proxy_auth_tests.xml revision 75e4d72341a69fa125aeab6e326e49a5422a9eac
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying * information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008-2010 Sun Microsystems, Inc.
! Portions Copyright 2011-2013 ForgeRock AS.
! -->
<stax>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Preamble
#@TestIssue none
#@TestPurpose Test default aci settings
#@TestPreamble none
#@TestStep Client searches entry for an attribute in a branch dn.
#@TestStep Client searches entry for an attribute in another branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and no entries are returned
for all operations.
-->
<function name="aci_proxy_auth_001" scope="local">
<testcase name="getTestCaseName('Proxy Auth Preamble')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Proxy Auth: Preamble - Removing Search Global ACI'
</message>
<!-- Remove the global ACI -->
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<!-- Allow the proxy auth control for all ldap users read only -->
<script>
allow_aci='(targetcontrol=\"2.16.840.1.113730.3.4.18\") (version 3.0; acl \"allow proxy auth control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<!-- Add the ACI under suffix -->
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'add' }
</call>
<message>
'ACI: Proxy Auth: Preamble - existing branch, user searching entry that will be targeted in future tests'
</message>
<!-- Search a users entry as another user. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'cn=*' ,
'attributes' : 'cn sn uid telephonenumber'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<!-- TODO: Also perform a modify operation - should return insufficient access -->
<message>
'ACI: Proxy Auth: Preamble - existing branch, user searching entry that will be non-targeted in future tests'
</message>
<!-- Search a users entry as another user. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'cn=*' ,
'attributes' : 'cn sn uid telephonenumber'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests' }
</call>
<!-- TODO: Also perform a modify operation - should return insufficient access -->
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user, one proxied user
#@TestPreamble none
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry that does not have the targeted dn for the targetattr.
#@TestStep Remove all acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
No entries are returned for any steps.
-->
<function name="aci_proxy_auth_002" scope="local">
<testcase name="getTestCaseName('one proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Proxy Auth: one proxied user, user searching targeted entry'
</message>
<!-- Search a users entry as another user (uid=auser). This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one proxied user, second user searching targeted entry'
</message>
<!-- Search a users entry as another user (uid=buser). This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one proxied user, proxied user searching targeted entry'
</message>
<!-- Search a users entry as uid=aproxy. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<!-- Add the proxi aci for user uid=aproxy under ou=aci branch -->
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: one proxied user, preamble adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one proxied user, proxy user searching targeted entry'
</message>
<!-- Search users entry with proxy dn without allowed aci access. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<!-- TODO: Also perform a modify operation - should return insufficient access -->
<message>
'ACI: Proxy Auth: one proxied user, admin deleting both acis'
</message>
<!-- Delete the proxy aci for user uid=aproxy -->
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one proxied user, user searching targeted entry'
</message>
<!-- Search a users entry as another user. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one user, one proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user, one proxied user
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Entry is returned only for steps 1 and 5
and only with the specified attribute.
-->
<function name="aci_proxy_auth_003" scope="local">
<testcase name="getTestCaseName('one user, one proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<!-- Allow user uid=auser access to all entries under ou=aci branch -->
<script>
curr_aci_ldif_file = 'add_user_aci_all.ldif'
</script>
<message>
'ACI: Proxy Auth: one user, one proxied user, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
</message>
<!-- Search a users entry under suffix as uid=auser. This should return a result -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
</message>
<!-- Search a users entry as another user. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user, one proxied user, proxied user searching targeted entry'
</message>
<!-- Search a users entry just as proxy user. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<!-- Add the proxi aci for user uid=aproxy under ou=aci branch -->
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: one user, one proxied user, adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, one proxied user, proxied user searching targeted entry'
</message>
<!-- Search users entry with proxy dn with allowed aci access. This should return results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<!-- TODO: Also perform a modify operation - should return success -->
<message>
'ACI: Proxy Auth: one user, one proxied user, proxied second user searching targeted entry'
</message>
<!-- Search users entry with proxy dn without allowed aci access. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user, one proxied user, admin deleting both acis'
</message>
<!-- Remove aci attribute for uid=auser -->
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
</message>
<!-- Search a users entry as a uid=auser. This should return no results -->
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one user for adds, one proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user for adds, one proxied user
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
No entries returned for any step.
-->
<function name="aci_proxy_auth_004" scope="local">
<testcase name="getTestCaseName('one user for adds, one proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_add.ldif'
</script>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one user for searches, one proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user for searches, one proxied user
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Entry is returned only for steps 1 and 5
and only with the specified attribute.
-->
<function name="aci_proxy_auth_005" scope="local">
<testcase name="getTestCaseName('one user for searches, one proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_search.ldif'
</script>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one user for searches reads separate level, one proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user for searches reads separate level, one proxied user
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Remove another level of acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Entry is returned only for steps 1 and 5
and only with the specified attribute.
-->
<function name="aci_proxy_auth_006" scope="local">
<testcase name="getTestCaseName('one user for searches reads separate level, one proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_search_sep.ldif'
</script>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with many users with wildcard, one proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with many users with wildcard, one proxied user
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Remove another level of acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Entry is returned only for steps 1, 2, 5 and 6
and only with the specified attribute.
-->
<function name="aci_proxy_auth_007" scope="local">
<testcase name="getTestCaseName('many users with wildcard, one proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_all_wildcard.ldif'
</script>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one user, many proxied users with wildcard
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user, many proxied users with wildcard
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Remove another level of acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
Entry is returned only for steps 1, 2, 5 and 6
and only with the specified attribute.
-->
<function name="aci_proxy_auth_008" scope="local">
<testcase name="getTestCaseName('many users one user, many proxied users with wildcard')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_all.ldif'
</script>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci_wildcard.ldif'
</script>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, preamble adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with one user, one bad proxied user
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with one user, one bad proxied user
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as proxied user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Admin adds an aci giving proxied user permission to access as user.
#@TestStep Client searches entry in targeted branch as proxied user through user.
#@TestStep Client searches entry in targeted branch as proxied user through second user.
#@TestStep Remove all acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, except step 4 where 123 is expected.
Entry is returned only for step 1
and only with the specified attribute.
-->
<function name="aci_proxy_auth_009" scope="local">
<testcase name="getTestCaseName('one user, one bad proxied user')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_all.ldif'
</script>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' ,
'expectedRC' : 123 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'SEARCH operation failed' ,
'expectedResult' : '1' }
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci.ldif'
</script>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' ,
'expectedRC' : 123 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'SEARCH operation failed' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ProxyRules' ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' ,
'expectedRC' : 123 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'SEARCH operation failed' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Proxy rights with Directory Manager as proxy
#@TestIssue none
#@TestPurpose Test ACI with proxy rights with Directory Manager as proxy
#@TestPreamble Admin adds an aci giving user search and read access to one branch.
#@TestStep Client searches entry in targeted branch as user.
#@TestStep Client searches entry in targeted branch as second user.
#@TestStep Client searches entry in targeted branch as cn=Directory Manager proxied user.
#@TestStep Admin adds ds-privilege-name to cn=Directory Manager
#@TestStep Client searches entry in targeted branch as cn=Directory Manager proxied user.
#@TestStep Client searches entry in targeted branch as cn=Directory Manager proxied user through second user.
#@TestStep Admin deletes ds-privilege-name from cn=Directory Manager
#@TestStep Remove all acis.
#@TestStep Client searches entry in the previously targeted branch.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations except step 3 where 123 is expected.
Entry is returned only for steps 1 and 5
and only with the specified attribute.
-->
<function name="aci_proxy_auth_010" scope="local">
<testcase name="getTestCaseName('Directory Manager as proxy')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_user_aci_all.ldif'
</script>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, preamble adding user aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'SEARCH operation failed' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, adding proxied-auth'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<script>
curr_aci_ldif_file = 'add_proxy_aci_dm.ldif'
</script>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, adding proxy aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, proxied user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, proxied second user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'cn:' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, deleting proxied-auth'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, admin deleting both acis'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'cn sn uid telephonenumber' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Proxy Authorization Tests
#@TestName Postamble
#@TestIssue none
#@TestPurpose Test default aci settings
#@TestPreamble none
#@TestStep Client searches entry for an attribute in a branch dn.
#@TestStep Client searches entry for an attribute in another branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and no entries are returned
for all operations.
-->
<function name="aci_proxy_auth_011" scope="local">
<testcase name="getTestCaseName('Proxy Auth Postamble')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Proxy Auth: Postamble - existing branch, user searching entry that will be targeted in future tests'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'cn=*' ,
'attributes' : 'cn sn uid telephonenumber'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Proxy Auth: Postamble - existing branch, user searching entry that will be non-targeted in future tests'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'cn=*' ,
'attributes' : 'cn sn uid telephonenumber'}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'dn: uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests' ,
'expectedResult' : '0' }
</call>
<script>
allow_aci='(targetcontrol=\"2.16.840.1.113730.3.4.18\") (version 3.0; acl \"allow proxy auth control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'delete' }
</call>
<message>
'ACI: Proxy Auth: Postamble - Resetting Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
</stax>