0N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
0N/A ! The contents of this file are subject to the terms of the 0N/A ! Common Development and Distribution License, Version 1.0 only 0N/A ! (the "License"). You may not use this file except in compliance 0N/A ! You can obtain a copy of the license at 0N/A ! See the License for the specific language governing permissions 0N/A ! and limitations under the License. 0N/A ! When distributing Covered Code, include this CDDL HEADER in each 0N/A ! file and include the License file at 0N/A ! add the following below this CDDL HEADER, with the fields enclosed 0N/A ! by brackets "[]" replaced with your own identifying information: 0N/A ! Portions Copyright [yyyy] [name of copyright owner] 0N/A ! Portions Copyright 2006-2007 Sun Microsystems, Inc. 0N/A<
defaultcall function="subject_attribute_mapper"/>
0N/A<
function name="subject_attribute_mapper" scope="local">
0N/A <!--- Test Case : setup --> 0N/A #@TestMarker Setup Tests 0N/A #@TestName Set the SASL EXTERNAL mechanism to Subject attribute to User Attribute 0N/A #@TestPurpose Set the SASL EXTERNAL mechanism to Subject attribute to User Attribute 0N/A #@TestStep Map attributes from the certificate subject to attributes in user entries 0N/A #@TestPostamble none 0N/A #@TestResult Success if OpenDS returns 0 for all operations 0N/A <
testcase name="getTestCaseName(' setup - subject_attribute_mapper')">
0N/A <
call function="'testCase_Preamble'"/>
0N/A '---- Configure the SASL EXTERNAL mechanism with Subject Attribute to User Attribute mapper -----'
0N/A <
call function="'modifyAnAttribute'">
0N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
0N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
0N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
0N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
0N/A 'DNToModify' : 'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
0N/A 'attributeName' : 'ds-cfg-certificate-mapper',
0N/A 'newAttributeValue' : 'cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config',
0N/A 'changetype' : 'replace',
0N/A '---- Configure the Subject Attribute to User Attribute mapper -----'
0N/A <
call function="'testCase_Postamble'"/>
0N/A #@TestMarker Subject Attributes mapping to user attribute 0N/A #@TestName Use only one attribute mapping 0N/A #@TestPurpose Map attributes from the certificate subject to attributes in user entries 0N/A #@TestStep the subject certificate is defined with the format : uid=client-cert-1,SUFFIX 0N/A #@TestStep The mapping will be done on the attribute uid from the cerficate subject 0N/A #@TestStep and the attribute 'description' of the user's entry 0N/A #@TestPostamble none 0N/A #@TestResult Success if OpenDS returns 0 for all operations 0N/A <
testcase name="getTestCaseName('subject attribute mapping')">
0N/A <
call function="'testCase_Preamble'"/>
0N/A <!-- Load in the local shared python objects from libraries --> <
call function="'loadVariables'">
'---- Configure the Subject Attribute to User Attribute mapper -----'
<
message>'---- Add a new mapping rule from attribute "uid" from certificate subject and attribute "description" of the user entry'</
message>
<
call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config',
'attributeName' : 'ds-cfg-subject-attribute-mapping',
'newAttributeValue' : 'uid:description',
'changetype' : 'replace',
<
message>'----- Configure the attribute description for user %s ---' % USER_1_DN</
message>
<
message>'----- the attribute description will map with the attribute "uid" of the certificate subject'</
message>
<
call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'description',
'newAttributeValue' : USER_1_CERT,
<
message>'----- Configure the attribute description for user %s ---' % USER_2_DN</
message>
<
message>'----- the attribute description contains invalid value'</
message>
<
message>'----- it will not map with the attribute "uid" of the certificate subject'</
message>
<
call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'description',
'newAttributeValue' : 'bad-certificate',
<!-- Check mapping is working --> <
message>'--- Check SSL communication with SASL EXTERNAL authentication'</
message>
<!-- bound as USER_1_DN --> <
call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
ldapSearchResult = STAXResult[0][1]
<
call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
<!-- No mapping expected --> <
call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
<
message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</
message>
<!-- bound as USER_1_DN --> <
call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
ldapSearchResult = STAXResult[0][1]
<
call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
<!-- No mapping expected --> <
call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
<
call function="'testCase_Postamble'"/>