TargetAttrTestCase.java revision 24d6db06810f2ea747f6dff60d483e4fca3aaa13
0N/A * The contents of this file are subject to the terms of the 0N/A * Common Development and Distribution License, Version 1.0 only 0N/A * (the "License"). You may not use this file except in compliance 2362N/A * You can obtain a copy of the license at 0N/A * See the License for the specific language governing permissions 0N/A * and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL HEADER in each 0N/A * file and include the License file at 0N/A * add the following below this CDDL HEADER, with the fields enclosed 0N/A * by brackets "[]" replaced with your own identifying information: 0N/A * Portions Copyright [yyyy] [name of copyright owner] 0N/A * Portions Copyright 2007 Sun Microsystems, Inc. 0N/A private static final 0N/A "(version 3.0; acl \"user attr URL example\"; " +
0N/A "allow (search,read) " +
0N/A "userattr=\"ldap:///ou=People,o=test?manager#GROUPDN\";)";
"(version 3.0; acl \"user attr1 URL example\"; " +
"userattr=\"ldap:///ou=People1,o=test?manager#GROUPDN\";)";
"(version 3.0;acl \"read/search all user, aci op\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
"(version 3.0;acl \"read/search all op, oc user\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
"(version 3.0;acl \"read/search all op, sn uid user\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
"(version 3.0;acl \"read/search all user and all op lattr\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
"allow (search, read) " +
"userattr!=\"l#New York\";)";
"(version 3.0;acl \"read/search not all op attr\";" +
"allow (search, read) " +
"userattr!=\"l#New York\";)";
"(version 3.0;acl \"read/search all userattr\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
"allow (search, read) " +
"userattr!=\"l#New York\";)";
"(version 3.0;acl \"read/search non-operational attr\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
"(version 3.0;acl \"read/search operational attr\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
* Test targetattr behavior using userattr bind rule. * @throws Exception If a test result is unexpected. * Test targetattr and operational attribute behavior. See comments. * @throws Exception If a test result is unexpected. //Add aci that only allows non-operational attributes search/read. //The aci attribute type is operational, it should not be there. //The other two should be there. //Add aci that allows both non-operational attributes and the operational //All three attributes should be there. //Add ACI that only allows only aci operational attribute search/read. //Only operational attribute aci should be there, the other two should * Test targetattr shorthand behavior, all attrs both user and operational. * @throws Exception If a test result is unexpected. //Add aci with: (targetattr = "+ || *") //All should be returned. * Test targetattr shorthand behavior, userattr and plus sign (all op attrs). * @throws Exception If a test result is unexpected. //Add aci with: (targetattr = "objectclass|| +") //Only aci should be returned. * Test targetattr shorthand behavior, star (all user attr) or aci attr. * @throws Exception If a test result is unexpected. //Add aci with: (targetattr = "*|| aci") //All should be returned. * Test targetattr shorthand behavior using '+' in expression and an * operational attribute in the filter. The second test is two ACIs one * with targetattr='+' and the other with targetattr='*'. * @throws Exception If test result is unexpected. //Aci: (targetattrs="sn || uid || +) and search with an //operational attr (aci). //All should be returned. //Add two ACIs, one with '+' and the other with '*'. //All should be returned. //Add two ACIs, one with '+' and the other with '*'. //Only non-operation should be returned. * Test two scenerios with userattr LDAP URL and groupdn keyword. * @throws Exception Exception If test result is unexpected. //This search should return nothing since the URL has a bogus DN.