<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008-2009 Sun Microsystems, Inc.
! Portions Copyright 2011-2013 Forgerock AS
! -->
<stax>
<defaultcall function="privileges_users"/>
<function name="privileges_users">
<sequence>
<block name="'privileges-users'">
<try>
<sequence>
<script>
if not CurrentTestPath.has_key('group'):
CurrentTestPath['group']='privileges'
CurrentTestPath['suite']=STAXCurrentBlock
</script>
<call function="'testSuite_Preamble'"/>
<!---
Place suite-specific test information here.
#@TestSuiteName Privileges Users Tests
#@TestSuitePurpose Test the basic Privileges Support in regrad to basic users.
#@TestSuiteGroup Basic Privileges Users Tests
#@TestScript privileges_users.xml
-->
<call function="'common_setup'">
{
'quickStart' : False ,
'startServer' : True ,
'loadData' : True ,
'stopServer' : False
}
</call>
<import machine="STAF_LOCAL_HOSTNAME"
file="'%s/testcases/privileges/privileges_acis.xml' % (TESTS_DIR)"/>
<call function="'privileges_acis'"/>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName bypass-acl
#@TestIssue none
#@TestPurpose bypass-acl privilege for normal users
#@TestPreamble User searches entry.
#@TestStep Admin removes global search ACI.
#@TestStep User searches entry.
#@TestStep Admin adds privilege.
#@TestStep User searches entry.
#@TestStep Admin removes privilege.
#@TestStep User searches entry.
#@TestStep Admin puts back global search ACI.
#@TestStep User searches entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('bypass-acl')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: bypass-acl, preamble check default privilege'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: bypass-acl, removing search global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Privileges: Users: bypass-acl, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: bypass-acl, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: bypass-acl, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: Putting Back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName bypass-acl with proxy
#@TestIssue none
#@TestPurpose bypass-acl privilege for normal users with proxy permission
#@TestPreamble Admin removes global search ACI.
#@TestStep Admin adds privilege.
#@TestStep User searches entry.
#@TestStep Proxied user searches entry.
#@TestStep Admin adds proxy ACI.
#@TestStep Proxied user searches entry.
#@TestStep Admin deletes proxy ACI.
#@TestStep Admin removes privilege.
#@TestStep User searches entry.
#@TestStep Admin puts back global search ACI.
#@TestStep User searches entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('bypass-acl with proxy')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: bypass-acl with proxy, preamble, removing search global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, adding proxy aci'
</message>
<script>
proxy_aci="(target=\"ldap:///ou=People, o=Privileges Tests, dc=example,dc=com\")(targetattr=\"*\")(version 3.0; acl \"add_proxy_aci\"; allow (proxy) userdn=\"ldap:///uid=aproxy, ou=People, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : proxy_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, Admin deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : proxy_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, Putting Back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName bypass-acl removal with minus notation
#@TestIssue none
#@TestPurpose bypass-acl privilege for normal users with minus notation
#@TestPreamble Admin removes global search ACI.
#@TestStep Admin adds privilege.
#@TestStep User searches entry.
#@TestStep Admin adds privilege with minus notation.
#@TestStep User searches entry.
#@TestStep Admin removes privilege with minus notation.
#@TestStep User searches entry.
#@TestStep Admin removes privilege.
#@TestStep User searches entry.
#@TestStep Admin puts back global search ACI.
#@TestStep User searches entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('bypass-acl with minus notation')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: bypass-acl with minus notation, preamble, removing search global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, Admin adding privilege with minus notation'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-bypass-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, Admin deleting privilege with minus notation'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : '-bypass-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, Putting Back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl with minus notation, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName bypass-acl self-modify add
#@TestIssue none
#@TestPurpose bypass-acl privilege for normal users with self-modify add
#@TestPreamble Admin removes global search ACI.
#@TestStep User adds ACI to itself.
#@TestStep User searches entry.
#@TestStep Admin puts back global search ACI.
#@TestStep User searches entry.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 1, and 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('bypass-acl self-modify add')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: bypass-acl self-modify add, preamble, removing search global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Privileges: Users: bypass-acl self-modify add, user adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'bypass-acl' ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: bypass-acl self-modify add, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' ,
'expectedResult' : '0' }
</call>
<message>
'Privileges: Users: bypass-acl self-modify add, Putting Back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<message>
'Privileges: Users: bypass-acl self-modify add, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName modify-acl - add aci
#@TestIssue none
#@TestPurpose modify-acl privilege for normal users - add aci
#@TestPreamble none
#@TestStep User adds ACI, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User adds ACI.
#@TestStep Admin adds write ACI.
#@TestStep User adds ACI.
#@TestStep Admin removes privilege.
#@TestStep User adds second ACI.
#@TestStep Admin deletes write ACI.
#@TestStep Admin deletes user-added ACI.
#@TestStep User adds second ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 3, 7 and 10, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - add aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: modify-acl - add aci, check default, user adding ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - add aci, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - add aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - add aci, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - add aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - add aci, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - add aci, user adding second ACI'
</message>
<script>
search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - add aci, Admin deleting user-added ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - add aci, user adding second ACI'
</message>
<script>
search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search3_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName modify-acl - add aci - disable privilege
#@TestIssue none
#@TestPurpose disable privilege for modify-acl privilege for normal users - add aci
#@TestPreamble none
#@TestStep Admin adds write ACI.
#@TestStep User adds ACI.
#@TestStep Admin adds disabled-privilege.
#@TestStep User adds ACI.
#@TestStep Admin deletes write ACI.
#@TestStep User adds second ACI.
#@TestStep Admin deletes disabled-privilege.
#@TestStep Admin deletes user-added ACI.
#@TestStep User adds second ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 2, 6, and 9, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - add aci - disable privilege')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' ,
'expectedRC' : 50 }
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, Admin disabling privilege'
</message>
<call function="'dsconfigSet'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'objectName' : 'global-configuration' ,
'attributeName' : 'disabled-privilege' ,
'attributeValue' : 'modify-acl' }
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
</message>
<script>
search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, Admin un-disabling privilege'
</message>
<call function="'dsconfigSet'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'objectName' : 'global-configuration' ,
'attributeName' : 'disabled-privilege' ,
'attributeValue' : 'modify-acl' ,
'modifyType' : 'remove' }
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting user-added ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
</message>
<script>
search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search3_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName modify-acl - replace aci
#@TestIssue none
#@TestPurpose modify-acl privilege for normal users - replace aci
#@TestPreamble none
#@TestStep User replaces ACI, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User replaces ACI.
#@TestStep Admin adds write ACI.
#@TestStep User replaces ACI.
#@TestStep Admin deletes write ACI.
#@TestStep User replaces ACI.
#@TestStep Admin removes privilege.
#@TestStep User replaces ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 3, 7 and 9, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - replace aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: modify-acl - replace aci, check default, user replacing ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - replace aci, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - replace aci, user replacing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - replace aci, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - replace aci, user replacing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' }
</call>
<message>
'Privileges: Users: modify-acl - replace aci, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - replace aci, user replacing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - replace aci, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - replace aci, user replacing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName modify-acl - delete aci
#@TestIssue none
#@TestPurpose modify-acl privilege for normal users - delete aci
#@TestPreamble none
#@TestStep User deletes ACI, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User deletes ACI.
#@TestStep Admin adds write ACI.
#@TestStep User deletes ACI.
#@TestStep Admin deletes write ACI.
#@TestStep Admin removes privilege.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1 and 3, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('modify-acl - delete aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: modify-acl - delete aci, preamble, check default, user deleting ACI'
</message>
<script>
write_aci_dmiller="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_dmiller\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci_dmiller ,
'changetype' : 'delete' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - delete aci, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - delete aci, user deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci_dmiller ,
'changetype' : 'delete' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - delete aci, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: modify-acl - delete aci, user deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci_dmiller ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - delete aci, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: modify-acl - delete aci, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName config-read
#@TestIssue none
#@TestPurpose config-read privilege for normal users
#@TestPreamble none
#@TestStep User searches cn=config, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User searches cn=config.
#@TestStep Admin removes privilege.
#@TestStep User searches cn=config.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1 and 5, and 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('config-read')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: config-read, check default privilege, user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-read, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-read' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-read, user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: cn=config' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'ds-cfg-check-schema:' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: config-read, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-read' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-read, user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' ,
'expectedRC' : 50 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: cn=config' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName config-read - disable privilege
#@TestIssue none
#@TestPurpose config-read privilege for normal users
#@TestPreamble none
#@TestStep User searches cn=config, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User searches cn=config.
#@TestStep Admin removes privilege.
#@TestStep User searches cn=config.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1 and 5, and 0
for all other ldap operations.
Proper entries returned for allowed searches.
-->
<testcase name="getTestCaseName('config-read - disable privilege')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: config-read - disable privilege, check default privilege, user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-read - disable privilege, Admin disabling privilege'
</message>
<call function="'dsconfigSet'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'objectName' : 'global-configuration' ,
'attributeName' : 'disabled-privilege' ,
'attributeValue' : 'config-read' }
</call>
<message>
'Privileges: Users: config-read - disable privilege, user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: cn=config' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'ds-cfg-check-schema:' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: config-read - disable privilege, Admin un-disabling privilege'
</message>
<call function="'dsconfigSet'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'objectName' : 'global-configuration' ,
'attributeName' : 'disabled-privilege' ,
'attributeValue' : 'config-read' ,
'modifyType' : 'remove' }
</call>
<message>
'Privileges: Users: config-read - disable privilege, user searching cn=config'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-check-schema' ,
'extraParams' : '-s base' ,
'expectedRC' : 50 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: cn=config' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName config-write
#@TestIssue none
#@TestPurpose config-write privilege for normal users
#@TestPreamble none
#@TestStep User modifies cn=config, check default behavior.
#@TestStep Admin adds write privilege.
#@TestStep User modifies cn=config.
#@TestStep Admin adds read privilege.
#@TestStep User modifies cn=config.
#@TestStep Admin adds write ACI.
#@TestStep User modifies cn=config.
#@TestStep Admin removes read privilege.
#@TestStep User modifies cn=config.
#@TestStep Admin removes write privilege.
#@TestStep User modifies cn=config.
#@TestStep Admin removes write ACI.
#@TestStep User modifies cn=config.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 3, 5, 9, 11, and 13, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('config-write')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: config-write, check default privilege, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-write' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-read' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"ds-cfg-check-schema\")(version 3.0; acl \"add_write_config\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' }
</call>
<message>
'Privileges: Users: config-write, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-read' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-write' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write, user modifying cn=config'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'ds-cfg-check-schema' ,
'newAttributeValue' : 'true' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName config-write - add global aci
#@TestIssue none
#@TestPurpose config-write privilege for normal users - add global aci
#@TestPreamble none
#@TestStep User adds global ACI, check default behavior.
#@TestStep Admin adds read privilege.
#@TestStep User adds global ACI.
#@TestStep Admin adds write privilege.
#@TestStep User adds global ACI.
#@TestStep Admin adds write ACI.
#@TestStep User adds global ACI.
#@TestStep Admin removes write privilege.
#@TestStep User adds second global ACI.
#@TestStep Admin removes read privilege.
#@TestStep User adds second global ACI.
#@TestStep Admin removes write ACI.
#@TestStep Admin removes user-added global ACI.
#@TestStep User adds second global ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 3, 5, 9, 11, and 14, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('config-write - add global aci')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: config-write - add global aci, check default, user adding ACI'
</message>
<script>
another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : another_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-read' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write - add global aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : another_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-write' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write - add global aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : another_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"ds-cfg-global-aci\")(version 3.0; acl \"add_allow_global_aci\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write - add global aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : another_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-write' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write - add global aci, user adding ACI'
</message>
<script>
global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'config-read' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write - add global aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=config' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci',
'newAttributeValue' : another_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: config-write - add global aci, user adding ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : global2_aci ,
'changetype' : 'add' ,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName password-reset
#@TestIssue none
#@TestPurpose config-write privilege for normal users
#@TestPreamble Admin adds write ACI
#@TestStep User resets another users password, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User resets another users password.
#@TestStep Other user binds with search operation.
#@TestStep Admin deletes write ACI.
#@TestStep User resets another users password.
#@TestStep Admin removes privilege.
#@TestStep User resets another users password.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 6, and 8, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('password-reset')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: password-reset, preamble, Admin adding ACI'
</message>
<script>
write_aci="(targetattr=\"userpassword\")(version 3.0; acl \"add_modify_acl\"; allow (write,add,delete) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: password-reset, check default privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'bananas' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: password-reset, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'password-reset' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: password-reset, user resetting password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'bananas' ,
'changetype' : 'replace' }
</call>
<message>
'Privileges: Users: password-reset, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bhall,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'bananas' ,
'dsBaseDN' : 'ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=bhall,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid: bhall' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: password-reset - delete aci, Admin deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: password-reset, user resetting password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'bananas' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: password-reset, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'password-reset' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: password-reset, user resetting password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'bananas' ,
'changetype' : 'replace' ,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName update-schema
#@TestIssue none
#@TestPurpose update-schema privilege for normal users
#@TestPreamble Admin adds write ACI
#@TestStep User adds new schema object, check default behavior.
#@TestStep Admin adds new entry that uses new object class.
#@TestStep Admin adds privilege.
#@TestStep User adds new schema object.
#@TestStep Admin adds new entry that uses new object class.
#@TestStep Admin searches new entry.
#@TestStep Admin deletes write ACI.
#@TestStep Admin removes privilege.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for step 1, 65 for step 2, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('update-schema')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: update-schema, preamble, Admin adding ACI'
</message>
<script>
write_aci="(target=\"ldap:///cn=schema\")(targetattr=\"objectclasses\")(version 3.0; acl \"add_global_write_schema\"; allow (all) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: update-schema, preamble, Admin add subentry-write privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'subentry-write' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: update-schema, check default privilege, user adding new schema object'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: update-schema, Admin adding entry that uses new object class'
</message>
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'expectedRC' : 65
}
</call>
<message>
'Privileges: Users: update-schema, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'update-schema' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: update-schema, user adding new schema object'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
</call>
<message>
'Privileges: Users: update-schema, Admin adding entry that users new object class'
</message>
<!--
<script>
listAttr=[]
listAttr.append('objectclass:top')
listAttr.append('objectclass:person')
listAttr.append('objectclass:mozillaobject')
listAttr.append('cn:Salmon Fish')
listAttr.append('sn:Fish')
listAttr.append('givenname:Salmon')
listAttr.append('l:Cupertino')
listAttr.append('uid:sfish')
</script>
<call function="'addAnEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToAdd' : 'uid=sfish, ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributesToAdd' : listAttr }
</call>
-->
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'Privileges: Users: password-reset, user searching entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=sfish,ou=People,o=Privileges Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid: sfish' ,
'expectedResult' : '1' }
</call>
<message>
'Privileges: Users: update-schema, Admin deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: update-schema, Admin deleting update-schema privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'update-schema' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: update-schema, Admin deleting subentry-write privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'subentry-write' ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName privilege-change
#@TestIssue none
#@TestPurpose privilege-change privilege for normal users
#@TestPreamble Admin adds write ACI
#@TestStep Admin adds privilege-change privilege to first user.
#@TestStep First user adds modify-acl privilege to second user.
#@TestStep Second user adds an ACI.
#@TestStep Admin removes modify-acl privilege.
#@TestStep Admin removes privilege-change privilege.
#@TestStep Admin deletes user-added ACI.
#@TestStep Admin deletes write ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('privilege-change')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: privilege-change, Admin adding write ACI'
</message>
<script>
write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: privilege-change, Admin adding privilege to first user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'privilege-change' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: privilege-change, first user adding privilege to second user'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: privilege-change, second user adding ACI'
</message>
<script>
search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: privilege-change, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'modify-acl' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: privilege-change, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'privilege-change' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: privilege-change, Admin deleting ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: privilege-change, Admin deleting write ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : write_aci ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName server-shutdown
#@TestIssue none
#@TestPurpose server-shutdown privilege for normal users
#@TestPreamble none
#@TestStep User adds shutdown task, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User adds shutdown task.
#@TestStep Admin adds write ACI.
#@TestStep User adds shutdown task.
#@TestStep Admin removes privilege.
#@TestStep User adds shutdown task.
#@TestStep Admin deletes write ACI.
#@TestStep User adds shutdown task.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 3, 7, and 9, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('server-shutdown')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: server-shutdown, user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: server-shutdown, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'server-shutdown' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: server-shutdown, user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: server-shutdown, Admin adding ACI'
</message>
<script>
search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: server-shutdown, user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : '%s-OK' % STAXCurrentTestcase,
}
</call>
<if expr="STAFCmdRC != 0">
<tcstatus result="'fail'"/>
<else>
<sequence>
<!--- Start DS -->
<message>
'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
</message>
<call function="'StartDsWithScript'">
{ 'location' : STAF_REMOTE_HOSTNAME }
</call>
<!--- Check that DS started -->
<call function="'isAlive'">
{ 'noOfLoops' : 10 ,
'noOfMilliSeconds' : 2000 }
</call>
</sequence>
<!--- End Block DS Process Active -->
</else>
</if>
<message>
'Privileges: Users: server-shutdown, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'server-shutdown' ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: server-shutdown, user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : '%s-nopriv' % STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: server-shutdown, Admin removing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: server-shutdown, user adding server shutdown task'
</message>
<call function="'shutdownTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : '%s-noaci' % STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
#@TestName server-restart
#@TestIssue none
#@TestPurpose server-restart privilege for normal users
#@TestPreamble none
#@TestStep User adds restart task, check default behavior.
#@TestStep Admin adds privilege.
#@TestStep User adds restart task.
#@TestStep Admin adds write ACI.
#@TestStep User adds restart task.
#@TestStep Admin removes privilege.
#@TestStep User adds restart task.
#@TestStep Admin deletes write ACI.
#@TestStep User adds restart task.
#@TestPostamble none
#@TestResult Success if OpenDS returns 50
for steps 1, 3, 7, and 9, and 0
for all other ldap operations.
-->
<testcase name="getTestCaseName('server-restart')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Privileges: Users: server-restart, user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: server-restart, Admin adding privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'server-restart' ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: server-restart, user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: server-restart, Admin adding ACI'
</message>
<script>
search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'add' }
</call>
<message>
'Privileges: Users: server-restart, user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
}
</call>
<message>
'Privileges: Users: server-restart, Admin deleting privilege'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'attributeName' : 'ds-privilege-name' ,
'newAttributeValue' : 'server-restart' ,
'changetype' : 'delete' }
</call>
<!--
<message>
'Privileges: Users: server-restart, user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
<message>
'Privileges: Users: server-restart, Admin removing ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Access Control Handler,cn=config' ,
'attributeName' : 'ds-cfg-global-aci' ,
'newAttributeValue' : search_aci ,
'changetype' : 'delete' }
</call>
<message>
'Privileges: Users: server-restart, user adding server restart task'
</message>
<call function="'restartTask'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules',
'taskID' : STAXCurrentTestcase,
'expectedRC' : 50
}
</call>
-->
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
<finally>
<sequence>
<!-- Test Suite Cleanup -->
<message>'Finally: Global Privileges Users Cleanup.'</message>
<try>
<call function="'common_cleanup'" />
<catch exception="'STAFException'">
<sequence>
<message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
</sequence>
</catch>
<finally>
<call function="'testSuite_Postamble'"/>
</finally>
</try>
</sequence>
</finally>
</try>
</block>
</sequence>
</function>
</stax>