<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2006-2008 Sun Microsystems, Inc.
! Portions Copyright 2013 ForgeRock AS
! -->
<stax>
<defaultcall function="deprecated_schemes"/>
<function name="deprecated_schemes">
<!---
Place suite-specific test information here.
#@TestSuiteName Deprecated Schemes
#@TestSuitePurpose Test the support for deprecated password schemes.
#@TestSuiteGroup Deprecated Password Storage Scheme Tests
#@TestScript security_deprecated_schemes.xml
-->
<sequence>
<!--- Test case: Admin Add Three Additional Pwd Storage Schemes -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Deprecated Schemes Preamble
#@TestIssue none
#@TestPurpose Prepare to deprecate MD5 scheme
#@TestPreamble none
#@TestStep Admin Adding 3 Pwd Storage Schemes,
MD5, SSHA256, and BASE64.
#@TestStep User Change Password.
#@TestStep Check MD5 Scheme Before Deprecating.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations and a user password
is successfully stored in the MD5 scheme.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecated Pwd Schemes: Preamble Step 1. Admin Adding 3 Pwd Storage Schemes'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'MD5' ,
'modifyType' : 'add' }
</call>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Base64' ,
'modifyType' : 'add' }
</call>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-256' ,
'modifyType' : 'add' }
</call>
<message>
'Security: Deprecated Pwd Schemes: Preamble Step 2. User Change Password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'squatted' ,
'DNToModify' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'squinted' ,
'changetype' : 'replace' }
</call>
<message>
'Security: Deprecating Pwd Schemes: Preamble Step 3. Checking for MD5 Scheme Before Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Admin Deprecate MD5 Scheme-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Admin Deprecate MD5
#@TestIssue none
#@TestPurpose Deprecate MD5 scheme
#@TestPreamble none
#@TestStep Admin Deprecate MD5 Scheme.
#@TestStep Admin Remove MD5 Scheme From Default.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Admin Deprecate MD5')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecated Pwd Schemes: Admin Deprecating MD5 Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'deprecated-password-storage-scheme' ,
'attributeValue' : 'MD5' }
</call>
<message>
'Security: Deprecated Pwd Schemes: Admin Removing MD5 Scheme From Default'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
'attributeName' : 'ds-cfg-default-password-storage-scheme' ,
'newAttributeValue' : 'cn=MD5,cn=Password Storage Schemes,cn=config' ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that MD5 hashed password is still present from existing user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For MD5 Password Presence
#@TestIssue none
#@TestPurpose Test to determine if the user password in MD5 scheme is listed.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {MD5}, is found
in the userpassword of an already existing user.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For MD5 on an existing entry (before user bind)')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for MD5 Hashed Pwd After Deprecating - Existing User (before user bind)'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName User Bind
#@TestIssue none
#@TestPurpose Test a user bind.
#@TestPreamble none
#@TestStep User binds.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and the user binds successfully.
-->
<testcase name="getTestCaseName('Deprecated Schemes - User Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecated Pwd Schemes: User Binding'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'squinted' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that MD5 hashed password is no more present from existing user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For MD5 Password Deletion
#@TestIssue none
#@TestPurpose Test to determine if the user password in MD5 scheme is listed.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {MD5}, is not found
in the userpassword of an already existing user
after the user bind (password has been migrated).
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For MD5 on an existing entry (after user bind)')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for MD5 Hashed Pwd After Deprecating - Existing User (after user bind)'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' ,
'expectedRC' : 1 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that MD5 hashed password is deleted from new user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For MD5 Password Deletion
#@TestIssue none
#@TestPurpose Test to determine if the user password in MD5 scheme is not present.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {MD5}, is not found
in the userpassword for a new entry.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For MD5 not present for a new entry')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for MD5 Hashed Pwd After Deprecating - New User'
</message>
<!-- Add an entry -->
<script>
listAttr = []
listAttr.append('objectclass:top')
listAttr.append('objectclass:organizationalperson')
listAttr.append('objectclass:inetorgperson')
listAttr.append('objectclass:person')
listAttr.append('givenname:test')
listAttr.append('sn:test')
listAttr.append('cn:test')
listAttr.append('mail:test')
listAttr.append('userPassword:usermd5')
</script>
<call function="'addAnEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToAdd' : 'uid=test, ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com',
'listAttributes' : listAttr
}
</call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=test, ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com',
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' ,
'expectedRC' : 1 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that other schemes were not deleted from from user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For SSHA256 Password Deletion
#@TestIssue none
#@TestPurpose Test to determine if the user password in SSHA256 scheme was deleted.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {SSHA256}, is found
in the userpassword.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For Non-Deletions - SSHA256')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for SSHA256 Hashed Pwd After Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'SSHA256' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For BASE64 Password Deletion
#@TestIssue none
#@TestPurpose Test to determine if the user password in Base64 scheme was deleted.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {BASE64}, is found
in the userpassword.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For Non-Deletions - BASE64')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for BASE64 Hashed Pwd After Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'BASE64' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin Reset To SSHA Storage Scheme -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Deprecated Schemes Postamble
#@TestIssue none
#@TestPurpose Reset back to the default SSHA storage scheme.
#@TestPreamble none
#@TestStep Admin reset the password policy to SSHA password scheme.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
-->
<testcase name="getTestCaseName('Deprecated Schemes - Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Postamble - Admin Resetting to SSHA Storage Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-1' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin Add Additional Pwd Storage Schemes -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker New Deprecated Schemes
#@TestName Deprecated Schemes Preamble
#@TestIssue none
#@TestPurpose Prepare to deprecate SSHA scheme
#@TestPreamble none
#@TestStep Admin Adding MD5 Pwd Storage Schemes.
#@TestStep Check MD5 Scheme Before Deprecating.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations and a user password
is not stored in the MD5 scheme.
-->
<testcase name="getTestCaseName('New Deprecated Schemes - Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: New Deprecated Pwd Schemes: Preamble Step 1. Admin Adding MD5 Pwd Storage Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'MD5' ,
'modifyType' : 'add' }
</call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Security: New Deprecating Pwd Schemes: Preamble Step 2. Checking for SSHA is present Before Deprecating'
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'SSHA' }
</call>
<message>
'Security: New Deprecating Pwd Schemes: Preamble Step 3. Checking for MD5 is not present Before Deprecating'
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' ,
'expectedRC' : 1 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Admin Deprecate SSHA Scheme-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker New Deprecated Schemes
#@TestName Admin Deprecate SSHA
#@TestIssue none
#@TestPurpose Deprecate SSHA scheme
#@TestPreamble none
#@TestStep Admin Deprecate SSHA Scheme.
#@TestStep Admin Remove SSHA Scheme From Default.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<testcase name="getTestCaseName('New Deprecated Schemes - Admin Deprecate SSHA')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: New Deprecated Pwd Schemes: Admin Deprecating SSHA Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'deprecated-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-1' }
</call>
<message>
'Security: New Deprecated Pwd Schemes: Admin Removing SSHA Scheme From Default'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
'attributeName' : 'ds-cfg-default-password-storage-scheme' ,
'newAttributeValue' : 'cn=Salted SHA-1,cn=Password Storage Schemes,cn=config' ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that SSHA hashed password is still present
from existing user's entry and MD5 is not present -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker New Deprecated Schemes
#@TestName Check For SSHA Password Presence and
MD5 Not Presence
#@TestIssue none
#@TestPurpose Test to determine if the user password in Salted SHA-1
scheme is listed.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {SSHA}, is found
in the userpassword and not {MD5} of an already existing user.
-->
<testcase name="getTestCaseName('New Deprecated Schemes - Check For Password Schemes on an existing entry (before user bind)')">
<sequence>
<call function="'testCase_Preamble'"/>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Security: New Deprecating Pwd Schemes: Checking for SSHA is present After Deprecating - Existing User (before user bind)'
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'SSHA' }
</call>
<message>
'Security: New Deprecating Pwd Schemes: Checking for MD5 is not present After Deprecating - Existing User (before user bind)'
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' ,
'expectedRC' : 1 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker New Deprecated Schemes
#@TestName User Bind
#@TestIssue none
#@TestPurpose Test a user bind.
#@TestPreamble none
#@TestStep User binds.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and the user binds successfully.
-->
<testcase name="getTestCaseName('Deprecated Schemes - User Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: New Deprecated Pwd Schemes: User Binding'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'oranges' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that MD5 hashed password is no more present from existing user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker New Deprecated Schemes
#@TestName Check For SSHA Password Deletion
#@TestIssue none
#@TestPurpose Test to determine if the user password in MD5 scheme is listed.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {MD5}, is found
but not {SSHA} in the userpassword of an already
existing user after the user bind (password has been migrated).
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For Password Schemes on an existing entry (after user bind)')">
<sequence>
<call function="'testCase_Preamble'"/>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Security: New Deprecating Pwd Schemes: Checking for SSHA is no more present After Deprecating - Existing User (after user bind)'
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'SSHA' ,
'expectedRC' : 1 }
</call>
<message>
'Security: New Deprecating Pwd Schemes: Checking for MD5 is present After Deprecating - Existing User (after user bind)'
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin Reset To SSHA Storage Scheme -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker New Deprecated Schemes
#@TestName Deprecated Schemes Postamble
#@TestIssue none
#@TestPurpose Reset back to the default SSHA storage scheme.
#@TestPreamble none
#@TestStep Admin reset the password policy to SSHA password scheme.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
-->
<testcase name="getTestCaseName('New Deprecated Schemes - Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: New Deprecating Pwd Schemes: Postamble - Admin Resetting to SSHA Storage Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-1' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>