aci_targetcontrol.xml revision d81978a0815d5b8a75633c35e3e1f8708d36f017
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="aci_targetcontrol"/>
<function name="aci_targetcontrol">
<sequence>
<block name="'aci-target-control'">
<sequence>
<script>
if not CurrentTestPath.has_key('group'):
CurrentTestPath['group']='aci'
CurrentTestPath['suite']=STAXCurrentBlock
</script>
<call function="'testSuite_Preamble'"/>
<!---
Place suite-specific test information here.
#@TestSuiteName ACI Targetcontrol Tests
#@TestSuitePurpose Test the basic ACI Targetcontrol Support.
#@TestSuiteGroup Basic ACI Targetcontrol Tests
#@TestScript aci_targetcontrol.xml
-->
<import machine="STAF_LOCAL_HOSTNAME"
file="'%s/testcases/aci/aci_setup.xml' % (TESTS_DIR)"/>
<call function="'aci_setup'" />
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Preamble
#@TestIssue 452
#@TestPurpose Prepare for targetcontrol tests
#@TestPreamble none
#@TestStep Admin removes global search ACI
#@TestStep Admin adds ACI to access controls
#@TestStep Admin adds ACI to access effective rights
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<testcase name="getTestCaseName('Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'ACI: Targetcontrol: Preamble - Removing Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<script>
allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'add' }
</call>
<script>
curr_aci_ldif_file = 'add_effrights_aci.ldif'
</script>
<message>
'ACI: Targetcontrol: Preamble - Admin adding get effective rights ACI,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<call function="'checktestRC'">
{ 'returncode' : RC ,
'result' : STAXResult }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Targetcontrol using search effective rights with control allow
#@TestIssue 452
#@TestPurpose Test targetcontrol with search effective rights with control allow
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
apprpriate entries are returned for any step.
-->
<!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
<!-- cross reference to DS6 docs -->
<testcase name="getTestCaseName('Basic - search with control allow')">
<sequence>
<call function="'testCase_Preamble'"/>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
</script>
<message>
'ACI: Targetcontrol: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<message>
'ACI: Targetcontrol: Basic - search, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<message>
'ACI: Targetcontrol: Basic - search, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Targetcontrol using search effective rights with control deny
#@TestIssue 452
#@TestPurpose Test targetcontrol with search effective rights with control deny
#@TestPreamble Admin adds an ACI to deny effective rights control and Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestStep Admin removes ACI that denied effective rights control.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap modify operations, 50
for all effective rights search queries, and
appropriate entries are returned for any step.
-->
<!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
<!-- cross reference to DS6 docs -->
<testcase name="getTestCaseName('Basic - search with control deny')">
<sequence>
<call function="'testCase_Preamble'"/>
<script>
deny_aci='(targetcontrol=\"1.3.6.1.4.1.42.2.27.9.5.2\") (version 3.0; acl \"deny effective rights control\"; deny(all) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : deny_aci ,
'changetype' : 'add' }
</call>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
</script>
<message>
'ACI: Targetcontrol: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<message>
'ACI: Targetcontrol: Basic - search, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
'expectedRC' : 50 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel:' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'insufficient access rights' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
'expectedRC' : 50 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<message>
'ACI: Targetcontrol: Basic - search, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
'expectedRC' : 50 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : deny_aci ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Targetcontrol using search effective rights with control allow 2
#@TestIssue 452
#@TestPurpose Test targetcontrol with search effective rights with control allow
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
apprpriate entries are returned for any step.
-->
<!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
<!-- cross reference to DS6 docs -->
<testcase name="getTestCaseName('Basic - search with control allow 2')">
<sequence>
<call function="'testCase_Preamble'"/>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
</script>
<message>
'ACI: Targetcontrol: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<message>
'ACI: Targetcontrol: Basic - search, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<message>
'ACI: Targetcontrol: Basic - search, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Postamble
#@TestIssue 452
#@TestPurpose Reset targetcontrol tests
#@TestPreamble none
#@TestStep Admin deletes ACI to access effective rights
#@TestStep Admin puts back global search ACI
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<testcase name="getTestCaseName('Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'ACI: Targetcontrol: Postamble - Admin deleting get effective rights ACI'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<if expr="RC != 0">
<tcstatus result="'fail'"/>
</if>
<script>
allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'delete' }
</call>
<message>
'ACI: Targetcontrol: Preamble - putting back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<import machine="STAF_LOCAL_HOSTNAME"
file="'%s/testcases/aci/aci_cleanup.xml' % (TESTS_DIR)"/>
<call function="'aci_cleanup'" />
<call function="'testSuite_Postamble'"/>
</sequence>
</block>
</sequence>
</function>
</stax>