subject_dn_mapper.xml revision d25372dc8e65a9ed019a88fdf659ca61313f1b31
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="subject_dn_mapper"/>
<function name="subject_dn_mapper" scope="local">
<sequence>
<!--- Test Case : setup -->
<!---
#@TestMarker Setup Tests
#@TestName Set the SASL EXTERNAL mechanism to Subject DN to User Attribute
#@TestIssue
#@TestPurpose Set the SASL EXTERNAL mechanism to Subject DN to User Attribute
#@TestPreamble none
#@TestStep Set the SASL EXTERNAL mechanism to Subject DN to User Attribute
#@TestStep keep the default ds-cfg-subject-attribute which is ds-certificate-subject-dn
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName(' setup - Subject_dn_mapper')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'---- Configure the SASL EXTERNAL mechanism -----'
</message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'set-sasl-mechanism-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'EXTERNAL',
'optionsString' : '--set certificate-mapper:"Subject DN to User Attribute"',
'expectedRC' : 0 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
#@TestMarker Subject DN mapping to default user attribut
#@TestName Mapping on ds-certificated-subject-dn attribute
#@TestIssue
#@TestPurpose Use the Subject DN to User Attribute certificate mapper
#@TestPurpose Map the subject of a client certificate and a specified attribute in user entries
#@TestPurpose The mapping will be done on the default attribut ds-certificate-subject-dn
#@TestStep Two users entries are used to validate this mapper
#@TestStep USER_1_DN contains an attribute ds-certifcated-subject-dn with the subject of the USER_1_CERT client certificate
#@TestStep USER_2_DN contains an attribute ds-certificate-subject-dn with an invalid value
#@TestStep The certificate mapping will work only with the USER_1_CERT client certificate
#@TestPreamble none
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('subject dn mapping on ds-certificate-subject-dn')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'">
</call>
<message>'----- Configure the attribute ds-certificate-subject-dn for user %s ---' % USER_1_DN</message>
<message>'----- ds-certificate-subject-dn is the subject of the certificate %s '% USER_1_CERT</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'ds-certificate-subject-dn',
'newAttributeValue' : USER_1_DN,
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<message> '----- Configure the attribute ds-certificate-subject-dn for user %s ---' % USER_2_DN</message>
<message>'------ ds-certificate-subject-dn contains an invalid DN'</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'ds-certificate-subject-dn',
'newAttributeValue' : 'uid=bad-certificate',
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<!-- Check mapping is working -->
<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_1_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<!-- No bound expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_1_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- Restore initial users configuration -->
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'ds-certificate-subject-dn',
'newAttributeValue' : USER_1_DN,
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'ds-certificate-subject-dn',
'newAttributeValue' : 'uid=bad-certificate',
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
#@TestMarker Subject DN mapping to the user attribute's description
#@TestName Mapping on the attribute description
#@TestIssue
#@TestPurpose Use the Subject DN to User Attribute certificate mapper
#@TestPurpose Map the subject of a client certificate and a specified attribute in user entries
#@TestPurpose The mapping will be done on the attribute description
#@TestStep Two users entries are used to validate this mapper
#@TestStep USER_1_DN doesn't contains attribute description
#@TestStep USER_2_DN contains an attribute description with the USER_2_CERT client certificate
#@TestPreamble none
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('subject dn mapping on attribut description')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'">
</call>
<message>'----- Configure the mapping to be done on the attribute description' </message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'set-certificate-mapper-prop' ,
'objectType' : 'mapper-name' ,
'objectName' : 'Subject DN to User Attribute',
'optionsString' : '--set subject-attribute:description',
'expectedRC' : 0 }
</call>
<message>'----- Configure the attribute ds-certificate-subject-dn for user %s ---' % USER_1_DN</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'description',
'newAttributeValue' : 'bad_cert',
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<message> '----- Configure the attribute ds-certificate-subject-dn for user %s ---' % USER_2_DN</message>
<message>'------ ds-certificate-subject-dn contains an invalid DN'</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'description',
'newAttributeValue' : USER_2_DN,
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<!-- Check mapping is working -->
<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>
<!-- No mapping expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- bound as USER_2_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_2_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</message>
<!-- No mapping expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- bound as USER_2_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base' ,
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_2_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<!-- Restore initial users configuration -->
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'description',
'newAttributeValue' : 'bad_cert',
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'description',
'newAttributeValue' : USER_2_DN,
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>