<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2011-2013 ForgeRock AS
! -->
<stax>
<!-- Definition of Test Cases -->
<!--- Test Cases : Basic : PTA -->
<!--- Test Case information
#@TestMarker Basic: PTA connection-timeout
#@TestName Basic: PTA connection-timeout
#@TestID basic_pta_001
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using connection-timeout
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_001" scope="local">
<message>'Not implemented.'</message>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA anon unmapped
#@TestName Basic: PTA anon unmapped
#@TestID basic_pta_002
#@TestPurpose Verify user with a LDAP PTA unmapped policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Enable AD backend on local server
#@TestStep Configure LDAP PTA Policy as unmapped
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestStep Disable AD backend on local server
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_002" scope="local">
<testcase name="getTestCaseName('PTA anon unmapped')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Enable AD backend on local server.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jwallace, ou=People, dc=AD,dc=com'] = ['linear',ldapPtaPolicyName]
options=[]
options.append('--backend-name "AD"')
options.append('--set enabled:true')
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'set-backend-prop',
'optionsString' : dsconfigOptions
}
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' }
</call>
<script>
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapping-policy:unmapped')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'pta_postamble2'"/>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA anon mapped-bind
#@TestName Basic: PTA anon mapped-bind
#@TestID basic_pta_003
#@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy for mapped-bind
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_003" scope="local">
<testcase name="getTestCaseName('PTA anon mapped-bind')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy for mapped-bind.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jmcFarla, ou=People, o=example'] = ['walnut',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:seealso')
options.append('--set mapping-policy:mapped-bind')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA anon mapped-search
#@TestName Basic: PTA anon mapped-search
#@TestID basic_pta_004
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy for mapped-search
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_004" scope="local">
<testcase name="getTestCaseName('PTA anon mapped-search')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA simple mapped-search
#@TestName Basic: PTA simple mapped-search
#@TestID basic_pta_005
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_005" scope="local">
<testcase name="getTestCaseName('PTA simple mapped-search-bind')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
options.append('--set mapped-search-bind-password:secret12')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA mapped-search-bind-password-env-variable
#@TestName Basic: PTA mapped-search-bind-password-env-variable
#@TestID basic_pta_006
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using mapped-search-bind-password-environment-variable
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_006" scope="local">
<message>'Not implemented.'</message>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA mapped-search-bind-password-file
#@TestName Basic: PTA mapped-search-bind-password-file
#@TestID basic_pta_007
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using mapped-search-bind-password-file
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_007" scope="local">
<testcase name="getTestCaseName('PTA mapped-search-bind-password-file')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind-password-file.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
options.append('--set mapped-search-bind-password-file:%s' % remotePTAuserPswdFile)
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA mapped-search-bind-password-property
#@TestName Basic: PTA mapped-search-bind-password-property
#@TestID basic_pta_008
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using mapped-search-bind-password-property
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_008" scope="local">
<message>'Not implemented.'</message>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA anon mapped-search use-ssl
#@TestName Basic: PTA anon mapped-search use-ssl
#@TestID basic_pta_009
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy for mapped-search
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_009" scope="local">
<testcase name="getTestCaseName('PTA anon mapped-search use-ssl')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
options.append('--set trust-manager-provider:JKS')
options.append('--set use-ssl:true')
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA simple mapped-search use-ssl
#@TestName Basic: PTA simple mapped-search use-ssl
#@TestID basic_pta_010
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy for mapped-search
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_010" scope="local">
<testcase name="getTestCaseName('PTA simple mapped-search use-ssl')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
options.append('--set mapped-search-bind-password:secret12')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
options.append('--set trust-manager-provider:JKS')
options.append('--set use-ssl:true')
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA simple failover
#@TestName Basic: PTA simple failover
#@TestID basic_pta_011
#@TestPurpose Verify user with a LDAP PTA policy can failover to secondary server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entries
#@TestStep Search users entries as Directory Manager for ds-pwp-password-policy-dn
#@TestStep First search users entries as self
#@TestStep Stop the primary remote ldap server
#@TestStep Second search users entries as self.
#@TestStep Modify the users entries
#@TestStep Restart the primary remote ldap server
#@TestStep Wait for monitor heartbeat to primary remote ldap server
#@TestStep Third search users entries as self
#@TestStep Stop the secondary remote ldap server.
#@TestStep Fourth search users entries as self
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_011" scope="local">
<testcase name="getTestCaseName('PTA simple failover')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
options.append('--set mapped-search-bind-password:secret12')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
<call function="'pta_test_body2'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA failover use-ssl
#@TestName Basic: PTA failover use-ssl
#@TestID basic_pta_012
#@TestPurpose Verify user with a LDAP PTA policy can failover to secondary server
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials over ssl
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entries
#@TestStep Search users entries as Directory Manager for ds-pwp-password-policy-dn
#@TestStep First search users entries as self
#@TestStep Stop the primary remote ldap server
#@TestStep Second search users entries as self.
#@TestStep Modify the users entries
#@TestStep Restart the primary remote ldap server
#@TestStep Wait for monitor heartbeat to primary remote ldap server
#@TestStep Third search users entries as self
#@TestStep Stop the secondary remote ldap server.
#@TestStep Fourth search users entries as self
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_012" scope="local">
<testcase name="getTestCaseName('PTA simple failover use-ssl')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials over ssl.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, ou=People, o=example'] = ['befitting',ldapPtaPolicyName]
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
options.append('--set mapped-search-bind-password:secret12')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
options.append('--set trust-manager-provider:JKS')
options.append('--set use-ssl:true')
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
<call function="'pta_test_body2'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA multiple auth policies
#@TestName Basic: PTA multiple auth policies
#@TestID basic_pta_013
#@TestPurpose Verify multiple LDAP PTA policies
#@TestPreamble Setup PTA
#@TestStep Configure n LDAP PTA policies using mapped-search-bind credentials
#@TestStep Read back each "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entries
#@TestStep Search users entries as Directory Manager for ds-pwp-password-policy-dn
#@TestStep Search users entries as self
#@TestStep Modify the users entries
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_013" scope="local">
<testcase name="getTestCaseName('PTA multiple auth policies')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policies using mapped-search-bind.' }
</call>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jvedder, %s' % remotePTAuserSuffix] = ['befitting','LDAP PTA 0']
userDNsAndPswds['uid=tmorris, %s' % remotePTAuserSuffix] = ['irrefutable','LDAP PTA 1']
userDNsAndPswds['uid=ealexand, %s' % remotePTAuserSuffix] = ['galactose','LDAP PTA 2']
userDNsAndPswds['uid=tjames, %s' % remotePTAuserSuffix] = ['turtle','LDAP PTA 3']
userDNsAndPswds['uid=alangdon, %s' % remotePTAuserSuffix] = ['muzzle','LDAP PTA 4']
userDNsAndPswds['uid=pchassin, %s' % remotePTAuserSuffix] = ['barbital','LDAP PTA 5']
userDNsAndPswds['uid=aknutson, %s' % remotePTAuserSuffix] = ['maltose','LDAP PTA 6']
userDNsAndPswds['uid=pworrell, %s' % remotePTAuserSuffix] = ['solicitous','LDAP PTA 7']
userDNsAndPswds['uid=mtalbot, %s' % remotePTAuserSuffix] = ['currant','LDAP PTA 8']
userDNsAndPswds['uid=bwalker, %s' % remotePTAuserSuffix] = ['interruptible','LDAP PTA 9']
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:cn')
options.append('--set mapped-search-base-dn:dc=AD,dc=com')
options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
options.append('--set mapped-search-bind-password:secret12')
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA use cache
#@TestName Basic: PTA use cache
#@TestID basic_pta_014
#@TestPurpose Verify PTA cache mechanism used when use password cache enabled
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy use cache true and cached password storage scheme Clear
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_014" scope="local">
<testcase name="getTestCaseName('PTA use cache')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jwallace, ou=People, dc=AD,dc=com'] = ['linear',ldapPtaPolicyName]
options=[]
options.append('--backend-name "AD"')
options.append('--set enabled:true')
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'set-backend-prop',
'optionsString' : dsconfigOptions
}
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy to use password caching.' }
</call>
<script>
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapping-policy:unmapped')
options.append('--set cached-password-storage-scheme:Clear')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--set use-password-caching:true')
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Change password on remote servers.' }
</call>
<iterate var="server"
in="_topologyServerList"
indexvar="whoami">
<sequence>
<if expr="whoami == local_ldap">
<sequence>
<message>
'Server is local: do nothing'
</message>
</sequence>
<else>
<sequence>
<message>
'remote-ldap-server %s:%s' \
% (server.getHostname(),server.getPort())
</message>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
ldapObject=[]
ldapObject.append('userPassword:secret12')
</script>
<call function="'modifyAnAttribute'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname() ,
'dsInstancePort' : server.getPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'replace'
}
</call>
</sequence>
</iterate>
</sequence>
</else>
</if>
</sequence>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with old password - should succeed.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with new password - should succeed and password cache/date refreshed.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : 'secret12' ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*',
'dsAttributes' : '* +'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with old password - should fail.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*',
'dsAttributes' : '* +',
'expectedRC' : 49
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Change back this users password.' }
</call>
<iterate var="server"
in="_topologyServerList"
indexvar="whoami">
<sequence>
<if expr="whoami == local_ldap">
<sequence>
<message>
'Server is local: do nothing'
</message>
</sequence>
<else>
<sequence>
<message>
'remote-ldap-server %s:%s' \
% (server.getHostname(),server.getPort())
</message>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
ldapObject=[]
ldapObject.append('userPassword:%s' % userNamePswd[remotePTAuserName][0])
</script>
<call function="'modifyAnAttribute'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname() ,
'dsInstancePort' : server.getPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'replace'
}
</call>
</sequence>
</iterate>
</sequence>
</else>
</if>
</sequence>
</iterate>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'pta_postamble2'"/>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--- Test Case information
#@TestMarker Basic: PTA cached-password-ttl
#@TestName Basic: PTA cached-password-ttl
#@TestID basic_pta_015
#@TestPurpose Verify PTA cached password time to live when use cache password enabled
#@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy using connection-timeout
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_015" scope="local">
<testcase name="getTestCaseName('PTA cached password ttl')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<if expr="not is_windows_platform(STAF_REMOTE_HOSTNAME)">
<!-- Unix -->
<script>
ttl = 30
</script>
<else>
<!-- Windows -->
<script>
ttl = 30
</script>
</else>
</if>
<script>
userDNsAndPswds={}
userDNsAndPswds['uid=jwallace, ou=People, dc=AD,dc=com'] = ['linear',ldapPtaPolicyName]
options=[]
options.append('--backend-name "AD"')
options.append('--set enabled:true')
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'set-backend-prop',
'optionsString' : dsconfigOptions
}
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Configure LDAP PTA Policy to use password caching with short ttl (%ss).' % ttl }
</call>
<script>
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapping-policy:unmapped')
options.append('--set cached-password-storage-scheme:Clear')
options.append('--set cached-password-ttl:%ss' % ttl)
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--set use-password-caching:true')
options.append('--type ldap-pass-through')
</script>
<call function="'pta_test_body1'">
{ 'userNamePswd' : userDNsAndPswds ,
'dsconfigAuthPolicy' : options
}
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Change password on remote servers.' }
</call>
<iterate var="server"
in="_topologyServerList"
indexvar="whoami">
<sequence>
<if expr="whoami == local_ldap">
<sequence>
<message>
'Server is local: do nothing'
</message>
</sequence>
<else>
<sequence>
<message>
'remote-ldap-server %s:%s' \
% (server.getHostname(),server.getPort())
</message>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
ldapObject=[]
ldapObject.append('userPassword:secret12')
</script>
<call function="'modifyAnAttribute'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname() ,
'dsInstancePort' : server.getPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'replace'
}
</call>
</sequence>
</iterate>
</sequence>
</else>
</if>
</sequence>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with old password - should succeed.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*' ,
'dsAttributes' : '* +'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Waiting %ss for password ttl to expire.' % ttl }
</call>
<call function="'Sleep'">
{ 'sleepForMilliSeconds' : ttl*1000 }
</call>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with old password after ttl - should now fail.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*' ,
'expectedRC' : 49
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with new password - should succeed and password cache/date refreshed.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : 'secret12' ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*',
'dsAttributes' : '* +'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'User logs in with old password - should fail.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*',
'dsAttributes' : '* +',
'expectedRC' : 49
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Change back this users password.' }
</call>
<iterate var="server"
in="_topologyServerList"
indexvar="whoami">
<sequence>
<if expr="whoami == local_ldap">
<sequence>
<message>
'Server is local: do nothing'
</message>
</sequence>
<else>
<sequence>
<message>
'remote-ldap-server %s:%s' \
% (server.getHostname(),server.getPort())
</message>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
ldapObject=[]
ldapObject.append('userPassword:%s' % userNamePswd[remotePTAuserName][0])
</script>
<call function="'modifyAnAttribute'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname() ,
'dsInstancePort' : server.getPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'replace'
}
</call>
</sequence>
</iterate>
</sequence>
</else>
</if>
</sequence>
</iterate>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'pta_postamble1'">
{ 'userNamePswd' : userDNsAndPswds }
</call>
<call function="'pta_postamble2'"/>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<function name="pta_test_body1">
<function-map-args>
<function-arg-def name="userNamePswd" type="required">
<function-arg-description>
Dictionary of user names (dn) and passwords.
</function-arg-description>
<function-arg-property name="type" value="Dictionary"/>
</function-arg-def>
<function-arg-def name="dsconfigAuthPolicy" type="required">
<function-arg-description>
Authentication policy in form of a dsconfig options
</function-arg-description>
<function-arg-property name="type" value="List"/>
</function-arg-def>
</function-map-args>
<sequence>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
myldapPtaPolicyName = userNamePswd[remotePTAuserName][1]
myldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % myldapPtaPolicyName
options = []
options += dsconfigAuthPolicy
options.append('--policy-name "%s"' % myldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'create-password-policy',
'optionsString' : dsconfigOptions
}
</call>
</sequence>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Read back the "authentication policy" object.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
myldapPtaPolicyName = userNamePswd[remotePTAuserName][1]
myldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % myldapPtaPolicyName
options=[]
options.append('--policy-name "%s"' % myldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'get-password-policy-prop',
'optionsString' : dsconfigOptions
}
</call>
</sequence>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entries.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<sequence>
<script>
myldapPtaPolicyName = userNamePswd[remotePTAuserName][1]
myldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % myldapPtaPolicyName
ldapObject=[]
ldapObject.append('ds-pwp-password-policy-dn:%s' % myldapPtaPolicyDn)
</script>
<call function="'modifyAnAttribute'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'add'
}
</call>
</sequence>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Search users entries as Directory Manager for ds-pwp-password-policy-dn.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'dsBaseDN' : remotePTAuserName ,
'dsScope' : 'base' ,
'dsFilter' : 'objectclass=*' ,
'dsAttributes' : 'ds-pwp-password-policy-dn'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'First search users entries as self.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsScope' : 'base' ,
'dsFilter' : 'objectclass=*'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Get all the users operational attributes.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'dsBaseDN' : remotePTAuserName ,
'dsScope' : 'base' ,
'dsFilter' : 'objectclass=*' ,
'dsAttributes' : '+'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Modify the users entries.' }
</call>
<script>
ldapObject=[]
ldapObject.append('description:I am now a remote LDAP PTA user')
</script>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'modifyAnAttribute'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'replace'
}
</call>
</iterate>
</sequence>
</function>
<function name="pta_test_body2">
<function-map-args>
<function-arg-def name="userNamePswd" type="required">
<function-arg-description>
Dictionary of user names (dn) and passwords.
</function-arg-description>
<function-arg-property name="type" value="Dictionary"/>
</function-arg-def>
</function-map-args>
<sequence>
<call function="'testStep'">
{ 'stepMessage' : 'Stop the primary remote ldap server.' }
</call>
<call function="'stopServers'">
[[primary_remote_ldap_server]]
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Second search users entries as self.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Modify the users entries.' }
</call>
<script>
ldapObject=[]
ldapObject.append('description:I am now a remote LDAP PTA user')
</script>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'modifyAnAttribute'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0],
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
'changetype' : 'replace'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Restart the primary remote ldap server.' }
</call>
<call function="'startServers'">
[[primary_remote_ldap_server]]
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Wait for monitor heartbeat to primary remote ldap server.' }
</call>
<call function="'Sleep'">
{ 'sleepForMilliSeconds' : '5000' }
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Third search users entries as self.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Stop the secondary remote ldap server.' }
</call>
<call function="'stopServers'">
[[secondary_remote_ldap_server]]
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Fourth search users entries as self.' }
</call>
<iterate var="remotePTAuserName"
in="userNamePswd.keys()"
indexvar="usernum">
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname() ,
'dsInstancePort' : local_ldap_server.getPort(),
'dsInstanceDn' : remotePTAuserName,
'dsInstancePswd' : userNamePswd[remotePTAuserName][0] ,
'dsBaseDN' : remotePTAuserName ,
'dsFilter' : 'objectclass=*'
}
</call>
</iterate>
<call function="'testStep'">
{ 'stepMessage' : 'Start the secondary remote ldap server.' }
</call>
<call function="'startServers'">
[[secondary_remote_ldap_server]]
</call>
</sequence>
</function>
</stax>