ProxyBindTestCase.java revision a89f7014aeb71dba5c94404dfea7eb89e7eeee74
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2009 Sun Microsystems, Inc.
* Portions Copyright 2011-2015 ForgeRock AS.
*/
/**
* Tests the proxy bind functionality, via the proxy bind access control support
* added to allow authzid's in Sasl Binds.
*/
public class ProxyBindTestCase extends AciTestCase {
aciUser + "\"";
private static final
"(version 3.0; acl \"bypass aci\";" +
public void setupClass() throws Exception {
"set-sasl-mechanism-handler-prop",
"--handler-name", "DIGEST-MD5",
"--set", "server-fqdn:localhost");
"create-password-policy",
"--type", "password-policy",
"--policy-name", pwdPolicy,
"--set", "password-attribute:userPassword",
"--set", "default-password-storage-scheme: Clear"
);
addEntries("o=test");
"dn: uid=proxyUser,ou=People,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: proxyUser",
"givenName: proxyUser",
"sn: proxyUser",
"cn: proxyUser",
"userPassword: password",
"ds-pwp-password-policy-dn:" +
"cn=Aci Temp Policy,cn=Password Policies,cn=config",
"",
"dn: uid=aciUser,ou=People,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: aciUser",
"givenName: aciUser",
"sn: aciUser",
"cn: aciUser",
"userPassword: password",
"ds-privilege-name: proxied-auth",
"ds-pwp-password-policy-dn:" +
"cn=Aci Temp Policy,cn=Password Policies,cn=config",
"",
"dn: uid=bypassAcl,ou=People,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: bypassAcl",
"givenName: bypassAcl",
"sn: bypassAcl",
"cn: bypassAcl",
"userPassword: password",
"ds-privilege-name: bypass-acl",
"ds-privilege-name: proxied-auth",
"ds-pwp-password-policy-dn:" + "" +
"cn=Aci Temp Policy,cn=Password Policies,cn=config",
"",
"dn: uid=regUser,ou=People,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: regUser",
"givenName: regUser",
"sn: regUser",
"cn: regUser",
"userPassword: password",
"ds-pwp-password-policy-dn:" +
"cn=Aci Temp Policy,cn=Password Policies,cn=config");
}
@BeforeMethod(alwaysRun = true)
public void methodSetup() throws Exception {
}
@AfterClass(alwaysRun = true)
"set-sasl-mechanism-handler-prop",
"--handler-name", "DIGEST-MD5",
"--reset", "server-fqdn",
"--reset", "quality-of-protection");
}
/**
* Test DIGEST-MD5 SASL binds using various combinations of authID and
* authZIDs. The user binding is allowed because of an aci added.
*
* @throws Exception If an error occurs.
*/
@Test
}
/**
* Test DIGEST-MD5 SASL binds using various combinations of authID and
* authZIDs. The user binding is allowed because it has bypass-acl
* privileges.
*
* @throws Exception If an error occurs.
*/
@Test
public void testBypass() throws Exception {
}
}