1459N/A * The contents of this file are subject to the terms of the 1459N/A * Common Development and Distribution License, Version 1.0 only 1459N/A * (the "License"). You may not use this file except in compliance 1459N/A * You can obtain a copy of the license at 1459N/A * See the License for the specific language governing permissions 1459N/A * and limitations under the License. 1459N/A * When distributing Covered Code, include this CDDL HEADER in each 1459N/A * file and include the License file at 1459N/A * add the following below this CDDL HEADER, with the fields enclosed 1459N/A * by brackets "[]" replaced with your own identifying information: 1459N/A * Portions Copyright [yyyy] [name of copyright owner] 3232N/A * Copyright 2008 Sun Microsystems, Inc. 1459N/A * Tests the enter and leave lockdown mode tasks. 1459N/A * Make sure that the Directory Server is running. 1459N/A * @throws Exception If an unexpected problem occurs. 1459N/A * Make sure that no matter what, when these tests are done the server is no 1459N/A * Test to ensure that the enter and leave lockdown tasks work as expected. 1459N/A * @throws Exception If an unexpected problem occurs. 1459N/A // Add a test user that has the bypass-acl privilege but isn't a root user. 1459N/A "ds-privilege-name: bypass-acl");
1459N/A // Make sure that the server isn't currently in lockdown mode. 1459N/A // Make sure that we can retrieve the server's root DSE over an 1459N/A // unauthenticated client connection. 1459N/A // Create a file that holds the LDIF for putting the server in lockdown 1459N/A "dn: ds-task-id=Enter Lockdown Mode,cn=Scheduled Tasks,cn=tasks",
1459N/A "ds-task-id: Enter Lockdown Mode",
1459N/A "ds-task-class-name: org.opends.server.tasks.EnterLockdownModeTask");
1459N/A "ds-task-id=Enter Lockdown Mode,cn=Scheduled Tasks,cn=tasks");
1459N/A // Ensure that we can't put the server in lockdown mode as a non-root user. 1459N/A // If the local address isn't a loopback address, then verify that we can't 1459N/A // put the server in lockdown mode using it. 1459N/A "-D",
"cn=Directory Manager",
1459N/A // Verify that we can put the server in lockdown mode as a root user over 1459N/A "-D",
"cn=Directory Manager",
1459N/A // If the local IP isn't the loopback address, then verify that we can't 1459N/A // connect using it even as a root user. 1459N/A "-D",
"cn=Directory Manager",
1459N/A // Make sure that we can no longer retrieve the server's root DSE over an 1459N/A // unauthenticated connection. In this case, we'll make sure to use a 1459N/A // Make sure that we can no longer retrieve the server's root DSE over an 1459N/A // authenticated connection. In this case, we'll make sure to use a 1459N/A // Make sure that we can retrieve the server's root DSE over a 1459N/A // root-authenticated loopback connection. 1459N/A "-D",
"cn=Directory Manager",
1459N/A // Use another task to take the server out of lockdown mode and make sure it 1459N/A "dn: ds-task-id=Leave Lockdown Mode,cn=Scheduled Tasks,cn=tasks",
1459N/A "ds-task-id: Leave Lockdown Mode",
1459N/A "ds-task-class-name: org.opends.server.tasks.LeaveLockdownModeTask");
1459N/A "ds-task-id=Leave Lockdown Mode,cn=Scheduled Tasks,cn=tasks");
1459N/A "-D",
"cn=Directory Manager",
1459N/A // Make sure that we can once again retrieve the server's root DSE over an