GetEffectiveRightsTestCase.java revision 24d6db06810f2ea747f6dff60d483e4fca3aaa13
0N/A * The contents of this file are subject to the terms of the 0N/A * Common Development and Distribution License, Version 1.0 only 0N/A * (the "License"). You may not use this file except in compliance 0N/A * You can obtain a copy of the license at 0N/A * See the License for the specific language governing permissions 0N/A * and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL HEADER in each 0N/A * file and include the License file at 0N/A * add the following below this CDDL HEADER, with the fields enclosed 2362N/A * by brackets "[]" replaced with your own identifying information: 2362N/A * Portions Copyright [yyyy] [name of copyright owner] 0N/A * Portions Copyright 2007 Sun Microsystems, Inc. 0N/A //Various results for entryLevel searches. 0N/A private static final 0N/A private static final 0N/A private static final 0N/A private static final 0N/A private static final 0N/A private static final 0N/A //Results for attributeLevel searches 0N/A "search:1,read:1,compare:0,write:1," +
0N/A "selfwrite_add:0,selfwrite_delete:0,proxy:0";
0N/A "search:1,read:1,compare:0,write:0," +
0N/A "selfwrite_add:0,selfwrite_delete:0,proxy:0";
0N/A "search:1,read:1,compare:0,write:?," +
0N/A "selfwrite_add:0,selfwrite_delete:0,proxy:0";
0N/A "search:1,read:1,compare:0,write:0," +
0N/A "selfwrite_add:0,selfwrite_delete:0,proxy:0";
0N/A "search:0,read:0,compare:0,write:0," +
0N/A "selfwrite_add:1,selfwrite_delete:1,proxy:0";
0N/A //Need an ACI to allow proxy control 0N/A "(version 3.0; acl \"control\";" +
0N/A "allow(read) userdn=\"ldap:///anyone\";)";
0N/A private static final 0N/A "(version 3.0;acl \"aclRights access\";" +
0N/A "allow (search, read) " +
0N/A "userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
0N/A private static final 0N/A "allow (search, read) " +
0N/A "userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
0N/A //General ACI for anonymous test. 0N/A private static final 0N/A "allow (search, read) " +
0N/A "userdn=\"ldap:///anyone\";)";
0N/A private static final 0N/A "userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
0N/A private static final 0N/A "userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
0N/A private static final 0N/A "userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
0N/A private static final "(version 3.0;acl \"write mail access\";" +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
"(targattrfilters=\"add=fax:(fax=*), del=fax:(fax=*)\")" +
"(version 3.0;acl \"allow write fax\";" +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
"(targattrfilters=\"add=pager:(pager=*), del=pager:(pager=*)\")" +
"(version 3.0;acl \"deny write pager\";" +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
"(version 3.0; acl \"selfwrite\"; allow(selfwrite)" +
"" +
"userdn=\"ldap:///uid=user.1,ou=People,o=test\";)";
* Test entry level using the -g param and anonymous dn as the authzid. * @throws Exception If the search result is empty or a right string * doesn't match the expected value. * Test entry level using the -g param and superuser dn as the authzid. * @throws Exception If the search result is empty or a right string * doesn't match the expected value. * Test entry level using the control OID only (no authzid specified). * Should use the bound user (superuser) as the authzid. * @throws Exception If the search result is empty or a right string * doesn't match the expected value. * Test entry level using the control OID only -- bound as a bypass user. * Should use the bound user (DIR_MGR) as the authzid. * @throws Exception If the search result is empty or a right string * doesn't match the expected value. * Test attribute level using the -g param and superuser dn as the authzid. * The attributes used are mail and description. Mail should show write * access allowed, description should show write access not allowed. * @throws Exception If the search result is empty or a right string * doesn't match the expected value. * Test attribute level using the -g param and superuser dn as the authzid and * the -e option using pager and fax. * The attributes used are mail and description. Mail should show write * access allowed, description should show write access not allowed. * @throws Exception If the search result is empty or a right string * doesn't match the expected value. * Test selfwrite attribute level using the -g param and user.1 dn as the * authzid and the -e option member. * The attributes used are mail and description. Mail should show write * access allowed, description should show write access not allowed. * @throws Exception If the search result is empty or a right string * doesn't match the expected value.