<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! or http://forgerock.org/license/CDDLv1.0.html.
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008-2010 Sun Microsystems, Inc.
! Portions Copyright 2011-2013 ForgeRock AS.
! -->
<stax>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Target Tests
#@TestName Preamble
#@TestIssue none
#@TestPurpose Prepare for effective rights tests
#@TestPreamble none
#@TestStep Admin removes global search ACI
#@TestStep Admin adds ACI to access effective rights
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<function name="aci_effective_rights_001" scope="local">
<testcase name="getTestCaseName('Effective Rights Preamble')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Effective Rights: Preamble - Removing Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<script>
allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'add' }
</call>
<script>
curr_aci_ldif_file = 'add_effrights_aci.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Preamble - Admin adding get effective rights ACI,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - wildcard
#@TestIssue none
#@TestPurpose Test effective rights with wildcard
#@TestPreamble none
#@TestStep Admin searches for effective rights in an entry using the wildcard notation.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
proper entries are returned for all steps.
-->
<function name="aci_effective_rights_002" scope="local">
<testcase name="getTestCaseName('Basic - wildcard')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Effective Rights: Basic - wildcard, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'uid=scarter' ,
'attributes' : 'aclRights "*"' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com"' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;cn: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - read
#@TestIssue none
#@TestPurpose Test effective rights with read permission
#@TestPreamble Admin adds an aci.
#@TestStep Admin searches for effective rights in an entry in the targeted branch dn.
#@TestStep Admin searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
no entries are returned for any step.
-->
<function name="aci_effective_rights_003" scope="local">
<testcase name="getTestCaseName('Basic - read')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci1.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - read, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - read, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:0,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:0,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - read, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - read, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - read, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - search
#@TestIssue none
#@TestPurpose Test effective rights with search permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
no entries are returned for any step.
-->
<function name="aci_effective_rights_004" scope="local">
<testcase name="getTestCaseName('Basic - search')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - search, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - search, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - search, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - search, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - search-read
#@TestIssue none
#@TestPurpose Test effective rights with search-read permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn as shown in doc example.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn with -J option.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
and the attributeLevel permissions are 1 for search and read for uid and roomnumber.
-->
<function name="aci_effective_rights_005" scope="local">
<testcase name="getTestCaseName('Basic - search-read')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci3.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - search-read, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - search-read as doc example, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights "*"' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com"' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - search-read with -J option, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -J effectiveRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - search-read in separate ACIs
#@TestIssue none
#@TestPurpose Test effective rights with search-read permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
and the attributeLevel permissions are 1 for search and read for uid and roomnumber.
-->
<function name="aci_effective_rights_006" scope="local">
<testcase name="getTestCaseName('Basic - search-read, separate ACIs')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci4.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - search-read, separate ACIs, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, separate ACIs, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - compare
#@TestIssue none
#@TestPurpose Test effective rights with compare permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
and the attributeLevel permissions are 1 for search, read and compare for uid and roomnumber.
-->
<function name="aci_effective_rights_007" scope="local">
<testcase name="getTestCaseName('Basic - compare')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci5.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - compare, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - compare, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:1,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:1,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - compare, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - compare, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - compare, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - add
#@TestIssue none
#@TestPurpose Test effective rights with add permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
and the attributeLevel permissions are 1 for search and read for uid and roomnumber.
-->
<function name="aci_effective_rights_008" scope="local">
<testcase name="getTestCaseName('Basic - add')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci6.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - add, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - add, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:1,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - add, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - add, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - add, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - delete
#@TestIssue none
#@TestPurpose Test effective rights with delete permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read and delete,
and the attributeLevel permissions are 1 for search and read for uid and roomnumber.
-->
<function name="aci_effective_rights_009" scope="local">
<testcase name="getTestCaseName('Basic - delete')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci7.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - delete, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - delete, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:1,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - delete, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - delete, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - delete, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - write
#@TestIssue none
#@TestPurpose Test effective rights with write permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read and write,
and the attributeLevel permissions are 1 for search, read, write, selfwrite_add and selfwrite_delete for uid and roomnumber.
-->
<function name="aci_effective_rights_010" scope="local">
<testcase name="getTestCaseName('Basic - write')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci8.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - write, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - write, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:1,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:1,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:1,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - write, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - write, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - write, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - proxy
#@TestIssue none
#@TestPurpose Test effective rights with proxy permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read and proxy,
and the attributeLevel permissions are 1 for search, read, and proxy for uid and roomnumber.
-->
<function name="aci_effective_rights_011" scope="local">
<testcase name="getTestCaseName('Basic - proxy')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci9.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - proxy, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - proxy, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:1' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:1' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:1' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - proxy, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - proxy, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - proxy, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - selfwrite
#@TestIssue none
#@TestPurpose Test effective rights with selfwrite permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read and write,
and the attributeLevel permissions are 1 for search, read, selfwrite_add and selfwrite_delete for uid and roomnumber.
-->
<function name="aci_effective_rights_012" scope="local">
<testcase name="getTestCaseName('Basic - selfwrite')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci10.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - selfwrite, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - selfwrite, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - selfwrite, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - selfwrite, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - selfwrite, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - all
#@TestIssue none
#@TestPurpose Test effective rights with all permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for all options but proxy,
and the attributeLevel permissions are 1 for all options but proxy for uid and roomnumber.
-->
<function name="aci_effective_rights_013" scope="local">
<testcase name="getTestCaseName('Basic - all')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci11.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - all, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - all, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:1,delete:1,read:1,write:1,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:1,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:1,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - all, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - all, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - all, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - export
#@TestIssue none
#@TestPurpose Test effective rights with export permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
and the attributeLevel permissions are 1 for search and read for uid and roomnumber.
-->
<function name="aci_effective_rights_014" scope="local">
<testcase name="getTestCaseName('Basic - export')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci12.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - export, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - export, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - export, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - export, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - export, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - import
#@TestIssue none
#@TestPurpose Test effective rights with import permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
and the attributeLevel permissions are 1 for search and read for uid and roomnumber.
-->
<function name="aci_effective_rights_015" scope="local">
<testcase name="getTestCaseName('Basic - import')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci13.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: Basic - import, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: Basic - import, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: Basic - import, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: Basic - import, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: Basic - import, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - targetattr with search,read
#@TestIssue none
#@TestPurpose Test effective rights with targetattr with search,read permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
the attributeLevel permissions are 1 for search and read for roomnumber,
and all attribute permissions are 0 for uid.
-->
<function name="aci_effective_rights_016" scope="local">
<testcase name="getTestCaseName('targetattr with search,read')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci21.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: targetattr with search,read, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: targetattr with search,read, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'roomnumber=*' ,
'attributes' : 'uid aclRights roomnumber cn' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: targetattr with search,read, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'roomnumber=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: targetattr with search,read, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: targetattr with search,read, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'roomnumber=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Effective Rights Tests
#@TestName Effective Rights - targetattr with search,read
#@TestIssue none
#@TestPurpose Test effective rights with targetattr with search,read permission
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
an entry is returned for step 1.
Also, for step 1, the entryLevel permission is 1 for read,
the attributeLevel permissions are 1 for search and read for uid,
and all attribute permissions are 0 for roomnumber.
-->
<function name="aci_effective_rights_017" scope="local">
<testcase name="getTestCaseName('targetattr with not equal and search,read')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci22.ldif'
curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
</script>
<message>
'ACI: Effective Rights: targetattr with not equal and search,read, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
</call>
<message>
'ACI: Effective Rights: targetattr with not equal and search,read, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'uid=*' ,
'attributes' : 'uid aclRights roomnumber cn' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Effective Rights: targetattr with not equal and search,read, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'uid=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Effective Rights: targetattr with not equal and search,read, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
</call>
<message>
'ACI: Effective Rights: targetattr with not equal and search,read, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'uid=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Target Tests
#@TestName Postamble
#@TestIssue none
#@TestPurpose Reset effective rights tests
#@TestPreamble none
#@TestStep Admin deletes ACI to access effective rights
#@TestStep Admin puts back global search ACI
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<function name="aci_effective_rights_018" scope="local">
<testcase name="getTestCaseName('Effective Rights Postamble')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Effective Rights: Postamble - Admin deleting get effective rights ACI'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/aci/aci_effective_rights/del_effrights_aci.ldif' % (remote.data) }
</call>
<script>
allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'delete' }
</call>
<message>
'ACI: Effective Rights: Preamble - putting back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
</stax>