pta_basic_tests.xml revision 5548
5541N/A<?xml version="1.0" encoding="UTF-8" standalone="no"?>
5541N/A<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
5541N/A<!--
5541N/A ! CDDL HEADER START
5541N/A !
5541N/A ! The contents of this file are subject to the terms of the
5541N/A ! Common Development and Distribution License, Version 1.0 only
5541N/A ! (the "License"). You may not use this file except in compliance
5541N/A ! with the License.
5541N/A !
5541N/A ! You can obtain a copy of the license at
5541N/A ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
5541N/A ! or http://forgerock.org/license/CDDLv1.0.html.
5541N/A ! See the License for the specific language governing permissions
5541N/A ! and limitations under the License.
5541N/A !
5541N/A ! When distributing Covered Code, include this CDDL HEADER in each
5541N/A ! file and include the License file at
5541N/A ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
5541N/A ! add the following below this CDDL HEADER, with the fields enclosed
5541N/A ! by brackets "[]" replaced with your own identifying information:
5541N/A ! Portions Copyright [yyyy] [name of copyright owner]
5541N/A !
5541N/A ! CDDL HEADER END
5541N/A !
5541N/A ! Copyright 2011 ForgeRock AS
5541N/A ! -->
5541N/A<stax>
5541N/A
5541N/A <!-- Definition of Test Cases -->
5541N/A
5541N/A <!--- Test Cases : Basic : PTA -->
5541N/A
5541N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon unmapped
5548N/A #@TestName Basic: PTA anon unmapped
5541N/A #@TestID basic_pta_001
5541N/A #@TestPurpose Verify user with a LDAP PTA unmapped policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5548N/A #@TestStep Enable AD backend on local server
5548N/A #@TestStep Configure LDAP PTA Policy as unmapped
5546N/A #@TestStep Read back the "authentication policy" object
5546N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5546N/A #@TestStep Search users entry as Directory Manager for operational attributes
5546N/A #@TestStep Search users entry as self
5546N/A #@TestStep Modify the users entry
5548N/A #@TestStep ds-pwp-password-policy-dn from users entry
5546N/A #@TestStep Remove LDAP PTA Authentication Policy
5548N/A #@TestStep Disable AD backend on local server
5546N/A #@TestPostamble Cleanup PTA
5541N/A #@TestResult Test is successful if the result code is 0
5541N/A -->
5548N/A <function name="basic_pta_001" scope="local">
5548N/A <testcase name="getTestCaseName('PTA anon unmapped')">
5546N/A <sequence>
5546N/A <try>
5546N/A <sequence>
5546N/A <call function="'testCase_Preamble'"/>
5546N/A <message>
5546N/A 'Test Name = %s' % STAXCurrentTestcase
5546N/A </message>
5546N/A
5546N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Enable AD backend on local server.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--backend-name "AD"')
5548N/A options.append('--set enabled:true')
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'set-backend-prop',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A options=[]
5546N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5548N/A options.append('--set mapping-policy:unmapped')
5546N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5546N/A options.append('--type ldap-pass-through')
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5546N/A dsconfigOptions=' '.join(options)
5546N/A </script>
5546N/A
5546N/A <call function="'dsconfig'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5546N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'subcommand' : 'create-password-policy',
5546N/A 'optionsString' : dsconfigOptions
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Read back the "authentication policy" object.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A options=[]
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'get-password-policy-prop',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A remotePTAuserName='uid=jwallace, ou=People, dc=AD,dc=com'
5548N/A remotePTAuserPSWD='linear'
5548N/A ldapObject=[]
5548N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5548N/A % ldapPtaPolicyDn)
5548N/A </script>
5548N/A
5548N/A <call function="'modifyAnAttribute'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'DNToModify' : remotePTAuserName ,
5548N/A 'listAttributes' : ldapObject ,
5548N/A 'changetype' : 'add'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
5548N/A </call>
5548N/A
5548N/A <call function="'ldapSearchWithScript'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'dsBaseDN' : remotePTAuserName ,
5548N/A 'dsFilter' : 'objectclass=*' ,
5548N/A 'dsAttributes' : '+'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Search users entry as self.' }
5548N/A </call>
5548N/A
5548N/A <call function="'ldapSearchWithScript'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : remotePTAuserName,
5548N/A 'dsInstancePswd' : remotePTAuserPSWD ,
5548N/A 'dsBaseDN' : remotePTAuserName ,
5548N/A 'dsFilter' : 'objectclass=*'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Modify the users entry.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A ldapObject=[]
5548N/A ldapObject.append('description: i am now a remote LDAP PTA user')
5548N/A </script>
5548N/A
5548N/A <call function="'modifyAnAttribute'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : remotePTAuserName,
5548N/A 'dsInstancePswd' : remotePTAuserPSWD,
5548N/A 'DNToModify' : remotePTAuserName ,
5548N/A 'listAttributes' : ldapObject ,
5548N/A 'changetype' : 'replace'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A ldapObject=[]
5548N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5548N/A % ldapPtaPolicyDn)
5548N/A </script>
5548N/A
5548N/A <call function="'modifyAnAttribute'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'DNToModify' : remotePTAuserName ,
5548N/A 'listAttributes' : ldapObject ,
5548N/A 'changetype' : 'delete'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'delete-password-policy',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Disable AD backend on local server.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--backend-name "AD"')
5548N/A options.append('--set enabled:false')
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'set-backend-prop',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A </sequence>
5548N/A
5548N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5548N/A <message log="1" level="'fatal'">
5548N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5548N/A </message>
5548N/A </catch>
5548N/A <finally>
5548N/A <call function="'testCase_Postamble'"/>
5548N/A </finally>
5548N/A </try>
5548N/A </sequence>
5548N/A </testcase>
5548N/A </function>
5548N/A
5548N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon mapped-bind
5548N/A #@TestName Basic: PTA anon mapped-bind
5548N/A #@TestID basic_pta_002
5548N/A #@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5548N/A #@TestStep Configure LDAP PTA Policy for mapped-bind
5548N/A #@TestStep Read back the "authentication policy" object
5548N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5548N/A #@TestStep Search users entry as Directory Manager for operational attributes
5548N/A #@TestStep Search users entry as self
5548N/A #@TestStep Modify the users entry
5548N/A #@TestStep Delete ds-pwp-password-policy-dn from users entry
5548N/A #@TestStep Remove LDAP PTA Authentication Policy
5548N/A #@TestPostamble Cleanup PTA
5548N/A #@TestResult Test is successful if the result code is 0
5548N/A -->
5548N/A <function name="basic_pta_002" scope="local">
5548N/A <testcase name="getTestCaseName('PTA anon mapped-bind')">
5548N/A <sequence>
5548N/A <try>
5548N/A <sequence>
5548N/A <call function="'testCase_Preamble'"/>
5548N/A <message>
5548N/A 'Test Name = %s' % STAXCurrentTestcase
5548N/A </message>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'onfigure LDAP PTA Policy for mapped-bind.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5548N/A options.append('--set mapped-attribute:seealso')
5548N/A options.append('--set mapping-policy:mapped-bind')
5548N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5548N/A options.append('--type ldap-pass-through')
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'create-password-policy',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Read back the "authentication policy" object.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5546N/A dsconfigOptions=' '.join(options)
5546N/A </script>
5546N/A
5546N/A <call function="'dsconfig'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5546N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'subcommand' : 'get-password-policy-prop',
5546N/A 'optionsString' : dsconfigOptions
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A remotePTAuserName='uid=jmcFarla, ou=People, o=example'
5546N/A remotePTAuserPSWD='walnut'
5546N/A ldapObject=[]
5546N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5546N/A % ldapPtaPolicyDn)
5546N/A </script>
5546N/A
5546N/A <call function="'modifyAnAttribute'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5546N/A 'dsInstancePort' : local_ldap_server.getPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'DNToModify' : remotePTAuserName ,
5546N/A 'listAttributes' : ldapObject ,
5546N/A 'changetype' : 'add'
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
5546N/A </call>
5546N/A
5546N/A <call function="'ldapSearchWithScript'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5546N/A 'dsInstancePort' : local_ldap_server.getPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'dsBaseDN' : remotePTAuserName ,
5546N/A 'dsFilter' : 'objectclass=*' ,
5546N/A 'dsAttributes' : '+'
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Search users entry as self.' }
5546N/A </call>
5546N/A
5546N/A <call function="'ldapSearchWithScript'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5546N/A 'dsInstancePort' : local_ldap_server.getPort(),
5546N/A 'dsInstanceDn' : remotePTAuserName,
5546N/A 'dsInstancePswd' : remotePTAuserPSWD ,
5546N/A 'dsBaseDN' : remotePTAuserName ,
5546N/A 'dsFilter' : 'objectclass=*'
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Modify the users entry.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A ldapObject=[]
5546N/A ldapObject.append('description: i am now a remote LDAP PTA user')
5546N/A </script>
5546N/A
5546N/A <call function="'modifyAnAttribute'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5546N/A 'dsInstancePort' : local_ldap_server.getPort(),
5546N/A 'dsInstanceDn' : remotePTAuserName,
5546N/A 'dsInstancePswd' : remotePTAuserPSWD,
5546N/A 'DNToModify' : remotePTAuserName ,
5546N/A 'listAttributes' : ldapObject ,
5546N/A 'changetype' : 'replace'
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A ldapObject=[]
5546N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5546N/A % ldapPtaPolicyDn)
5546N/A </script>
5546N/A
5546N/A <call function="'modifyAnAttribute'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5546N/A 'dsInstancePort' : local_ldap_server.getPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'DNToModify' : remotePTAuserName ,
5546N/A 'listAttributes' : ldapObject ,
5546N/A 'changetype' : 'delete'
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
5546N/A </call>
5546N/A
5546N/A <script>
5546N/A options=[]
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5546N/A dsconfigOptions=' '.join(options)
5546N/A </script>
5546N/A
5546N/A <call function="'dsconfig'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5546N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'subcommand' : 'delete-password-policy',
5546N/A 'optionsString' : dsconfigOptions
5546N/A }
5546N/A </call>
5546N/A
5546N/A </sequence>
5546N/A
5546N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5546N/A <message log="1" level="'fatal'">
5546N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5546N/A </message>
5546N/A </catch>
5546N/A <finally>
5546N/A <call function="'testCase_Postamble'"/>
5546N/A </finally>
5546N/A </try>
5546N/A </sequence>
5546N/A </testcase>
5546N/A </function>
5541N/A
5541N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon mapped-search
5548N/A #@TestName Basic: PTA anon mapped-search
5541N/A #@TestID basic_pta_003
5541N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5546N/A #@TestStep Configure LDAP PTA Policy for mapped-search
5546N/A #@TestStep Read back the "authentication policy" object
5546N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5546N/A #@TestStep Search users entry as Directory Manager for operational attributes
5546N/A #@TestStep Search users entry as self
5546N/A #@TestStep Modify the users entry
5546N/A #@TestStep ds-pwp-password-policy-dn from users entry
5546N/A #@TestStep Remove LDAP PTA Authentication Policy
5546N/A #@TestPostamble Cleanup PTA
5541N/A #@TestResult Test is successful if the result code is 0
5541N/A -->
5541N/A <function name="basic_pta_003" scope="local">
5548N/A <testcase name="getTestCaseName('PTA anon mapped-search')">
5541N/A <sequence>
5541N/A <try>
5541N/A <sequence>
5541N/A <call function="'testCase_Preamble'"/>
5541N/A <message>
5541N/A 'Test Name = %s' % STAXCurrentTestcase
5541N/A </message>
5541N/A
5546N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' }
5546N/A </call>
5546N/A
5541N/A <script>
5541N/A options=[]
5541N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5541N/A options.append('--set mapped-attribute:cn')
5541N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5541N/A options.append('--set mapping-policy:mapped-search')
5541N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5541N/A options.append('--type ldap-pass-through')
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'create-password-policy',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Read back the "authentication policy" object.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'get-password-policy-prop',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A remotePTAuserName='uid=jvedder, ou=People, o=example'
5548N/A remotePTAuserPSWD='befitting'
5548N/A ldapObject=[]
5548N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5548N/A % ldapPtaPolicyDn)
5548N/A </script>
5548N/A
5548N/A <call function="'modifyAnAttribute'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'DNToModify' : remotePTAuserName ,
5548N/A 'listAttributes' : ldapObject ,
5548N/A 'changetype' : 'add'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
5548N/A </call>
5548N/A
5548N/A <call function="'ldapSearchWithScript'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'dsBaseDN' : remotePTAuserName ,
5548N/A 'dsFilter' : 'objectclass=*' ,
5548N/A 'dsAttributes' : '+'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Search users entry as self.' }
5548N/A </call>
5548N/A
5548N/A <call function="'ldapSearchWithScript'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : remotePTAuserName,
5548N/A 'dsInstancePswd' : remotePTAuserPSWD ,
5548N/A 'dsBaseDN' : remotePTAuserName ,
5548N/A 'dsFilter' : 'objectclass=*'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Modify the users entry.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A ldapObject=[]
5548N/A ldapObject.append('description: i am now a remote LDAP PTA user')
5548N/A </script>
5548N/A
5548N/A <call function="'modifyAnAttribute'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : remotePTAuserName,
5548N/A 'dsInstancePswd' : remotePTAuserPSWD,
5548N/A 'DNToModify' : remotePTAuserName ,
5548N/A 'listAttributes' : ldapObject ,
5548N/A 'changetype' : 'replace'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A ldapObject=[]
5548N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5548N/A % ldapPtaPolicyDn)
5548N/A </script>
5548N/A
5548N/A <call function="'modifyAnAttribute'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5548N/A 'dsInstancePort' : local_ldap_server.getPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'DNToModify' : remotePTAuserName ,
5548N/A 'listAttributes' : ldapObject ,
5548N/A 'changetype' : 'delete'
5548N/A }
5548N/A </call>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5548N/A dsconfigOptions=' '.join(options)
5548N/A </script>
5548N/A
5548N/A <call function="'dsconfig'">
5548N/A { 'location' : local_ldap_server.getHostname(),
5548N/A 'dsPath' : '%s/%s' \
5548N/A % (local_ldap_server.getDir(),OPENDSNAME),
5548N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5548N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5548N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5548N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5548N/A 'subcommand' : 'delete-password-policy',
5548N/A 'optionsString' : dsconfigOptions
5548N/A }
5548N/A </call>
5548N/A
5548N/A </sequence>
5548N/A
5548N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5548N/A <message log="1" level="'fatal'">
5548N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5548N/A </message>
5548N/A </catch>
5548N/A <finally>
5548N/A <call function="'testCase_Postamble'"/>
5548N/A </finally>
5548N/A </try>
5548N/A </sequence>
5548N/A </testcase>
5548N/A </function>
5548N/A
5548N/A <!--- Test Case information
5548N/A #@TestMarker Basic: PTA anon mapped-search
5548N/A #@TestName Basic: PTA anon mapped-search
5548N/A #@TestID basic_pta_003
5548N/A #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
5548N/A #@TestPreamble Setup PTA
5548N/A #@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
5548N/A #@TestStep Read back the "authentication policy" object
5548N/A #@TestStep Add ds-pwp-password-policy-dn to users entry
5548N/A #@TestStep Search users entry as Directory Manager for operational attributes
5548N/A #@TestStep Search users entry as self
5548N/A #@TestStep Modify the users entry
5548N/A #@TestStep ds-pwp-password-policy-dn from users entry
5548N/A #@TestStep Remove LDAP PTA Authentication Policy
5548N/A #@TestPostamble Cleanup PTA
5548N/A #@TestResult Test is successful if the result code is 0
5548N/A -->
5548N/A <function name="basic_pta_004" scope="local">
5548N/A <testcase name="getTestCaseName('PTA simple mapped-search-bind')">
5548N/A <sequence>
5548N/A <try>
5548N/A <sequence>
5548N/A <call function="'testCase_Preamble'"/>
5548N/A <message>
5548N/A 'Test Name = %s' % STAXCurrentTestcase
5548N/A </message>
5548N/A
5548N/A <call function="'testStep'">
5548N/A { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
5548N/A </call>
5548N/A
5548N/A <script>
5548N/A options=[]
5548N/A options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
5548N/A options.append('--set mapped-attribute:cn')
5548N/A options.append('--set mapped-search-base-dn:dc=AD,dc=com')
5548N/A options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
5548N/A options.append('--set mapped-search-bind-password:secret12')
5548N/A options.append('--set mapping-policy:mapped-search')
5548N/A options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
5548N/A options.append('--type ldap-pass-through')
5548N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5541N/A dsconfigOptions=' '.join(options)
5541N/A </script>
5541N/A
5541N/A <call function="'dsconfig'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5541N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5541N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5541N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5541N/A 'subcommand' : 'create-password-policy',
5541N/A 'optionsString' : dsconfigOptions
5541N/A }
5541N/A </call>
5541N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Read back the "authentication policy" object.' }
5546N/A </call>
5546N/A
5541N/A <script>
5541N/A options=[]
5546N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5541N/A dsconfigOptions=' '.join(options)
5541N/A </script>
5541N/A
5541N/A <call function="'dsconfig'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5541N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5541N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5541N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5541N/A 'subcommand' : 'get-password-policy-prop',
5541N/A 'optionsString' : dsconfigOptions
5541N/A }
5541N/A </call>
5541N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
5546N/A </call>
5546N/A
5541N/A <script>
5541N/A remotePTAuserName='uid=jvedder, ou=People, o=example'
5541N/A remotePTAuserPSWD='befitting'
5541N/A ldapObject=[]
5546N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5546N/A % ldapPtaPolicyDn)
5541N/A </script>
5541N/A
5541N/A <call function="'modifyAnAttribute'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5541N/A 'dsInstancePort' : local_ldap_server.getPort(),
5541N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5541N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5541N/A 'DNToModify' : remotePTAuserName ,
5541N/A 'listAttributes' : ldapObject ,
5546N/A 'changetype' : 'add'
5546N/A }
5541N/A </call>
5541N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
5546N/A </call>
5546N/A
5541N/A <call function="'ldapSearchWithScript'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5541N/A 'dsInstancePort' : local_ldap_server.getPort(),
5541N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5541N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5541N/A 'dsBaseDN' : remotePTAuserName ,
5541N/A 'dsFilter' : 'objectclass=*' ,
5541N/A 'dsAttributes' : '+'
5541N/A }
5541N/A </call>
5541N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Search users entry as self.' }
5546N/A </call>
5546N/A
5541N/A <call function="'ldapSearchWithScript'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5541N/A 'dsInstancePort' : local_ldap_server.getPort(),
5541N/A 'dsInstanceDn' : remotePTAuserName,
5541N/A 'dsInstancePswd' : remotePTAuserPSWD ,
5541N/A 'dsBaseDN' : remotePTAuserName ,
5541N/A 'dsFilter' : 'objectclass=*'
5541N/A }
5541N/A </call>
5541N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Modify the users entry.' }
5546N/A </call>
5546N/A
5541N/A <script>
5541N/A ldapObject=[]
5541N/A ldapObject.append('description: i am now a remote LDAP PTA user')
5541N/A </script>
5541N/A
5541N/A <call function="'modifyAnAttribute'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5541N/A 'dsInstancePort' : local_ldap_server.getPort(),
5541N/A 'dsInstanceDn' : remotePTAuserName,
5541N/A 'dsInstancePswd' : remotePTAuserPSWD,
5541N/A 'DNToModify' : remotePTAuserName ,
5541N/A 'listAttributes' : ldapObject ,
5546N/A 'changetype' : 'replace'
5546N/A }
5541N/A </call>
5541N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
5546N/A </call>
5546N/A
5541N/A <script>
5541N/A ldapObject=[]
5546N/A ldapObject.append('ds-pwp-password-policy-dn: %s' \
5546N/A % ldapPtaPolicyDn)
5541N/A </script>
5541N/A
5541N/A <call function="'modifyAnAttribute'">
5541N/A { 'location' : local_ldap_server.getHostname(),
5541N/A 'dsPath' : '%s/%s' \
5541N/A % (local_ldap_server.getDir(),OPENDSNAME),
5541N/A 'dsInstanceHost' : local_ldap_server.getHostname() ,
5541N/A 'dsInstancePort' : local_ldap_server.getPort(),
5541N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5541N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5541N/A 'DNToModify' : remotePTAuserName ,
5541N/A 'listAttributes' : ldapObject ,
5546N/A 'changetype' : 'delete'
5546N/A }
5546N/A </call>
5546N/A
5546N/A <call function="'testStep'">
5546N/A { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
5541N/A </call>
5546N/A
5546N/A <script>
5546N/A options=[]
5546N/A options.append('--policy-name "%s"' % ldapPtaPolicyName)
5546N/A dsconfigOptions=' '.join(options)
5546N/A </script>
5546N/A
5546N/A <call function="'dsconfig'">
5546N/A { 'location' : local_ldap_server.getHostname(),
5546N/A 'dsPath' : '%s/%s' \
5546N/A % (local_ldap_server.getDir(),OPENDSNAME),
5546N/A 'dsInstanceHost' : local_ldap_server.getHostname(),
5546N/A 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
5546N/A 'dsInstanceDn' : local_ldap_server.getRootDn(),
5546N/A 'dsInstancePswd' : local_ldap_server.getRootPwd(),
5546N/A 'subcommand' : 'delete-password-policy',
5546N/A 'optionsString' : dsconfigOptions
5546N/A }
5546N/A </call>
5546N/A
5541N/A </sequence>
5541N/A
5541N/A <catch exception="'STAXException'" typevar="eType" var="eInfo">
5541N/A <message log="1" level="'fatal'">
5541N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5541N/A </message>
5541N/A </catch>
5541N/A <finally>
5541N/A <call function="'testCase_Postamble'"/>
5541N/A </finally>
5541N/A </try>
5541N/A </sequence>
5541N/A </testcase>
5541N/A </function>
5541N/A
5541N/A</stax>