LockdownModeTaskTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008 Sun Microsystems, Inc.
* Portions Copyright 2014-2015 ForgeRock AS
*/
/**
* Tests the enter and leave lockdown mode tasks.
*/
public class LockdownModeTaskTestCase
extends TasksTestCase
{
/**
* Make sure that the Directory Server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
public void startServer()
throws Exception
{
}
/**
* Make sure that no matter what, when these tests are done the server is no
* longer in lockdown mode.
*/
public void disableLockdownMode()
{
DirectoryServer.setLockdownMode(false);
}
/**
* Test to ensure that the enter and leave lockdown tasks work as expected.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testLockdownModeTasks()
throws Exception
{
// Add a test user that has the bypass-acl privilege but isn't a root user.
"dn: cn=Admin,o=test",
"objectClass: top",
"objectClass: person",
"cn: Admin",
"sn: Admin",
"userPassword: password",
"ds-privilege-name: bypass-acl");
// Make sure that the server isn't currently in lockdown mode.
// Make sure that we can retrieve the server's root DSE over an
// unauthenticated client connection.
{
"-h", localIP,
"-b", "",
"-s", "base",
"--noPropertiesFile",
"(objectClass=*)"
};
// Create a file that holds the LDIF for putting the server in lockdown
// mode.
"dn: ds-task-id=Enter Lockdown Mode,cn=Scheduled Tasks,cn=tasks",
"changetype: add",
"objectClass: top",
"objectClass: ds-task",
"ds-task-id: Enter Lockdown Mode",
"ds-task-class-name: org.opends.server.tasks.EnterLockdownModeTask");
"ds-task-id=Enter Lockdown Mode,cn=Scheduled Tasks,cn=tasks");
// Ensure that we can't put the server in lockdown mode as a non-root user.
{
"-h", "127.0.0.1",
"-Z", "-X",
"-D", "cn=Admin,o=test",
"-w", "password",
"--noPropertiesFile",
"-f", taskFile
};
// If the local address isn't a loopback address, then verify that we can't
// put the server in lockdown mode using it.
if (! isLoopback)
{
{
"-h", localIP,
"-Z", "-X",
"-D", "cn=Directory Manager",
"-w", "password",
"--noPropertiesFile",
"-f", taskFile
};
}
// Verify that we can put the server in lockdown mode as a root user over
// a loopback address.
{
"-h", "127.0.0.1",
"-Z", "-X",
"-D", "cn=Directory Manager",
"-w", "password",
"--noPropertiesFile",
"-f", taskFile
};
// If the local IP isn't the loopback address, then verify that we can't
// connect using it even as a root user.
if (! isLoopback)
{
{
"-h", localIP,
"-D", "cn=Directory Manager",
"-w", "password",
"-b", "",
"-s", "base",
"--noPropertiesFile",
"(objectClass=*)"
};
}
// Make sure that we can no longer retrieve the server's root DSE over an
// unauthenticated connection. In this case, we'll make sure to use a
// loopback connection.
{
"-h", "127.0.0.1",
"-b", "",
"-s", "base",
"--noPropertiesFile",
"(objectClass=*)"
};
// Make sure that we can no longer retrieve the server's root DSE over an
// authenticated connection. In this case, we'll make sure to use a
// loopback connection.
{
"-h", "127.0.0.1",
"-D", "cn=Admin,o=test",
"-w", "password",
"-b", "",
"-s", "base",
"--noPropertiesFile",
"(objectClass=*)"
};
// Make sure that we can retrieve the server's root DSE over a
// root-authenticated loopback connection.
{
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-b", "",
"-s", "base",
"--noPropertiesFile",
"(objectClass=*)"
};
// Use another task to take the server out of lockdown mode and make sure it
// works.
"dn: ds-task-id=Leave Lockdown Mode,cn=Scheduled Tasks,cn=tasks",
"changetype: add",
"objectClass: top",
"objectClass: ds-task",
"ds-task-id: Leave Lockdown Mode",
"ds-task-class-name: org.opends.server.tasks.LeaveLockdownModeTask");
"ds-task-id=Leave Lockdown Mode,cn=Scheduled Tasks,cn=tasks");
{
"-h", "127.0.0.1",
"-Z", "-X",
"-D", "cn=Directory Manager",
"-w", "password",
"--noPropertiesFile",
"-f", taskFile
};
// Make sure that we can once again retrieve the server's root DSE over an
// anonymous connection.
{
"-h", localIP,
"-b", "",
"-s", "base",
"--noPropertiesFile",
"(objectClass=*)"
};
}
}