security_sasl_digest-md5.xml revision 75e4d72341a69fa125aeab6e326e49a5422a9eac
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2008-2009 Sun Microsystems, Inc.
! Portions Copyright 2011-2013 ForgeRock AS
! -->
<stax>
<defaultcall function="sasl_digest-md5"/>
<function name="sasl_digest-md5">
<!---
Place suite-specific test information here.
#@TestSuiteName SASL DIGEST-MD5 Tests
#@TestSuitePurpose Test the SASL DIGEST-MD5 functionality.
#@TestSuiteGroup SASL DIGEST-MD5 Tests
#@TestScript security_sasl_digest-md5.xml
-->
<sequence>
<!--- Test case: DIGEST-MD5 SASL Mechanism -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SASL DIGEST-MD5 Preamble
#@TestIssue none
#@TestPurpose Prepare for SASL DIGEST-MD5 tests.
#@TestPreamble none
#@TestStep Admin change password storage scheme to
CLEAR.
#@TestStep User change his password.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Preamble Step 1 - Admin Changing \
Pwd Storage to CLEAR'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Clear'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Preamble Step 2 - Admin Changing \
Password for three users'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=jsprinter, ou=People, o=SASL Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'frogleg' ,
'changetype' : 'replace'
}
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=jwalleye, ou=People, o=SASL Realm Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'frogleg' ,
'changetype' : 'replace'
}
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=jcarp, ou=People, o=SASL Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'carpleg' ,
'changetype' : 'replace'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (u:) Bind
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to multiple DNs.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (u:) Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (u:) Binding'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:jsprinter -w frogleg' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:jwalleye -w frogleg' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind authzid
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN with authzid mapped to uid.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format with an authzid.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind authzid')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding with authzid'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:jwalleye -w frogleg -o authzid=jwalleye' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind another authzid
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN with another authzid.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format with an authzid of another unauthorized user.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind another authzid')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding with another authzid'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:jwalleye -w frogleg -o authzid=jcarp' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind with authzid without authid
#@TestIssue none
#@TestPurpose Test bind without an authorization ID but with an authzid.
#@TestPreamble none
#@TestStep User bind without authid but with an authzid.
#@TestPostamble none
#@TestResult Success if OpenDS returns 89.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind with authzid without authid')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding with authzid without authid'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authzid=jcarp -w frogleg' ,
'expectedRC' : 89 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: DIGEST-MD5 SASL Mechanism -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Admin Change authzid Attribute
#@TestIssue none
#@TestPurpose Test if authzid attribute may be changed
#@TestPreamble none
#@TestStep Admin change authzid attribute to sn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Admin Change authzid Attr')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Admin Changing authzid attribute to sn'
</message>
<call function="'modifyIdentityMapper'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'mapperName' : 'Exact Match' ,
'attributeName' : 'match-attribute' ,
'attributeValue' : 'sn' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind authzid after attr change
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN with authzid mapped to uid.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format with an authzid using the default, uid.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind authzid After Attr Change')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding with authzid after attribute change'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:jwalleye -w frogleg -o authzid=jwalleye' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind authzid after attr change 2
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN with authzid mapped to uid.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format with an authzid using sn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind authzid After Attr Change 2')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding with authzid after attribute change 2'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:Walleye -w frogleg -o authzid=Walleye' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: DIGEST-MD5 SASL Mechanism -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Admin Reset authzid Attribute
#@TestIssue none
#@TestPurpose Test if authzid attribute may be reset
#@TestPreamble none
#@TestStep Admin change authzid attribute to the default, uid
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Admin Reset authzid Attr')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Admin Resetting authzid attribute to uid'
</message>
<call function="'modifyIdentityMapper'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'mapperName' : 'Exact Match' ,
'attributeName' : 'match-attribute' ,
'attributeValue' : 'uid' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind authzid after attr reset
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN with authzid mapped to uid.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format with an authzid using the default, uid.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind authzid After Attr Reset')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding with authzid after attribute reset'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o authid=u:jwalleye -w frogleg -o authzid=jwalleye' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (dn:) Bind
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to muliple DNs.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (dn:) Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (dn:) Binding'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jsprinter,ou=People,o=SASL Tests,dc=example,dc=com" -w frogleg' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (dn:) Bind authzid
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to muliple DNs with an authzid that maps to multiple DNs.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format and with authzid.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (dn:) Bind authzid')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (dn:) Binding with authzid'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jsprinter,ou=People,o=SASL Tests,dc=example,dc=com" -w frogleg -o authzid=jsprinter' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to a single DN.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin creating realm -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Create realm
#@TestIssue none
#@TestPurpose Admin add realm to SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to add a realm.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Create Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Admin Creating Realm'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'handlerName' : 'DIGEST-MD5' ,
'propertyName' : 'realm' ,
'propertyValue' : 'SASL-Realm-Tests.example.com' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (u:) Bind With Realm
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to multiple DNs. Realm specified.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (u:) Bind With Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (u:) Binding With Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=u:jsprinter" -o "realm=SASL-Realm-Tests.example.com" -w frogleg' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind With Realm
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN. Realm specified.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind With Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding With Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=u:jwalleye" -o "realm=SASL-Realm-Tests.example.com" -w frogleg' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (dn:) Bind With Realm
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to muliple DNs. Realm specified.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (dn:) Bind With Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (dn:) Binding With Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jsprinter,ou=People,o=SASL Tests,dc=example,dc=com" -o "realm=SASL-Realm-Tests.example.com" -w frogleg' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind With Realm
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to a single DN. Realm specified.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind With Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -o "realm=SASL-Realm-Tests.example.com" -w frogleg' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (u:) Bind With Undefined Realm
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to multiple DNs. Undefined realm specified.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format
and an undefined realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (u:) Bind With Undefined Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (u:) Binding With Undefined Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=u:jsprinter" -o "realm=o=SASL Tests,dc=example,dc=com" -w frogleg' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (u:) Bind With Undefined Realm
#@TestIssue none
#@TestPurpose Test bind using an authorization ID that could be mapped to a single DN. Undefined realm specified.
#@TestPreamble none
#@TestStep User bind with authid=u:[name] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (u:) Bind With Undefined Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (u:) Binding With Undefined Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=u:jwalleye" -o "realm=o=SASL Tests,dc=example,dc=com" -w frogleg' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Dupe uid (dn:) Bind With Undefined Realm
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to muliple DNs. Undefined realm specified.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Dupe uid (dn:) Bind With Undefined Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User With Dupe uid (dn:) Binding With Undefined Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jsprinter,ou=People,o=SASL Tests,dc=example,dc=com" -o "realm=o=SASL Tests,dc=example,dc=com" -w frogleg' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind With DIGEST-MD5 SASL Mechanism-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind With Undefined Realm
#@TestIssue none
#@TestPurpose Test bind using a user DN whose authorization ID could be mapped to a single DN. Undefined realm specified.
#@TestPreamble none
#@TestStep User bind with authid=dn:[DN] format
and the realm is specified.
#@TestPostamble none
#@TestResult Success if OpenDS returns 49.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind With Undefined Realm')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With Undefined Realm'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -o "realm=o=SASL Tests,dc=example,dc=com" -w frogleg' ,
'expectedRC' : 49 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind with ACI with authmethod equal sasl
#@TestIssue none
#@TestPurpose Test bind where an ACI authmethod equal sasl applies.
#@TestPreamble none
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes global search ACI.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin adds ACI with authmethod equals sasl.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes ACI with authmethod equals sasl.
#@TestStep Admin puts global search ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all ldap operations.
Entries returned for steps 1, 2, and 7.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind with ACI with authmethod equal sasl')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, delete global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove' }
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, adding authmethod ACI'
</message>
<script>
curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"sasl DIGEST-MD5\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'add'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, deleting authmethod ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'delete'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, put back global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind with ACI with authmethod equal simple
#@TestIssue none
#@TestPurpose Test bind where an ACI authmethod equal simple applies.
#@TestPreamble none
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes global search ACI.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin adds ACI with authmethod equals sasl.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes ACI with authmethod equals sasl.
#@TestStep Admin puts global search ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all ldap operations.
Entries returned for steps 1, 2, and 8.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind with ACI with authmethod equal simple')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, delete global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, adding authmethod ACI'
</message>
<script>
curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"simple\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'add'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, deleting authmethod ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'delete'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, put back global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind with ACI with authmethod not equals simple
#@TestIssue none
#@TestPurpose Test bind where an ACI authmethod not equals simple applies.
#@TestPreamble none
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes global search ACI.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin adds ACI with authmethod equals sasl.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes ACI with authmethod equals sasl.
#@TestStep Admin puts global search ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all ldap operations.
Entries returned for steps 1, 2, and 7.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind with ACI with authmethod not equals simple')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, delete global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, adding authmethod ACI'
</message>
<script>
curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod!=\"simple\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'add'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, deleting authmethod ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'delete'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, put back global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName uid (dn:) Bind with ACI with authmethod equals none
#@TestIssue none
#@TestPurpose Test bind where an ACI authmethod equals none applies.
#@TestPreamble none
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes global search ACI.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin adds ACI with authmethod equals sasl.
#@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
#@TestStep User binds with simple authetication.
#@TestStep Admin deletes ACI with authmethod equals sasl.
#@TestStep Admin puts global search ACI.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all ldap operations.
Entries returned for steps 1, 2, and 7.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - User (dn:) Bind with ACI with authmethod equals none')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, delete global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w bad',
'expectedRC' : 49
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'bad' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'expectedRC' : 49
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, adding authmethod ACI'
</message>
<script>
curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"none\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'add'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'frogleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, deleting authmethod ACI'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : curr_aci ,
'changetype' : 'delete'
}
</call>
<message>
'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, put back global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'add'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Non-clear Pwd Storage Scheme
#@TestIssue
#@TestPurpose Test DIGEST-MD5 with reversible pwd storage
scheme other than CLEAR.
#@TestPreamble none
#@TestStep Admin change password storage scheme to 3DES.
#@TestStep User change his password.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all ldap
operations.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Non-clear Pwd Storage')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Non-clear Pwd Storage Scheme'
</message>
<message>
'Security: SASL DIGEST-MD5: Non-clear Pwd Storage Scheme - \
Admin Changing Pwd Storage to 3DES'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : '3DES'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Non-clear Pwd Storage Scheme - \
Admin Changing Password for test user'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Non-clear Pwd Storage Scheme - \
Search with SASL bind request as test user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg' \
% test_user
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Proxy-auth {no proxy-auth privilege ;
no proxy access right}
#@TestIssue
#@TestPurpose Test proxy authorization, when user has
- no proxy-auth privilege
- no proxy acces right
#@TestPreamble User change his password.
#@TestStep SASL bind with authzid=proxied-user
#@TestPostamble none
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Proxy-auth {no priv; no aci}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth \
{no proxy-auth privilege ; no proxy access right}'
</message>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {no priv ; no aci}- \
Admin Changing Password for test user'
</message>
<script>
proxy_auth = 'ou=People, o=Proxy Auth Tests, dc=example,dc=com'
proxy_user = 'uid=proxied-user, %s' % proxy_auth
test_user = 'uid=proxy-nopriv-noaci, %s' % proxy_auth
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {no priv ; no aci} - \
SASL bind with authzid=proxied-user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"authzid=dn:%s\" ' % (test_user, proxy_user)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Proxy-auth {proxy-auth privilege ;
no proxy access right}
#@TestIssue
#@TestPurpose Test proxy authorization, when user has
- proxy-auth privilege
- no proxy acces right
#@TestPreamble User change his password.
#@TestStep SASL bind with authzid=proxied-user
#@TestPostamble none
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Proxy-auth {priv; no aci}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth \
{proxy-auth privilege ; no proxy access right}'
</message>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv ; no aci}- \
Admin Changing Password for test user'
</message>
<script>
proxy_auth = 'ou=People, o=Proxy Auth Tests, dc=example,dc=com'
proxy_user = 'uid=proxied-user, %s' % proxy_auth
test_user = 'uid=proxy-priv-noaci, %s' % proxy_auth
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv ; no aci} - \
SASL bind with authzid=proxied-user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"authzid=dn:%s\" ' % (test_user, proxy_user)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Proxy-auth {proxy-auth + bypass acl privilege ;
no proxy access right}
#@TestIssue
#@TestPurpose Test proxy authorization, when user has
- proxy-auth and bypass-acl privilege
- no proxy acces right
#@TestPreamble User change his password.
#@TestStep SASL bind with authzid=proxied-user
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Proxy-auth {priv + bypass; no aci}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth \
{proxy-auth + bypass-acl privilege ; no proxy access right}'
</message>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv + bypass; no aci}- \
Admin Changing Password for test user'
</message>
<script>
proxy_auth = 'ou=People, o=Proxy Auth Tests, dc=example,dc=com'
proxy_user = 'uid=proxied-user, %s' % proxy_auth
test_user = 'uid=proxy-priv-bypass-acl, %s' % proxy_auth
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv + bypass; no aci} - \
SASL bind with authzid=proxied-user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"authzid=dn:%s\" ' % (test_user, proxy_user)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Proxy-auth {no proxy-auth privilege ;
proxy access right}
#@TestIssue
#@TestPurpose Test proxy authorization, when user has
- no proxy-auth privilege
- proxy acces right
#@TestPreamble User change his password.
#@TestStep SASL bind with authzid=proxied-user
#@TestPostamble none
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Proxy-auth {no priv; aci}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth \
{no proxy-auth privilege ; proxy access right}'
</message>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {no priv ; aci}- \
Admin Changing Password for test user'
</message>
<script>
proxy_auth = 'ou=People, o=Proxy Auth Tests, dc=example,dc=com'
proxy_user = 'uid=proxied-user, %s' % proxy_auth
test_user = 'uid=proxy-nopriv-aci, %s' % proxy_auth
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {no priv ; aci} - \
SASL bind with authzid=proxied-user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"authzid=dn:%s\" ' % (test_user, proxy_user)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Proxy-auth {proxy-auth privilege ;
proxy access right}
#@TestIssue
#@TestPurpose Test proxy authorization, when user has
- proxy-auth privilege
- proxy acces right
#@TestPreamble User change his password.
#@TestStep SASL bind with authzid=proxied-user
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Proxy-auth {priv; aci}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth \
{proxy-auth privilege ; proxy access right}'
</message>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv ; aci}- \
Admin Changing Password for test user'
</message>
<script>
proxy_auth = 'ou=People, o=Proxy Auth Tests, dc=example,dc=com'
proxy_user = 'uid=proxied-user, %s' % proxy_auth
test_user = 'uid=proxy-priv-aci, %s' % proxy_auth
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv ; aci} - \
SASL bind with authzid=proxied-user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"authzid=dn:%s\" ' % (test_user, proxy_user)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Proxy-auth {proxy-auth privilege ;
group proxy access right}
#@TestIssue
#@TestPurpose Test proxy authorization, when user has
- proxy-auth privilege
- group proxy acces right
#@TestPreamble User change his password.
#@TestStep SASL bind with authzid=proxied-user
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Proxy-auth {priv; group aci}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth \
{proxy-auth privilege ; group proxy access right}'
</message>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv ; group aci} - \
Admin Changing Password for test user'
</message>
<script>
proxy_auth = 'ou=People, o=Proxy Auth Tests, dc=example,dc=com'
proxy_user = 'uid=proxied-user, %s' % proxy_auth
test_user = 'uid=proxy-priv-group-aci, %s' % proxy_auth
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : test_user,
'attributeName' : 'userpassword',
'newAttributeValue' : 'newleg',
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Proxy-auth {priv ; group aci} - \
SASL bind with authzid=proxied-user'
</message>
<script>
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"authzid=dn:%s\" ' % (test_user, proxy_user)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin set fqdn -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Set FQDN = fake hostname
#@TestIssue
#@TestPurpose Admin set FQDN in SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to set fqdn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Set FQDN = fake hostname')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Set FQDN'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'handlerName' : 'DIGEST-MD5' ,
'propertyName' : 'server-fqdn' ,
'propertyValue' : 'fqdn-test.com' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName FQDN {hostname != fqdn}
#@TestIssue
#@TestPurpose Test the use of fqdn
#@TestPreamble none
#@TestStep SASL bind with hostname != fqdn
#@TestPostamble none
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: FQDN {hostname != fqdn}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg' \
% test_user
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName FQDN {hostname != fqdn ;
digest-uri = ldap/fqdn}
#@TestIssue
#@TestPurpose Test the use of fqdn and digest-uri
#@TestPreamble none
#@TestStep SASL bind with hostname != fqdn,
digest-uri = ldap/fqdn
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: FQDN {hostname!=fqdn ; uri=fqdn}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"digest-uri=ldap/fqdn-test.com\" ' % test_user
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName FQDN {hostname != fqdn ;
digest-uri != ldap/fqdn}
#@TestIssue
#@TestPurpose Test the use of fqdn and digest-uri
#@TestPreamble none
#@TestStep SASL bind with hostname != fqdn,
digest-uri != ldap/fqdn
#@TestPostamble none
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: FQDN {hostname!=fqdn ; uri!=fqdn}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"digest-uri=ldap/fake-fqdn-test.com\" ' % test_user
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin reset fqdn -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Set FQDN = hostname
#@TestIssue
#@TestPurpose Admin set FQDN in SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to set fqdn.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Set FQDN = hostname')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Set FQDN'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'handlerName' : 'DIGEST-MD5' ,
'propertyName' : 'server-fqdn' ,
'propertyValue' : DIRECTORY_INSTANCE_HOST
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName FQDN {hostname = fqdn}
#@TestIssue
#@TestPurpose Test the use of fqdn
#@TestPreamble none
#@TestStep SASL bind with hostname = fqdn
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: FQDN {hostname = fqdn}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg' \
% test_user
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName FQDN {hostname = fqdn ;
digest-uri = ldap/fqdn}
#@TestIssue
#@TestPurpose Test the use of fqdn and digest-uri
#@TestPreamble none
#@TestStep SASL bind with hostname = fqdn,
digest-uri = ldap/fqdn
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: FQDN {hostname=fqdn ; uri=fqdn}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"digest-uri=ldap/%s\" ' % (test_user,DIRECTORY_INSTANCE_HOST)
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName FQDN {hostname = fqdn ;
digest-uri != ldap/fqdn}
#@TestIssue
#@TestPurpose Test the use of fqdn and digest-uri
#@TestPreamble none
#@TestStep SASL bind with hostname = fqdn,
digest-uri != ldap/fqdn
#@TestPostamble none
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: FQDN {hostname=fqdn ; uri!=fqdn}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
sasl_options = '-o mech=DIGEST-MD5 -o \"authid=dn:%s\" -w newleg \
-o \"digest-uri=ldap/fake-fqdn-test.com\" ' % test_user
</script>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'extraParams' : sasl_options,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth-int ; server:none}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth-int, server qop=none
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:none}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:none}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-int',
'expectedRC' : 89
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth-conf ; server:none}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, server qop=none
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:none}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:none}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-conf',
'expectedRC' : 89
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin set qop -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Set qop = integrity
#@TestIssue
#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to set qop.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Set QOP = integrity')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Set QOP = integrity'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'handlerName' : 'DIGEST-MD5',
'propertyName' : 'quality-of-protection',
'propertyValue' : 'integrity'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth ; server:integrity}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth, server qop=int
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:int}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth ; server:int}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth',
'expectedRC' : 89
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth-int ; server:integrity}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth-int, server qop=int
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:int}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:int}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-int'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth-conf ; server:integrity}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, server qop=int
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:int}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:int}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-conf',
'expectedRC' : 89
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin set qop -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Set qop = confidentiality
#@TestIssue
#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to set qop.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Set QOP = confidentiality')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Set QOP = confidentiality'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'handlerName' : 'DIGEST-MD5',
'propertyName' : 'quality-of-protection',
'propertyValue' : 'confidentiality'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth ; server:confidentiality}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth, server qop=conf
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:conf}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth ; server:conf}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth',
'expectedRC' : 89
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth-int ; server:confidentiality}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth-int, server qop=conf
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:conf}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:conf}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-int',
'expectedRC' : 89
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName QOP {client:auth-conf ; server:confidentiality}
#@TestIssue
#@TestPurpose Test the quality-of-protection
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, server qop=conf
#@TestPostamble none
#@TestResult Success if sasl bind fails with 89.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:conf}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:conf}'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Cipher Strength: high
#@TestIssue
#@TestPurpose Test the cipher strength
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, request cipher
strength: high
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Cipher Strenght: high')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Cipher Strength: high'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'high',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Cipher Strength: medium
#@TestIssue
#@TestPurpose Test the cipher strength
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, request cipher
strength: medium
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Cipher Strenght: medium')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Cipher Strength: medium'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'medium',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Cipher Strength: low
#@TestIssue
#@TestPurpose Test the cipher strength
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, request cipher
strength: low
#@TestPostamble none
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Cipher Strenght: low')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Cipher Strength: low'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'low',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Max. recv. buffer size lower than result size
#@TestIssue
#@TestPurpose Test the maximum receive buffer size
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, max. recv. buffer
size = 5000 bytes (expected result=11000 bytes)
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and result entries
returned all right.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Max. recv. buffer size lower than result size')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Max. recv. buffer size lower than \
result size'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'maxbuffersize' : '5000',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Max. recv. buffer size > result size
#@TestIssue
#@TestPurpose Test the maximum receive buffer size
#@TestPreamble none
#@TestStep SASL bind with qop=auth-conf, max. recv. buffer
size = 25000 bytes (expected result=11000 bytes)
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and result entries
returned all right.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Max. recv. buffer size > result size')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Max. recv. buffer size > result size'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'maxbuffersize' : '25000',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin remove global read access ACI -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Remove global ACI
#@TestIssue
#@TestPurpose Admin remove global read acces ACI for
ssf bind rule tests
#@TestPreamble none
#@TestStep dsconfig call to remove global aci
#@TestPostamble none
#@TestResult Success if operation successful and posterior
search returns no entry.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Remove global ACI')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Remove global ACI'
</message>
<message>
'Delete global search ACI'
</message>
<call function="'modifyGlobalAci'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'aciValue' : GLOBAL_ACI_SEARCH ,
'opType' : 'remove'
}
</call>
<message>
'Make sure read access is not granted (no entries returned).'
</message>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : test_user,
'dsInstancePswd' : 'newleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'dn: uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf=1 ; qop=confidentiality}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf = "1"
#@TestStep SASL bind with confidentiality
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf=1 ; qop=confidentiality}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf=1 ; qop=confidentialiy}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf = 1'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf = \"1\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf>40 ; qop=confidentiality ; str=low}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf>40
#@TestStep SASL bind with confidentiality and strength low
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf>40 ; qop=conf ; str=low}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf>40 ; qop=conf ; str=low}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf > 40'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf > \"40\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'low',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf>40 ; qop=confidentiality ; str=medium}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf>40
#@TestStep SASL bind with confidentiality and strength
medium
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and access is
granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf>40 ; qop=conf ; str=medium}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf>40 ; qop=conf ; str=medium}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf > 40'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf > \"40\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'medium',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf>=128 ; qop=confidentiality ;str=medium}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf>=128
#@TestStep SASL bind with confidentiality and strength
medium
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf>=128 ; qop=conf;str=medium}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf>=128 ; qop=conf ;str=medium}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf >= 128'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf >= \"128\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'medium',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf>=128 ; qop=confidentiality ; str=high}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf>=128
#@TestStep SASL bind with confidentiality and strength
high
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and access is
granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf>=128 ; qop=conf ; str=high}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf>=128 ; qop=conf ; str=high}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf >= 128'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf >= \"128\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'high',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf=56 ; qop=confidentiality ; str=high}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf=56
#@TestStep SASL bind with confidentiality and strength high
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf=56 ; qop=conf ; str=high}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf=56 ; qop=conf ; str=high}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf = 56'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf = \"56\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'high',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf=56 ; qop=confidentiality ; str=medium}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf=56
#@TestStep SASL bind with confidentiality and strength
medium
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and access is
granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf=56 ; qop=conf ; str=medium}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf=56 ; qop=conf ; str=medium}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf = 56'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf = \"56\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'medium',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf!=56 ; qop=confidentiality ;str=medium}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf!=56
#@TestStep SASL bind with confidentiality and strength
medium
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf!=56 ; qop=conf; str=medium}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf!=56 ; qop=conf ;str=medium}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf != 56'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf != \"56\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'medium',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<!-- SSF bind rule: != operator not working -->
<call function="'searchString'">
{ 'returnString' : returnString,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf!=56 ; qop=confidentiality ; str=high}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf!=56
#@TestStep SASL bind with confidentiality and strength
high
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and access is
granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf!=56 ; qop=conf ; str=high}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf!=56 ; qop=conf ; str=high}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf != 56'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf != \"56\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'high',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<!-- SSF bind rule: != operator not working -->
<call function="'searchString'">
{ 'returnString' : returnString,
'expectedString' : 'uid=tmorris,ou=People'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf!=56 ; qop=confidentiality ; str=low}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf!=56
#@TestStep SASL bind with confidentiality and strength
low
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and access is
granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf!=56 ; qop=conf ; str=low}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf!=56 ; qop=conf ; str=low}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf != 56'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf != \"56\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'strength' : 'low',
'password' : 'newleg',
'protection' : 'auth-conf'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<!-- SSF bind rule: != operator not working -->
<call function="'searchString'">
{ 'returnString' : returnString,
'expectedString' : 'uid=tmorris,ou=People'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin set qop=integrity -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Re-Set qop = integrity
#@TestIssue
#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to set qop.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Re-Set QOP = integrity')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Re-Set QOP = integrity'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'handlerName' : 'DIGEST-MD5',
'propertyName' : 'quality-of-protection',
'propertyValue' : 'integrity'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf=1 ; qop=integrity}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf = "1"
#@TestStep SASL bind with integrity
#@TestPostamble none
#@TestResult Success if sasl bind succeeds and access is
granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf=1 ; qop=integrity}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf=1 ; qop=integrity}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf = 1'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf = \"1\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-int'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf>40 ; qop=integrity}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf > "40"
#@TestStep SASL bind with integrity
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf>40 ; qop=integrity}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf>40 ; qop=integrity}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf > 40'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf > \"40\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth-int'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin unset qop -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName Set qop = none
#@TestIssue
#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
#@TestPreamble none
#@TestStep ldapmodify used to set qop.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - Set QOP = none')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Set QOP = none'
</message>
<call function="'modifySaslMech'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'handlerName' : 'DIGEST-MD5',
'propertyName' : 'quality-of-protection',
'propertyValue' : 'none'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SSF {ssf=1 ; qop=none}
#@TestIssue
#@TestPurpose Test the ssf bind rule
#@TestPreamble none
#@TestStep Add ssf bind rule aci: ssf = "1"
#@TestStep SASL bind with no qop
#@TestPostamble none
#@TestResult Success if sasl bind succeeds but access is
NOT granted.
-->
<testcase name=
"getTestCaseName('DIGEST-MD5 - SSF {ssf=1 ; qop=none}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: SSF {ssf=1 ; qop=none}'
</message>
<message>
'Adding ACI with ssf bind rule: ssf = 1'
</message>
<script>
ssf_aci="(targetattr=\"*\")(version 3.0; acl \"ssf-aci\"; allow (read,search,compare) userdn=\"ldap:///anyone\" and ssf = \"1\";)"
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
'attributeName' : 'aci' ,
'newAttributeValue' : ssf_aci ,
'changetype' : 'replace'
}
</call>
<script>
test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
</script>
<call function="'saslSearch'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsBaseDN' : 'dc=example,dc=com',
'dsScope' : 'sub',
'dsFilter' : 'objectclass=*',
'mechanism' : 'DIGEST-MD5',
'authenticationId' : 'dn:%s' % test_user,
'password' : 'newleg',
'protection' : 'auth'
}
</call>
<script>
returnString = STAXResult[0][1]
</script>
<message>
'Search result: %s' % returnString
</message>
<call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'uid=tmorris,ou=People',
'expectedRC' : 1
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: DIGEST-MD5 SASL Mechanism -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker SASL DIGEST-MD5 Tests
#@TestName SASL DIGEST-MD5 Postamble
#@TestIssue none
#@TestPurpose Reset configuration and entries.
#@TestPreamble none
#@TestStep Admin change password storage scheme to SSHA.
#@TestStep Admin change user password.
#@TestStep Admin delete realm from SASL DIGEST-MD5.
#@TestStep User bind with simple authentication.
#@TestStep User bind with SASL DIGEST-MD5.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all ldap operations except step 5.
In step 5, the ldap operation should return 49
because the password is no longer stored as CLEAR.
-->
<testcase name="getTestCaseName('DIGEST-MD5 - Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: SASL DIGEST-MD5: Postamble Step 1 - Admin Changing Pwd Storage to SSHA'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-1'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Postamble Step 2 - Admin Restting Password for two users'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=jsprinter, ou=People, o=SASL Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'catleg' ,
'changetype' : 'replace'
}
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'uid=jwalleye, ou=People, o=SASL Realm Tests, dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'catleg' ,
'changetype' : 'replace'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Postamble Step 3 - Admin Deleting Realm'
</message>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'entryToBeModified' : '%s/security/sasl/admin_del_realm.ldif' % remote.data
}
</call>
<message>
'Security: SASL DIGEST-MD5: Postamble Step 4 - User (dn:) Binding With Simple Authentication'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'catleg' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base'
}
</call>
<message>
'Security: SASL DIGEST-MD5: Postamble Step 5 - User (dn:) Binding 2'
</message>
<call function="'AnonSearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w catleg' ,
'expectedRC' : 49
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>