669N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
683N/A ! The contents of this file are subject to the terms of the 683N/A ! Common Development and Distribution License, Version 1.0 only 683N/A ! (the "License"). You may not use this file except in compliance 683N/A ! You can obtain a copy of the license at 683N/A ! See the License for the specific language governing permissions 683N/A ! and limitations under the License. 683N/A ! When distributing Covered Code, include this CDDL HEADER in each 683N/A ! file and include the License file at 683N/A ! add the following below this CDDL HEADER, with the fields enclosed 873N/A ! by brackets "[]" replaced with your own identifying information: 683N/A ! Portions Copyright [yyyy] [name of copyright owner] 3232N/A ! Copyright 2008 Sun Microsystems, Inc. 6184N/A ! Portions Copyright 2013 ForgeRock AS 669N/A <
defaultcall function="sasl_cram-md5"/>
669N/A <
function name="sasl_cram-md5">
755N/A Place suite-specific test information here. 755N/A #@TestSuiteName SASL CRAM-MD5 Tests 755N/A #@TestSuitePurpose Test the SASL CRAM-MD5 functionality. 755N/A #@TestSuiteGroup SASL CRAM-MD5 Tests 669N/A <!--- Test case: CRAM-MD5 SASL Mechanism --> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName SASL CRAM-MD5 Preamble 755N/A #@TestPurpose Prepare for SASL CRAM-MD5 tests. 755N/A #@TestStep Admin change password storage scheme to CLEAR. 755N/A #@TestStep User change his password. 755N/A #@TestResult Success if OpenDS returns 0 755N/A for all ldap operations. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - Preamble')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: Preamble Step 1 - Admin Changing Pwd Storage to CLEAR'
1919N/A <
call function="'modifyPwdPolicy'">
1919N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1919N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
1919N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
1919N/A 'propertyName' : 'Default Password Policy' ,
2624N/A 'attributeName' : 'default-password-storage-scheme' ,
2624N/A 'attributeValue' : 'Clear' }
669N/A 'Security: SASL CRAM-MD5: Preamble Step 2 - Admin Changing User Password'
1919N/A <
call function="'modifyAnAttribute'">
1919N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1919N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
1919N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
1919N/A 'DNToModify' : 'uid=jrunner, ou=People, o=SASL Tests, dc=example,dc=com' ,
1919N/A 'attributeName' : 'userpassword' ,
1919N/A 'newAttributeValue' : 'frogleg' ,
1919N/A <
call function="'modifyAnAttribute'">
1919N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1919N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
1919N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
1919N/A 'DNToModify' : 'uid=jcrawler, ou=People, o=SASL Tests, dc=example,dc=com' ,
1919N/A 'attributeName' : 'userpassword' ,
1919N/A 'newAttributeValue' : 'frogleg' ,
1919N/A <
call function="'modifyAnAttribute'">
1919N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1919N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
1919N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
1919N/A 'DNToModify' : 'uid=jcrawler, ou=People, ou=Level One, o=SASL Tests, dc=example,dc=com' ,
1919N/A 'attributeName' : 'userpassword' ,
1919N/A 'newAttributeValue' : 'frogleg' ,
785N/A <
call function="'testCase_Postamble'"/>
669N/A <!--- Test Case : User Bind With CRAM-MD5 SASL Mechanism--> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName uid (u:) Bind 755N/A #@TestPurpose Test bind using an authorization ID that could be mapped to a single DN. 755N/A #@TestStep User bind with authid=u:[name] format. 755N/A #@TestResult Success if OpenDS returns 0. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - User (u:) Binding With CRAM-MD5 SASL Mech')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: User (u:) Binding With CRAM-MD5 SASL Mechanism'
669N/A <
call function="'AnonSearchObject'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsBaseDN' : 'dc=example,dc=com' ,
669N/A 'dsFilter' : 'objectclass=*' ,
669N/A 'extraParams' : '-o mech=CRAM-MD5 -o authid=u:jrunner -w frogleg' }
785N/A <
call function="'testCase_Postamble'"/>
669N/A <!--- Test Case : User Bind With CRAM-MD5 SASL Mechanism--> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName uid (dn:) Bind 755N/A #@TestPurpose Test bind using a DN that has an authorization ID that could be mapped to a single DN. 755N/A #@TestStep User bind with authid=dn:[name] format. 755N/A #@TestResult Success if OpenDS returns 0. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - User (dn:) Binding With CRAM-MD5 SASL Mech')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: User (dn:) Binding With CRAM-MD5 SASL Mechanism'
669N/A <
call function="'AnonSearchObject'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsBaseDN' : 'dc=example,dc=com' ,
669N/A 'dsFilter' : 'objectclass=*' ,
669N/A 'extraParams' : '-o mech=CRAM-MD5 -o "authid=dn:uid=jrunner,ou=People,o=SASL Tests,dc=example,dc=com" -w frogleg' }
785N/A <
call function="'testCase_Postamble'"/>
669N/A <!--- Test Case : User Bind With CRAM-MD5 SASL Mechanism--> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName Dupe uid (u:) Bind 755N/A #@TestPurpose Test bind using an authorization ID that could be mapped to multiple DNs. 755N/A #@TestStep User bind with authid=u:[name] format. 982N/A #@TestResult Success if OpenDS returns 49. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - User With Duplicate uid (u:) Binding')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: User With Duplicate uid (u:) Binding With CRAM-MD5 SASL Mechanism'
669N/A <
call function="'AnonSearchObject'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsBaseDN' : 'dc=example,dc=com' ,
669N/A 'dsFilter' : 'objectclass=*' ,
1751N/A 'extraParams' : '-o mech=CRAM-MD5 -o authid=u:jcrawler -w frogleg' ,
785N/A <
call function="'testCase_Postamble'"/>
669N/A <!--- Test Case : User Bind With CRAM-MD5 SASL Mechanism--> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName Dupe uid (dn:) Bind 755N/A #@TestPurpose Test bind using a user DN whose authorization ID could be mapped to muliple DNs. 755N/A #@TestStep User bind with authid=dn:[DN] format. 755N/A #@TestResult Success if OpenDS returns 0. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - User With Duplicate uid (dn:) Binding')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: User With Duplicate uid (dn:) Binding With CRAM-MD5 SASL Mechanism'
669N/A <
call function="'AnonSearchObject'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsBaseDN' : 'dc=example,dc=com' ,
669N/A 'dsFilter' : 'objectclass=*' ,
669N/A 'extraParams' : '-o mech=CRAM-MD5 -o "authid=dn:uid=jcrawler,ou=People,o=SASL Tests,dc=example,dc=com" -w frogleg' }
785N/A <
call function="'testCase_Postamble'"/>
669N/A <!--- Test Case : User Bind With CRAM-MD5 SASL Mechanism--> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName Dupe uid (u:) Bind 2 755N/A #@TestPurpose Test bind using an authorization ID that could be mapped to multiple DNs. Mutiple DNs are deleted. 755N/A #@TestStep Admin deletes the entry whose authorization ID matches another DN. 755N/A #@TestStep User bind with authid=u:[name] format. 755N/A #@TestResult Success if OpenDS returns 0 755N/A for all ldap operations. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - User With Duplicate uid (u:) Binding 2')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: User With Duplicate uid (u:) Binding With CRAM-MD5 SASL Mechanism After Deleting Dupe Entry'
669N/A <
call function="'DeleteEntry'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
669N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
669N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
669N/A 'dsBaseDN' : 'uid=jcrawler,ou=People,ou=Level One,o=SASL Tests,dc=example,dc=com' }
669N/A 'Security: SASL CRAM-MD5: User With Duplicate uid (u:) Binding With CRAM-MD5 SASL Mechanism'
669N/A <
call function="'AnonSearchObject'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsBaseDN' : 'dc=example,dc=com' ,
669N/A 'dsFilter' : 'objectclass=*' ,
669N/A 'extraParams' : '-o mech=CRAM-MD5 -o authid=u:jcrawler -w frogleg' }
785N/A <
call function="'testCase_Postamble'"/>
669N/A <!--- Test case: CRAM-MD5 SASL Mechanism --> 755N/A Place test-specific test information here. 755N/A The tag, TestMarker, must be the same as the tag, TestSuiteName. 755N/A #@TestMarker SASL CRAM-MD5 Tests 755N/A #@TestName SASL CRAM-MD5 Postamble 755N/A #@TestPurpose Reset configuration. 755N/A #@TestStep Admin change pasword storage scheme to SSHA. 755N/A #@TestStep User change his password. 755N/A #@TestStep User bind with SASL CRAM-MD5. 755N/A #@TestResult Success if OpenDS returns 0 755N/A for all ldap operations except step 3. 982N/A In step 3, the ldap operation should return 49 755N/A because the password is no longer stored as CLEAR. 2173N/A <
testcase name="getTestCaseName('CRAM-MD5 - Postamble')">
785N/A <
call function="'testCase_Preamble'"/>
669N/A 'Security: SASL CRAM-MD5: Postamble Step 1 - Admin Changing Pwd Storage to SSHA'
1919N/A <
call function="'modifyPwdPolicy'">
1919N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1919N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
1919N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
1919N/A 'propertyName' : 'Default Password Policy' ,
2624N/A 'attributeName' : 'default-password-storage-scheme' ,
2624N/A 'attributeValue' : 'Salted SHA-1' }
669N/A 'Security: SASL CRAM-MD5: Postamble Step 2 - Admin Changing User Password'
1919N/A <
call function="'modifyAnAttribute'">
1919N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
1919N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
1919N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
1919N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
1919N/A 'DNToModify' : 'uid=jrunner, ou=People, o=SASL Tests, dc=example,dc=com' ,
1919N/A 'attributeName' : 'userpassword' ,
1919N/A 'newAttributeValue' : 'catleg' ,
669N/A 'Security: SASL CRAM-MD5: Postamble Step 3 - User (dn:) Binding With CRAM-MD5 SASL Mechanism'
669N/A <
call function="'AnonSearchObject'">
669N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
669N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
2428N/A 'dsBaseDN' : 'dc=example,dc=com' ,
669N/A 'dsFilter' : 'objectclass=*' ,
1751N/A 'extraParams' : '-o mech=CRAM-MD5 -o "authid=dn:uid=jrunner,ou=People,o=SASL Tests,dc=example,dc=com" -w catleg' ,
785N/A <
call function="'testCase_Postamble'"/>