as Directory Manager for ds-pwp-password-policy-dn.' }
5571N/A </call>
5571N/A
5571N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5571N/A indexvar="usernum">
5571N/A
5571N/A <call function="'ldapSearchWithScript'">
5571N/A { 'location' : local_ldap_server.getHostname(),
5571N/A 'dsPath' : '%s/%s' \
5571N/A % (local_ldap_server.getDir(),OPENDSNAME),
5571N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5571N/A 'dsInstancePort' : local_ldap_server.getPort(),
5571N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5571N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5571N/A 'dsBaseDN' : remotePTAuserName ,
5571N/A 'dsScope' : 'base' ,
5571N/A 'dsFilter' : 'objectclass=*' ,
5571N/A 'dsAttributes' : 'ds-pwp-password-policy-dn'
5571N/A }
5571N/A </call>
5571N/A
5571N/A </iterate>
5571N/A
5571N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'First search users entries as self.' }
5571N/A </call>
5561N/A
5571N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5571N/A indexvar="usernum">
5571N/A
5571N/A <call function="'ldapSearchWithScript'">
5571N/A { 'location' : local_ldap_server.getHostname(),
5571N/A 'dsPath' : '%s/%s' \
5571N/A % (local_ldap_server.getDir(),OPENDSNAME),
5571N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5571N/A 'dsInstancePort' : local_ldap_server.getPort(),
5571N/A 'dsInstanceDn' : remotePTAuserName,
5571N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5571N/A 'dsBaseDN' : remotePTAuserName ,
5571N/A 'dsScope' : 'base' ,
5571N/A 'dsFilter' : 'objectclass=*'
5571N/A }
5571N/A </call>
5571N/A
5571N/A </iterate>
5571N/A
5571N/A <call function="'testStep'">
5908N/A { 'stepMessage' : 'Get all the users operational attributes.' }
5908N/A </call>
5908N/A
5908N/A <iterate var="remotePTAuserName"
5908N/A in="userNamePswd.keys()"
5908N/A indexvar="usernum">
5908N/A
5908N/A <call function="'ldapSearchWithScript'">
5908N/A { 'location' : local_ldap_server.getHostname(),
5908N/A 'dsPath' : '%s/%s' \
5908N/A % (local_ldap_server.getDir(),OPENDSNAME),
5908N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5908N/A 'dsInstancePort' : local_ldap_server.getPort(),
5908N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5908N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5908N/A 'dsBaseDN' : remotePTAuserName ,
5908N/A 'dsScope' : 'base' ,
5908N/A 'dsFilter' : 'objectclass=*' ,
5908N/A 'dsAttributes' : '+'
5908N/A }
5908N/A </call>
5908N/A
5908N/A </iterate>
5908N/A
5908N/A <call function="'testStep'">
5571N/A { 'stepMessage' : 'Modify the users entries.' }
5571N/A </call>
5571N/A
5571N/A <script>
5571N/A ldapObject=[]
5909N/A ldapObject.append('description:I am now a remote LDAP PTA user')
5571N/A </script>
5571N/A
5571N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5571N/A indexvar="usernum">
5571N/A
5571N/A <call function="'modifyAnAttribute'">
5571N/A { 'location' : local_ldap_server.getHostname(),
5571N/A 'dsPath' : '%s/%s' \
5571N/A % (local_ldap_server.getDir(),OPENDSNAME),
5571N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5571N/A 'dsInstancePort' : local_ldap_server.getPort(),
5571N/A 'dsInstanceDn' : remotePTAuserName,
5571N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5571N/A 'DNToModify' : remotePTAuserName ,
5571N/A 'listAttributes' : ldapObject ,
5571N/A 'changetype' : 'replace'
5571N/A }
5571N/A </call>
5571N/A
5571N/A </iterate>
5571N/A
5571N/A </sequence>
5571N/A
5571N/A </function>
5571N/A
5571N/A <function name="pta_test_body2">
5571N/A <function-map-args>
5571N/A <function-arg-def name="userNamePswd" type="required">
5571N/A <function-arg-description>
5571N/A Dictionary of user names (dn) and passwords.
5571N/A </function-arg-description>
5571N/A <function-arg-property name="type" value="Dictionary"/>
5571N/A </function-arg-def>
5571N/A </function-map-args>
5571N/A <sequence>
5560N/A
5560N/A <call function="'testStep'">
5560N/A { 'stepMessage' : 'Stop the primary remote ldap server.' }
5560N/A </call>
5560N/A
5560N/A <call function="'stopServers'">
5560N/A [[primary_remote_ldap_server]]
5560N/A </call>
5560N/A
5560N/A <call function="'testStep'">
5561N/A { 'stepMessage' : 'Second search users entries as self.' }
5560N/A </call>
5560N/A
5561N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5561N/A indexvar="usernum">
5561N/A
5561N/A <call function="'ldapSearchWithScript'">
5561N/A { 'location' : local_ldap_server.getHostname(),
5561N/A 'dsPath' : '%s/%s' \
5561N/A % (local_ldap_server.getDir(),OPENDSNAME),
5561N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5561N/A 'dsInstancePort' : local_ldap_server.getPort(),
5561N/A 'dsInstanceDn' : remotePTAuserName,
5571N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5561N/A 'dsBaseDN' : remotePTAuserName ,
5561N/A 'dsFilter' : 'objectclass=*'
5561N/A }
5561N/A </call>
5561N/A
5561N/A </iterate>
5560N/A
5560N/A <call function="'testStep'">
5561N/A { 'stepMessage' : 'Modify the users entries.' }
5560N/A </call>
5560N/A
5560N/A <script>
5560N/A ldapObject=[]
5909N/A ldapObject.append('description:I am now a remote LDAP PTA user')
5560N/A </script>
5560N/A
5561N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5561N/A indexvar="usernum">
5561N/A
5561N/A <call function="'modifyAnAttribute'">
5561N/A { 'location' : local_ldap_server.getHostname(),
5561N/A 'dsPath' : '%s/%s' \
5561N/A % (local_ldap_server.getDir(),OPENDSNAME),
5561N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5561N/A 'dsInstancePort' : local_ldap_server.getPort(),
5561N/A 'dsInstanceDn' : remotePTAuserName,
5571N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0],
5561N/A 'DNToModify' : remotePTAuserName ,
5561N/A 'listAttributes' : ldapObject ,
5561N/A 'changetype' : 'replace'
5561N/A }
5561N/A </call>
5561N/A
5561N/A </iterate>
5560N/A
5560N/A <call function="'testStep'">
5560N/A { 'stepMessage' : 'Restart the primary remote ldap server.' }
5560N/A </call>
5560N/A
5560N/A <call function="'startServers'">
5560N/A [[primary_remote_ldap_server]]
5560N/A </call>
5560N/A
5560N/A <call function="'testStep'">
5560N/A { 'stepMessage' : 'Wait for monitor heartbeat to primary remote ldap server.' }
5560N/A </call>
5560N/A <call function="'Sleep'">
5560N/A { 'sleepForMilliSeconds' : '5000' }
5560N/A </call>
5560N/A
5560N/A <call function="'testStep'">
5561N/A { 'stepMessage' : 'Third search users entries as self.' }
5560N/A </call>
5560N/A
5561N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5561N/A indexvar="usernum">
5561N/A
5561N/A <call function="'ldapSearchWithScript'">
5561N/A { 'location' : local_ldap_server.getHostname(),
5561N/A 'dsPath' : '%s/%s' \
5561N/A % (local_ldap_server.getDir(),OPENDSNAME),
5561N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5561N/A 'dsInstancePort' : local_ldap_server.getPort(),
5561N/A 'dsInstanceDn' : remotePTAuserName,
5571N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5561N/A 'dsBaseDN' : remotePTAuserName ,
5561N/A 'dsFilter' : 'objectclass=*'
5561N/A }
5561N/A </call>
5561N/A
5561N/A </iterate>
5560N/A
5560N/A <call function="'testStep'">
5560N/A { 'stepMessage' : 'Stop the secondary remote ldap server.' }
5560N/A </call>
5560N/A
5560N/A <call function="'stopServers'">
5560N/A [[secondary_remote_ldap_server]]
5560N/A </call>
5560N/A
5560N/A <call function="'testStep'">
5561N/A { 'stepMessage' : 'Fourth search users entries as self.' }
5560N/A </call>
5560N/A
5561N/A <iterate var="remotePTAuserName"
5571N/A in="userNamePswd.keys()"
5561N/A indexvar="usernum">
5561N/A
5561N/A <call function="'ldapSearchWithScript'">
5561N/A { 'location' : local_ldap_server.getHostname(),
5561N/A 'dsPath' : '%s/%s' \
5561N/A % (local_ldap_server.getDir(),OPENDSNAME),
5561N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5561N/A 'dsInstancePort' : local_ldap_server.getPort(),
5561N/A 'dsInstanceDn' : remotePTAuserName,
5571N/A 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
5561N/A 'dsBaseDN' : remotePTAuserName ,
5561N/A 'dsFilter' : 'objectclass=*'
5561N/A }
5561N/A </call>
5561N/A
5561N/A </iterate>
5560N/A
5560N/A <call function="'testStep'">
5560N/A { 'stepMessage' : 'Start the secondary remote ldap server.' }
5560N/A </call>
5560N/A
5560N/A <call function="'startServers'">
5560N/A [[secondary_remote_ldap_server]]
5560N/A </call>
5571N/A
5571N/A </sequence>
5571N/A
5571N/A </function>
5551N/A
5541N/A</stax>