targetcontrol_tests.xml revision 75e4d72341a69fa125aeab6e326e49a5422a9eac
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008-2010 Sun Microsystems, Inc.
! Portions Copyright 2011-2013 ForgeRock AS.
! -->
<stax>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Preamble
#@TestIssue none
#@TestPurpose Prepare for targetcontrol tests
#@TestPreamble none
#@TestStep Admin removes global search ACI
#@TestStep Admin adds ACI to access controls
#@TestStep Admin adds ACI to access effective rights
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<function name="aci_targetcontrol_001" scope="local">
<testcase name="getTestCaseName('TargetControl Preamble')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Targetcontrol: Preamble - Removing Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<script>
allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'add' }
</call>
<script>
curr_aci_ldif_file = 'add_effrights_aci.ldif'
</script>
<message>
'ACI: Targetcontrol: Preamble - Admin adding get effective rights ACI,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Targetcontrol using search effective rights with control allow
#@TestIssue none
#@TestPurpose Test targetcontrol with search effective rights with control allow
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
apprpriate entries are returned for any step.
-->
<function name="aci_targetcontrol_002" scope="local">
<testcase name="getTestCaseName('Basic - search with control allow')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
</script>
<message>
'ACI: Targetcontrol: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Targetcontrol using search effective rights with control deny
#@TestIssue none
#@TestPurpose Test targetcontrol with search effective rights with control deny
#@TestPreamble Admin adds an ACI to deny effective rights control and Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestStep Admin removes ACI that denied effective rights control.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap modify operations, 50
for all effective rights search queries, and
appropriate entries are returned for any step.
-->
<function name="aci_targetcontrol_003" scope="local">
<testcase name="getTestCaseName('Basic - search with control deny')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<call function="'testStep'">
{ 'stepMessage' : 'Add deny aci for effective rights control.' }
</call>
<script>
deny_aci='(targetcontrol=\"1.3.6.1.4.1.42.2.27.9.5.2\") (version 3.0; acl \"deny effective rights control\"; deny(all) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : deny_aci ,
'changetype' : 'add' }
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Add allow aci for all users to search under aci branch.' }
</call>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
</script>
<message>
'ACI: Targetcontrol: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<call function="'testStep'">
{ 'stepMessage' : 'User searching under aci branch with effective rights control (non-critical).' }
</call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:false -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights'
}
</call>
<call function="'testStep'">
{ 'stepMessage' : 'User searching targetted entry under aci branch with effective rights control (critical).' }
</call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:true -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
'expectedRC' : 12
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel:' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'insufficient access rights' ,
'expectedResult' : '1' }
</call>
<call function="'testStep'">
{ 'stepMessage' : 'User searching non-targeted entry under aci branch with effective rights control (critical).' }
</call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:true -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
'expectedRC' : 12 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Remove aci under aci branch.' }
</call>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<call function="'testStep'">
{ 'stepMessage' : 'User searching non-targeted entry under aci branch with effective rights control (critical).' }
</call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:true -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
'expectedRC' : 12 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<call function="'testStep'">
{ 'stepMessage' : 'Remove aci under suffix denying effective rights control.' }
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : deny_aci ,
'changetype' : 'delete' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Targetcontrol using search effective rights with control allow 2
#@TestIssue none
#@TestPurpose Test targetcontrol with search effective rights with control allow
#@TestPreamble Admin adds an aci.
#@TestStep Client searches for effective rights in an entry in the targeted branch dn.
#@TestStep Client searches for effective rights in an entry in the non-targeted branch dn.
#@TestStep Remove aci.
#@TestStep Client searches for effective rights in an entry with the previously targeted branch dn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations, and
apprpriate entries are returned for any step.
-->
<function name="aci_targetcontrol_004" scope="local">
<testcase name="getTestCaseName('Basic - search with control allow 2')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
</script>
<message>
'ACI: Targetcontrol: Basic - search, preamble adding aci,\n %s' % curr_aci
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;uid: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'attributeLevel;roomnumber: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
'expectedResult' : '1' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching non-targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
<message>
'ACI: Targetcontrol: Basic - search, admin deleting aci'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<message>
'ACI: Targetcontrol: Basic - search, user searching previously targeted entry'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
<!--
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Targetcontrol Tests
#@TestName Postamble
#@TestIssue none
#@TestPurpose Reset targetcontrol tests
#@TestPreamble none
#@TestStep Admin deletes ACI to access effective rights
#@TestStep Admin puts back global search ACI
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<function name="aci_targetcontrol_005" scope="local">
<testcase name="getTestCaseName('TargetControl Postamble')">
<sequence>
<try>
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
<message>
'ACI: Targetcontrol: Postamble - Admin deleting get effective rights ACI'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
</call>
<script>
allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : allow_aci ,
'changetype' : 'delete' }
</call>
<message>
'ACI: Targetcontrol: Preamble - putting back Search Global ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add' }
</call>
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
<message log="1" level="'fatal'">
'%s: Test failed. eInfo(%s)' % (eType,eInfo)
</message>
</catch>
<finally>
<sequence>
<call function="'testCase_Postamble'"/>
</sequence>
</finally>
</try>
</sequence>
</testcase>
</function>
</stax>