<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! or http://forgerock.org/license/CDDLv1.0.html.
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2011 ForgeRock AS.
! -->
<stax>
<defaultcall function="pta_setup"/>
<function name="pta_setup">
<function-map-args>
<function-arg-def name="topologyFile"
type="optional"
default="'%s/basic_topology.txt' % REPLICATION_CONFIG_DIR">
<function-arg-description>
Pathname to file describing the topology.
</function-arg-description>
<function-arg-property name="type" value="filepath"/>
</function-arg-def>
</function-map-args>
<sequence>
<block name="'pta-setup'">
<testcase name="getTestCaseName('PTA Setup')">
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Create DS topology as described in %s' % topologyFile
</message>
<call function="'createTopology'">
{ 'topologyDescFile' : topologyFile,
'sharedDataFolder' : 'pta'
}
</call>
<!-- Start the servers in the topology -->
<call function="'startServers'">
[_splitServerList ]
</call>
<script>
ldapPtaPolicyName = 'LDAP PTA'
ldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % ldapPtaPolicyName
local_ldap = 0
primary_remote_ldap = 1
secondary_remote_ldap = 2
local_ldap_server = _topologyServerList[local_ldap]
primary_remote_ldap_server = _topologyServerList[primary_remote_ldap]
secondary_remote_ldap_server = _topologyServerList[secondary_remote_ldap]
primaryHost = primary_remote_ldap_server.getHostname()
primaryPort = primary_remote_ldap_server.getPort()
primarySslPort = primary_remote_ldap_server.getSslPort()
secondaryHost = secondary_remote_ldap_server.getHostname()
secondaryPort = secondary_remote_ldap_server.getPort()
secondarySslPort = secondary_remote_ldap_server.getSslPort()
remotePTAuserDict = {}
remotePTAuserSuffix = 'ou=People, o=example'
localPTAuserPswdFile = '%s/myptapasswd' % local.temp
remotePTAuserPswdFile = '%s/pta/mypasswd' % local_ldap_server.getTmpDir()
# List of Remote LDAP PTA Users and Passwords
remotePTAuserDict['uid=jvedder, %s' % remotePTAuserSuffix] = ['befitting',ldapPtaPolicyName]
remotePTAuserDict['uid=tmorris, %s' % remotePTAuserSuffix] = ['irrefutable',ldapPtaPolicyName]
remotePTAuserDict['uid=ealexand, %s' % remotePTAuserSuffix] = ['galactose',ldapPtaPolicyName]
remotePTAuserDict['uid=tjames, %s' % remotePTAuserSuffix] = ['turtle',ldapPtaPolicyName]
remotePTAuserDict['uid=alangdon, %s' % remotePTAuserSuffix] = ['muzzle',ldapPtaPolicyName]
remotePTAuserDict['uid=pchassin, %s' % remotePTAuserSuffix] = ['barbital',ldapPtaPolicyName]
remotePTAuserDict['uid=aknutson, %s' % remotePTAuserSuffix] = ['maltose',ldapPtaPolicyName]
remotePTAuserDict['uid=pworrell, %s' % remotePTAuserSuffix] = ['solicitous',ldapPtaPolicyName]
remotePTAuserDict['uid=mtalbot, %s' % remotePTAuserSuffix] = ['currant',ldapPtaPolicyName]
remotePTAuserDict['uid=bwalker, %s' % remotePTAuserSuffix] = ['interruptible',ldapPtaPolicyName]
</script>
<!-- Create local PTA passwd -->
<script>
passwd_file = open(localPTAuserPswdFile,"w")
passwd_file.write("%s\n" % local_ldap_server.getRootPwd())
passwd_file.close()
</script>
<!-- Copy local PTA passwd to local ldap server -->
<call function="'copyFile'">
{ 'location' : STAF_LOCAL_HOSTNAME,
'srcfile' : localPTAuserPswdFile,
'destfile' : remotePTAuserPswdFile,
'remotehost' : local_ldap_server.getHostname() }
</call>
<!-- Get the local server store password from keystore.pin -->
<call function="'getFile'">
{ 'location' : local_ldap_server.getHostname(),
'filename' : '%s/%s/config/keystore.pin' \
% (local_ldap_server.getDir(),OPENDSNAME)
}
</call>
<script>
LocalKeyStorePin = STAXResult[1].replace('\n','')
print "Local store password = %s" % LocalKeyStorePin
</script>
<!-- On all servers create suffixes -->
<iterate var="server"
in="_topologyServerList"
indexvar="whoami">
<sequence>
<if expr="whoami == local_ldap">
<sequence>
<message>
'local-ldap-server %s:%s' % \
(server.getHostname(),server.getPort())
</message>
<script>
dataFile = 'Example.ldif'
serverDataFile = '%s/pta/%s' \
% (server.getDataDir(), dataFile)
serverSkipFile = '%s/pta/skipped%s.ldif' \
% (server.getTmpDir(),whoami)
serverRejectFile = '%s/pta/rejects%s.ldif' \
% (server.getTmpDir(),whoami)
</script>
<message>
'Import data from %s into local-ldap-server %s:%s' \
% (serverDataFile, server.getHostname(), server.getPort())
</message>
<!-- Import data into "local-ldap-server" -->
<call function="'ImportLdifWithScript'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname(),
'dsInstanceAdminPort' : server.getAdminPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'backEnd' : 'userRoot',
'ldifFile' : serverDataFile ,
'skipFile' : serverSkipFile ,
'rejectFile' : serverRejectFile
}
</call>
<script>
options=[]
options.append('--backend-name "AD"')
options.append('--set base-dn:"dc=AD,dc=com"')
options.append('--set enabled:true')
options.append('--set writability-mode:enabled')
options.append('--type local-db')
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'create-backend',
'optionsString' : dsconfigOptions
}
</call>
<script>
dataFile = 'AD10.ldif'
serverDataFile = '%s/pta/%s' \
% (local_ldap_server.getDataDir(), dataFile)
serverSkipFile = '%s/pta/skippedAD10.ldif' \
% local_ldap_server.getTmpDir()
serverRejectFile = '%s/pta/rejectsAD10.ldif' \
% local_ldap_server.getTmpDir()
</script>
<call function="'ImportLdifWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'backEnd' : 'AD',
'ldifFile' : serverDataFile,
'skipFile' : serverSkipFile ,
'rejectFile' : serverRejectFile
}
</call>
<script>
options=[]
options.append('--backend-name "AD"')
options.append('--set enabled:false')
dsconfigOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'dsInstanceHost' : local_ldap_server.getHostname(),
'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
'dsInstanceDn' : local_ldap_server.getRootDn(),
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'subcommand' : 'set-backend-prop',
'optionsString' : dsconfigOptions
}
</call>
</sequence>
<else>
<sequence>
<message>
'remote-ldap-server %s:%s' \
% (server.getHostname(),server.getPort())
</message>
<!-- Create different backend on remote-ldap-servers -->
<script>
options=[]
options.append('--backend-name "AD"')
options.append('--set base-dn:"dc=AD,dc=com"')
options.append('--set enabled:true')
options.append('--set writability-mode:enabled')
options.append('--type local-db')
createBackendOptions=' '.join(options)
</script>
<call function="'dsconfig'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname(),
'dsInstanceAdminPort' : server.getAdminPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'subcommand' : 'create-backend',
'optionsString' : createBackendOptions
}
</call>
<script>
dataFile = 'AD.ldif'
serverDataFile = '%s/pta/%s' \
% (server.getDataDir(), dataFile)
serverSkipFile = '%s/pta/skipped%s.ldif' \
% (server.getTmpDir(),whoami)
serverRejectFile = '%s/pta/rejects%s.ldif' \
% (server.getTmpDir(),whoami)
</script>
<message>
'Import data from %s into remote-ldap-server %s:%s' \
% (serverDataFile, server.getHostname(), server.getPort())
</message>
<!-- Import data into "remote-ldap-servers" -->
<call function="'ImportLdifWithScript'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'dsInstanceHost' : server.getHostname(),
'dsInstanceAdminPort' : server.getAdminPort(),
'dsInstanceDn' : server.getRootDn(),
'dsInstancePswd' : server.getRootPwd(),
'backEnd' : 'AD',
'ldifFile' : serverDataFile,
'skipFile' : serverSkipFile ,
'rejectFile' : serverRejectFile
}
</call>
<!-- Get the store password from keystore.pin -->
<call function="'getFile'">
{ 'location' : server.getHostname(),
'filename' : '%s/%s/config/keystore.pin' \
% (server.getDir(),OPENDSNAME)
}
</call>
<script>
keyStorePin = STAXResult[1].replace('\n','')
serverCertPEM = '%s/%s/config/server-cert%s.pem' \
% (server.getDir(),OPENDSNAME,whoami)
print "Remote store password = %s" % keyStorePin
</script>
<!-- Show the certificate details for remote servers -->
<call function="'ListCertificate'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'certAlias' : 'server-cert' ,
'keystore' : 'truststore' ,
'storepass' : keyStorePin,
}
</call>
<!-- Export certificates from remote servers -->
<call function="'ExportCertificate'">
{ 'location' : server.getHostname(),
'dsPath' : '%s/%s' \
% (server.getDir(),OPENDSNAME),
'certAlias' : 'server-cert' ,
'outputfile' : serverCertPEM,
'storepass' : keyStorePin,
'storetype' : 'JKS',
'format' : 'rfc'
}
</call>
<!-- Copy the certificates to local server -->
<script>
LocalServerCertPEM = '%s/%s/config/server-cert%s.pem' \
% (local_ldap_server.getDir(),OPENDSNAME,whoami)
</script>
<call function="'copyFile'">
{ 'location' : server.getHostname(),
'srcfile' : serverCertPEM,
'destfile' : LocalServerCertPEM,
'remotehost' : local_ldap_server.getHostname() }
</call>
<!-- Import Certificates into local server -->
<call function="'ImportCertificate'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'certAlias' : 'server-cert%s' % whoami,
'inputfile' : LocalServerCertPEM,
'keystore' : 'truststore' ,
'storepass' : LocalKeyStorePin,
'storetype' : 'JKS'
}
</call>
<!-- Show the certificate details for local server -->
<call function="'ListCertificate'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
% (local_ldap_server.getDir(),OPENDSNAME),
'certAlias' : 'server-cert%s' % whoami ,
'keystore' : 'truststore' ,
'storepass' : LocalKeyStorePin
}
</call>
</sequence>
</else>
</if>
</sequence>
</iterate>
</sequence>
<finally>
<!-- Test Group postamble -->
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</testcase>
</block>
</sequence>
</function>
</stax>