external-software/github_OpenIdentityPlatform_OpenDJ.git

This change prepares the unit tests for when the ACI handler will get enabl...

coulbeck

23.11.2007 186acabb92e49adad49abbe0cb63952ad0b513a9

 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java

@@ -221,7 +221,7 @@
     * @return The client entry.
     */
    public Entry getClientEntry() {
       return clientConnection.getAuthenticationInfo().getAuthorizationEntry();
      return operation.getAuthorizationEntry();
    }

    /**
@@ -270,7 +270,7 @@
     * @return  The client's authorization DN.
     */
    public DN getClientDN() {
        return clientConnection.getAuthenticationInfo().getAuthorizationDN();
      return operation.getAuthorizationDN();
    }

    /**

 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java

@@ -226,8 +226,10 @@
                       container.setRights(ACI_WRITE_DELETE);
                       if(!skipAccessCheck && !accessAllowed(container))
                           return false;
                   } else
                   } else {
                     if(!skipAccessCheck)
                       return false;
                   }
                   /*
                    Check if the modification type has an "aci" attribute type.
                    If so, check the syntax of that attribute value. Fail the

 opendj-sdk/opends/src/server/org/opends/server/core/AddOperation.java

@@ -1659,26 +1659,6 @@
          }
        }

        // Check to see if the client has permission to perform the add.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists or
        // if the parent entry does not exist may have already exposed
        // sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break addProcessing;
        }

        // Check to see if there are any controls in the request. If so,
        // then
        // see if there is any special processing required.
@@ -1901,6 +1881,26 @@
        }


        // Check to see if the client has permission to perform the add.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists or
        // if the parent entry does not exist may have already exposed
        // sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break addProcessing;
        }

        // Check for and handle a request to cancel this operation.
        if (cancelRequest != null)
        {

 opendj-sdk/opends/src/server/org/opends/server/core/CompareOperation.java

@@ -744,26 +744,6 @@
          break compareProcessing;
        }

        // Check to see if the client has permission to perform the
        // compare.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break compareProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        List<Control> requestControls = getRequestControls();
@@ -955,6 +935,26 @@
        }


        // Check to see if the client has permission to perform the
        // compare.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break compareProcessing;
        }

        // Check for and handle a request to cancel this operation.
        if (cancelRequest != null)
        {

 opendj-sdk/opends/src/server/org/opends/server/core/DeleteOperation.java

@@ -682,23 +682,6 @@
        // Check to see if the client has permission to perform the
        // delete.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break deleteProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        boolean                   noOp           = false;
@@ -920,6 +903,23 @@
        }


        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break deleteProcessing;
        }

        // Check for and handle a request to cancel this operation.
        if (cancelRequest != null)
        {

 opendj-sdk/opends/src/server/org/opends/server/core/ModifyDNOperation.java

@@ -1144,27 +1144,6 @@
        }


        // Check to see if the client has permission to perform the
        // modify DN.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry or new superior
        // already exists may have already exposed sensitive information
        // to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyDNProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        boolean                    noOp            = false;
@@ -1411,6 +1390,27 @@
        }


        // Check to see if the client has permission to perform the
        // modify DN.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry or new superior
        // already exists may have already exposed sensitive information
        // to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyDNProcessing;
        }

        // Duplicate the entry and set its new DN.  Also, create an empty list
        // to hold the attribute-level modifications.
        newEntry = currentEntry.duplicate();

 opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java

@@ -947,26 +947,6 @@
          break modifyProcessing;
        }

        // Check to see if the client has permission to perform the
        // modify.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        boolean                    noOp            = false;
@@ -1213,6 +1193,26 @@
        }


        // Check to see if the client has permission to perform the
        // modify.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyProcessing;
        }

        // Get the password policy state object for the entry that can be used
        // to perform any appropriate password policy processing.  Also, see if
        // the entry is being updated by the end user or an administrator.

 opendj-sdk/opends/src/server/org/opends/server/core/SearchOperation.java

@@ -1652,23 +1652,6 @@
        break searchProcessing;
      }

      // Check to see if the client has permission to perform the
      // search.

      // FIXME: for now assume that this will check all permission
      // pertinent to the operation. This includes proxy authorization
      // and any other controls specified.
      if (AccessControlConfigManager.getInstance()
          .getAccessControlHandler().isAllowed(this) == false) {
        setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

        int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
        appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

        skipPostOperation = true;
        break searchProcessing;
      }

      // Check to see if there are any controls in the request.  If so, then
      // see if there is any special processing required.
      boolean       processSearch    = true;
@@ -1952,6 +1935,23 @@
      }


      // Check to see if the client has permission to perform the
      // search.

      // FIXME: for now assume that this will check all permission
      // pertinent to the operation. This includes proxy authorization
      // and any other controls specified.
      if (AccessControlConfigManager.getInstance()
          .getAccessControlHandler().isAllowed(this) == false) {
        setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

        int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
        appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

        skipPostOperation = true;
        break searchProcessing;
      }

      // Check for and handle a request to cancel this operation.
      if (cancelRequest != null)
      {

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/api/PasswordValidatorTestCase.java

@@ -119,6 +119,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -176,6 +177,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -238,6 +240,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -294,6 +297,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -354,6 +358,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -415,6 +420,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -476,6 +482,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -553,6 +560,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -634,6 +642,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -721,6 +730,7 @@
         "sn: User",
         "cn: Test User",
         "userPassword: password",
         "ds-privilege-name: bypass-acl",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");

@@ -804,6 +814,7 @@
         "sn: User",
         "cn: Test User",
         "userPassword: password",
         "ds-privilege-name: bypass-acl",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");


 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java

@@ -28,7 +28,6 @@

import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
import org.opends.server.TestErrorLogger;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.tools.LDAPModify;
@@ -50,9 +49,6 @@
import java.io.OutputStream;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
import java.io.PrintStream;
import java.io.FileOutputStream;
import java.io.FileNotFoundException;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
@@ -110,7 +106,7 @@
// TODO: Test userattr

  // Tests are disabled this way because a class-level @Test(enabled=false)
  // doesn't appear to work and the aci code itself isn't checked in yet.  
  // doesn't appear to work and the aci handler is not yet enabled.
  private static final boolean TESTS_ARE_DISABLED = true;


@@ -219,10 +215,10 @@

  private static final String BIND_RULE_TODAY = "dayofweek=\"" + getThisDayOfWeek() + "\"";
  private static final String BIND_RULE_TODAY_AND_TOMORROW = "dayofweek=\"" + getThisDayOfWeek() + "," + getTomorrowDayOfWeek() + "\"";
  private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\""; 
  private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\"";

  private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);  
  private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);  
  private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
  private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);

  private static final String BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL = and(BIND_RULE_USERDN_ADMIN, or(BIND_RULE_AUTHMETHOD_SSL, BIND_RULE_DNS_LOCALHOST));

@@ -233,7 +229,7 @@
  private static final String BIND_RULE_GROUPDN_3 = "groupdn=\"ldap:///cn=SomeGroup,dc=example,dc=com || ldap:///cn=SomeOtherGroup,dc=example,dc=com || ldap:///cn=SomeThirdGroup,dc=example,dc=com\"";
  private static final String BIND_RULE_USERDN_FILTER = "userdn=\"ldap:///dc=example,dc=com??one?(|(ou=eng)(ou=acct))\"";

  private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\""; 
  private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\"";

  private static final String BIND_RULE_ONLY_AT_NOON = "timeofday=\"1200\"";
  private static final String BIND_RULE_NOT_AT_NOON = "timeofday!=\"1200\"";
@@ -315,7 +311,7 @@

  private static final String DENY_READ_TO_TOP_LEVEL_CN_ADMINS =
          buildAciValue("name", "deny read to users with 'admin' in their cn", "targetattr", "*", "deny(read)", BIND_RULE_USERDN_TOP_LEVEL_CN_ADMINS);
  

  private static final String DENY_ALL_TO_LOCALHOST =
          buildAciValue("name", "deny all to localhost", "targetattr", "*", "deny(all)", BIND_RULE_IP_LOCALHOST);

@@ -787,7 +783,7 @@
      throw e;
    }
  }
  

  // I'd like to make this  dependsOnMethods = {"testBasisOfInvalidityTestsAreValid(String,String,String)"}
  // but I can't figure out how.
  @Test(dataProvider = "invalidAcis")
@@ -874,7 +870,7 @@
  private static final String NO_ACIS_LDIF = "";

  // ------------------------------------------------------------
  //  THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS 
  //  THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS
  // ------------------------------------------------------------

  private static final String ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF =
@@ -1042,7 +1038,7 @@
  // -----------------------------------------------------------------
  //  THESE ALL WILL RETURN EVERYTHING IN AT LEAST OU=INNER FOR ADMINS
  // -----------------------------------------------------------------
  

  private static final String ALLOW_ALL_BASE_TO_ADMIN =
          makeAddAciLdif(OU_BASE_DN, ALLOW_ALL_TO_ADMIN);

@@ -1089,7 +1085,7 @@
          makeAddAciLdif(OU_BASE_DN, ALLOW_SEARCH_OU_AND_PERSON_TO_SIMPLE);

  // ------------------------------------------------------------
  //  
  //
  // ------------------------------------------------------------

  private static final String NO_SEARCH_RESULTS = "";
@@ -1149,7 +1145,7 @@
            NO_ACIS_LDIF,
            ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF,
            ALLOW_ALL_BASE_DENY_READ_BASE_LDIF,
            ALLOW_READ_BASE_DENY_ALL_BASE_LDIF, 
            ALLOW_READ_BASE_DENY_ALL_BASE_LDIF,
            ALLOW_ALL_BASE_DENY_ALL_INNER_LDIF,
            ALLOW_READ_BASE_DENY_ALL_INNER_LDIF,
            ALLOW_ALL_BASE_DENY_READ_INNER_LDIF,
@@ -1221,7 +1217,7 @@
            ALLOW_BASE_SEARCH_OUR_ATTRS_TO_ADMIN,
            ALLOW_BASE_SEARCH_OU_AND_PERSON_TO_SIMPLE
    );
    

    testParams.addSingleSearch(ADMIN_DN, OU_INNER_DN, OBJECTCLASS_STAR, SCOPE_SUB, INNER_OU_FULL_LDIF__SEARCH_TESTS);
    testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_SUB, LEAF_OU_FULL_LDIF__SEARCH_TESTS);
    testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_ONE, LEVEL_3_USER_LDIF__SEARCH_TESTS);

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java

@@ -1826,7 +1826,8 @@
         "cn: Test User");

    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());
         InternalClientConnection.getRootConnection();
//         new InternalClientConnection(new AuthenticationInfo());

    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(), e.getUserAttributes(),

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/CompareOperationTestCase.java

@@ -39,6 +39,7 @@
import org.opends.server.types.Entry;
import org.opends.server.types.LockManager;
import org.opends.server.TestCaseUtils;
import org.opends.server.util.ServerConstants;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
@@ -117,6 +118,7 @@
         "sn: User",
         "cn: Proxy User",
         "userPassword: password",
         "ds-privilege-name: bypass-acl",
         "ds-privilege-name: proxied-auth");

    Entry proxyUserEntry =
@@ -338,7 +340,7 @@
    examineCompletedOperation(compareOperation);
  }

  @Test(enabled = false) // FIXME Issue 739.
  @Test
  public void testCompareSubtype()
  {
    InternalClientConnection conn =
@@ -556,14 +558,15 @@
    examineIncompleteOperation(compareOperation);
  }

  @Test(enabled = false) // FIXME Issue 741.
  @Test
  public void testCompareProxiedAuthV2Criticality() throws Exception
  {
    InvocationCounterPlugin.resetAllCounters();

    ProxiedAuthV2Control authV2Control =
         new ProxiedAuthV2Control(new ASN1OctetString());
    authV2Control.setCritical(false);
    Control authV2Control =
         new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
                     new ASN1OctetString());

    List<Control> controls = new ArrayList<Control>();
    controls.add(authV2Control);


 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/RejectUnauthReqTests.java

@@ -439,10 +439,12 @@
  /**
   * Tests the whether the unauthenticated ADD,MODIFY,COMPARE,MODRDN and
   * DELETE requests succeed with the default configuration settings.
   * FIXME: This test is disabled because it is unreasonable to expect
   * unauthenticated writes to succeed when access control is enabled.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test()
  @Test(enabled=false)
  public void testOtherOpsUnauthDefCfg() throws Exception
  {
    assertEquals(performAddOperation(false),0);
@@ -472,7 +474,7 @@
    "org.opends.server.core.RejectUnauthReqTests.testUnauthWAIDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testAuthWAIDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testStartTLSUnauthDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
//    "org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testOtherOpsAuthDefCfg"
  })
  public void  testChangeAndVerifyRejUnauthReqCfgAttr()  throws Exception

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java

@@ -40,6 +40,7 @@
import org.opends.server.protocols.ldap.*;
import org.opends.server.types.*;
import org.opends.server.TestCaseUtils;
import org.opends.server.util.ServerConstants;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
import org.opends.server.controls.LDAPAssertionRequestControl;
@@ -1043,13 +1044,14 @@
    examineIncompleteOperation(modifyDNOperation);
  }

  @Test(enabled = false) //FIXME: Issue 741
  @Test
  public void testProcessedProxyAuthV2CriticalityModify() throws Exception
  {
    ProxiedAuthV2Control authV2Control = new ProxiedAuthV2Control(
         new ASN1OctetString("dn:cn=nonexistent,o=test"));
    Control authV2Control =
         new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
                     new ASN1OctetString("dn:cn=nonexistent,o=test"));

    List<Control> controls = new ArrayList<Control>();
    authV2Control.setCritical(false);
    controls.add(authV2Control);
    InvocationCounterPlugin.resetAllCounters();


 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java

@@ -355,6 +355,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -418,6 +419,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -480,6 +482,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -534,6 +537,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -597,6 +601,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -660,6 +665,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -722,6 +728,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -784,6 +791,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -1941,6 +1949,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");



 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPCompareTestCase.java

@@ -601,6 +601,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -654,6 +655,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -708,6 +710,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -757,6 +760,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPModifyTestCase.java

@@ -528,6 +528,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -580,6 +581,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -633,6 +635,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -681,6 +684,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPPasswordModifyTestCase.java

@@ -339,7 +339,24 @@
                "Should have been invalid because:  " + invalidReason);
  }


  /**
   * Add a test user.
   */
  private static void addTestUser() throws Exception
  {
    TestCaseUtils.addEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");
  }

  /**
   * Tests the ability to perform a self change including both the current and
@@ -353,24 +370,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -400,24 +400,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -446,24 +429,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -492,24 +458,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -537,24 +486,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -585,24 +517,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -634,24 +549,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -681,24 +579,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -727,24 +608,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -771,24 +635,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -817,24 +664,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -862,24 +692,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -912,24 +725,7 @@
    String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
                            "config" + File.separator + "client.truststore";

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -960,24 +756,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1011,24 +790,7 @@
    String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
                            "config" + File.separator + "client.truststore";

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1059,24 +821,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1106,24 +851,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1209,7 +937,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
    TestCaseUtils.addEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
@@ -1222,13 +950,6 @@
         "userPassword: password",
         "ds-pwp-account-disabled: true");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

    String[] args =
    {
      "-h", "127.0.0.1",
@@ -1258,24 +979,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1306,24 +1010,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1355,24 +1042,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1404,24 +1074,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPSearchTestCase.java

@@ -1401,6 +1401,8 @@

    String[] args =
    {
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b", "o=test",
@@ -1413,6 +1415,8 @@

    args = new String[]
    {
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b", "o=test",
@@ -1426,6 +1430,8 @@

    args = new String[]
    {
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b", "o=test",

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java

@@ -167,6 +167,7 @@
      "ds-privilege-name: backend-backup",
      "ds-privilege-name: backend-restore",
      "ds-privilege-name: proxied-auth",
      "ds-privilege-name: bypass-acl",
      "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
           "cn=Password Policies,cn=config",
      "",
@@ -179,6 +180,7 @@
      "givenName: Unprivileged",
      "sn: User",
      "uid: unprivileged.user",
      "ds-privilege-name: bypass-acl",
      "userPassword: password",
      "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
           "cn=Password Policies,cn=config",

			@@ -221,7 +221,7 @@
			* @return The client entry.
			*/
			public Entry getClientEntry() {
			return clientConnection.getAuthenticationInfo().getAuthorizationEntry();
			return operation.getAuthorizationEntry();
			}

			/**
			@@ -270,7 +270,7 @@
			* @return The client's authorization DN.
			*/
			public DN getClientDN() {
			return clientConnection.getAuthenticationInfo().getAuthorizationDN();
			return operation.getAuthorizationDN();
			}

			/**

			@@ -226,8 +226,10 @@
			container.setRights(ACI_WRITE_DELETE);
			if(!skipAccessCheck && !accessAllowed(container))
			return false;
			} else
			} else {
			if(!skipAccessCheck)
			return false;
			}
			/*
			Check if the modification type has an "aci" attribute type.
			If so, check the syntax of that attribute value. Fail the

			@@ -1659,26 +1659,6 @@
			}
			}

			// Check to see if the client has permission to perform the add.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists or
			// if the parent entry does not exist may have already exposed
			// sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break addProcessing;
			}

			// Check to see if there are any controls in the request. If so,
			// then
			// see if there is any special processing required.
			@@ -1901,6 +1881,26 @@
			}


			// Check to see if the client has permission to perform the add.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists or
			// if the parent entry does not exist may have already exposed
			// sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break addProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -744,26 +744,6 @@
			break compareProcessing;
			}

			// Check to see if the client has permission to perform the
			// compare.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break compareProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			List<Control> requestControls = getRequestControls();
			@@ -955,6 +935,26 @@
			}


			// Check to see if the client has permission to perform the
			// compare.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break compareProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -682,23 +682,6 @@
			// Check to see if the client has permission to perform the
			// delete.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break deleteProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean noOp = false;
			@@ -920,6 +903,23 @@
			}


			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break deleteProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -1144,27 +1144,6 @@
			}


			// Check to see if the client has permission to perform the
			// modify DN.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry or new superior
			// already exists may have already exposed sensitive information
			// to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyDNProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean noOp = false;
			@@ -1411,6 +1390,27 @@
			}


			// Check to see if the client has permission to perform the
			// modify DN.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry or new superior
			// already exists may have already exposed sensitive information
			// to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyDNProcessing;
			}

			// Duplicate the entry and set its new DN. Also, create an empty list
			// to hold the attribute-level modifications.
			newEntry = currentEntry.duplicate();

			@@ -947,26 +947,6 @@
			break modifyProcessing;
			}

			// Check to see if the client has permission to perform the
			// modify.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean noOp = false;
			@@ -1213,6 +1193,26 @@
			}


			// Check to see if the client has permission to perform the
			// modify.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyProcessing;
			}

			// Get the password policy state object for the entry that can be used
			// to perform any appropriate password policy processing. Also, see if
			// the entry is being updated by the end user or an administrator.

			@@ -1652,23 +1652,6 @@
			break searchProcessing;
			}

			// Check to see if the client has permission to perform the
			// search.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

			skipPostOperation = true;
			break searchProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean processSearch = true;
			@@ -1952,6 +1935,23 @@
			}


			// Check to see if the client has permission to perform the
			// search.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

			skipPostOperation = true;
			break searchProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -119,6 +119,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -176,6 +177,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -238,6 +240,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -294,6 +297,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -354,6 +358,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -415,6 +420,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -476,6 +482,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -553,6 +560,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -634,6 +642,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -721,6 +730,7 @@
			"sn: User",
			"cn: Test User",
			"userPassword: password",
			"ds-privilege-name: bypass-acl",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -804,6 +814,7 @@
			"sn: User",
			"cn: Test User",
			"userPassword: password",
			"ds-privilege-name: bypass-acl",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -28,7 +28,6 @@

			import org.opends.server.DirectoryServerTestCase;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.TestErrorLogger;
			import org.opends.server.types.LDIFImportConfig;
			import org.opends.server.types.LDIFExportConfig;
			import org.opends.server.tools.LDAPModify;
			@@ -50,9 +49,6 @@
			import java.io.OutputStream;
			import java.io.ByteArrayOutputStream;
			import java.io.StringReader;
			import java.io.PrintStream;
			import java.io.FileOutputStream;
			import java.io.FileNotFoundException;
			import java.util.List;
			import java.util.ArrayList;
			import java.util.Map;
			@@ -110,7 +106,7 @@
			// TODO: Test userattr

			// Tests are disabled this way because a class-level @Test(enabled=false)
			// doesn't appear to work and the aci code itself isn't checked in yet.
			// doesn't appear to work and the aci handler is not yet enabled.
			private static final boolean TESTS_ARE_DISABLED = true;


			@@ -219,10 +215,10 @@

			private static final String BIND_RULE_TODAY = "dayofweek=\"" + getThisDayOfWeek() + "\"";
			private static final String BIND_RULE_TODAY_AND_TOMORROW = "dayofweek=\"" + getThisDayOfWeek() + "," + getTomorrowDayOfWeek() + "\"";
			private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\"";
			private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\"";

			private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
			private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);
			private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
			private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);

			private static final String BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL = and(BIND_RULE_USERDN_ADMIN, or(BIND_RULE_AUTHMETHOD_SSL, BIND_RULE_DNS_LOCALHOST));

			@@ -233,7 +229,7 @@
			private static final String BIND_RULE_GROUPDN_3 = "groupdn=\"ldap:///cn=SomeGroup,dc=example,dc=com \|\| ldap:///cn=SomeOtherGroup,dc=example,dc=com \|\| ldap:///cn=SomeThirdGroup,dc=example,dc=com\"";
			private static final String BIND_RULE_USERDN_FILTER = "userdn=\"ldap:///dc=example,dc=com??one?(\|(ou=eng)(ou=acct))\"";

			private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\"";
			private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\"";

			private static final String BIND_RULE_ONLY_AT_NOON = "timeofday=\"1200\"";
			private static final String BIND_RULE_NOT_AT_NOON = "timeofday!=\"1200\"";
			@@ -315,7 +311,7 @@

			private static final String DENY_READ_TO_TOP_LEVEL_CN_ADMINS =
			buildAciValue("name", "deny read to users with 'admin' in their cn", "targetattr", "*", "deny(read)", BIND_RULE_USERDN_TOP_LEVEL_CN_ADMINS);


			private static final String DENY_ALL_TO_LOCALHOST =
			buildAciValue("name", "deny all to localhost", "targetattr", "*", "deny(all)", BIND_RULE_IP_LOCALHOST);

			@@ -787,7 +783,7 @@
			throw e;
			}
			}


			// I'd like to make this dependsOnMethods = {"testBasisOfInvalidityTestsAreValid(String,String,String)"}
			// but I can't figure out how.
			@Test(dataProvider = "invalidAcis")
			@@ -874,7 +870,7 @@
			private static final String NO_ACIS_LDIF = "";

			// ------------------------------------------------------------
			// THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS
			// THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS
			// ------------------------------------------------------------

			private static final String ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF =
			@@ -1042,7 +1038,7 @@
			// -----------------------------------------------------------------
			// THESE ALL WILL RETURN EVERYTHING IN AT LEAST OU=INNER FOR ADMINS
			// -----------------------------------------------------------------


			private static final String ALLOW_ALL_BASE_TO_ADMIN =
			makeAddAciLdif(OU_BASE_DN, ALLOW_ALL_TO_ADMIN);

			@@ -1089,7 +1085,7 @@
			makeAddAciLdif(OU_BASE_DN, ALLOW_SEARCH_OU_AND_PERSON_TO_SIMPLE);

			// ------------------------------------------------------------
			//
			//
			// ------------------------------------------------------------

			private static final String NO_SEARCH_RESULTS = "";
			@@ -1149,7 +1145,7 @@
			NO_ACIS_LDIF,
			ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF,
			ALLOW_ALL_BASE_DENY_READ_BASE_LDIF,
			ALLOW_READ_BASE_DENY_ALL_BASE_LDIF,
			ALLOW_READ_BASE_DENY_ALL_BASE_LDIF,
			ALLOW_ALL_BASE_DENY_ALL_INNER_LDIF,
			ALLOW_READ_BASE_DENY_ALL_INNER_LDIF,
			ALLOW_ALL_BASE_DENY_READ_INNER_LDIF,
			@@ -1221,7 +1217,7 @@
			ALLOW_BASE_SEARCH_OUR_ATTRS_TO_ADMIN,
			ALLOW_BASE_SEARCH_OU_AND_PERSON_TO_SIMPLE
			);


			testParams.addSingleSearch(ADMIN_DN, OU_INNER_DN, OBJECTCLASS_STAR, SCOPE_SUB, INNER_OU_FULL_LDIF__SEARCH_TESTS);
			testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_SUB, LEAF_OU_FULL_LDIF__SEARCH_TESTS);
			testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_ONE, LEVEL_3_USER_LDIF__SEARCH_TESTS);

			@@ -1826,7 +1826,8 @@
			"cn: Test User");

			InternalClientConnection conn =
			new InternalClientConnection(new AuthenticationInfo());
			InternalClientConnection.getRootConnection();
			// new InternalClientConnection(new AuthenticationInfo());

			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(), e.getUserAttributes(),

			@@ -39,6 +39,7 @@
			import org.opends.server.types.Entry;
			import org.opends.server.types.LockManager;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.util.ServerConstants;
			import org.opends.server.controls.LDAPAssertionRequestControl;
			import org.opends.server.controls.ProxiedAuthV1Control;
			import org.opends.server.controls.ProxiedAuthV2Control;
			@@ -117,6 +118,7 @@
			"sn: User",
			"cn: Proxy User",
			"userPassword: password",
			"ds-privilege-name: bypass-acl",
			"ds-privilege-name: proxied-auth");

			Entry proxyUserEntry =
			@@ -338,7 +340,7 @@
			examineCompletedOperation(compareOperation);
			}

			@Test(enabled = false) // FIXME Issue 739.
			@Test
			public void testCompareSubtype()
			{
			InternalClientConnection conn =
			@@ -556,14 +558,15 @@
			examineIncompleteOperation(compareOperation);
			}

			@Test(enabled = false) // FIXME Issue 741.
			@Test
			public void testCompareProxiedAuthV2Criticality() throws Exception
			{
			InvocationCounterPlugin.resetAllCounters();

			ProxiedAuthV2Control authV2Control =
			new ProxiedAuthV2Control(new ASN1OctetString());
			authV2Control.setCritical(false);
			Control authV2Control =
			new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
			new ASN1OctetString());

			List<Control> controls = new ArrayList<Control>();
			controls.add(authV2Control);

			@@ -439,10 +439,12 @@
			/**
			* Tests the whether the unauthenticated ADD,MODIFY,COMPARE,MODRDN and
			* DELETE requests succeed with the default configuration settings.
			* FIXME: This test is disabled because it is unreasonable to expect
			* unauthenticated writes to succeed when access control is enabled.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test()
			@Test(enabled=false)
			public void testOtherOpsUnauthDefCfg() throws Exception
			{
			assertEquals(performAddOperation(false),0);
			@@ -472,7 +474,7 @@
			"org.opends.server.core.RejectUnauthReqTests.testUnauthWAIDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testAuthWAIDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testStartTLSUnauthDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
			// "org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testOtherOpsAuthDefCfg"
			})
			public void testChangeAndVerifyRejUnauthReqCfgAttr() throws Exception

			@@ -40,6 +40,7 @@
			import org.opends.server.protocols.ldap.*;
			import org.opends.server.types.*;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.util.ServerConstants;
			import org.opends.server.controls.ProxiedAuthV1Control;
			import org.opends.server.controls.ProxiedAuthV2Control;
			import org.opends.server.controls.LDAPAssertionRequestControl;
			@@ -1043,13 +1044,14 @@
			examineIncompleteOperation(modifyDNOperation);
			}

			@Test(enabled = false) //FIXME: Issue 741
			@Test
			public void testProcessedProxyAuthV2CriticalityModify() throws Exception
			{
			ProxiedAuthV2Control authV2Control = new ProxiedAuthV2Control(
			new ASN1OctetString("dn:cn=nonexistent,o=test"));
			Control authV2Control =
			new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
			new ASN1OctetString("dn:cn=nonexistent,o=test"));

			List<Control> controls = new ArrayList<Control>();
			authV2Control.setCritical(false);
			controls.add(authV2Control);
			InvocationCounterPlugin.resetAllCounters();

			@@ -355,6 +355,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -418,6 +419,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -480,6 +482,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -534,6 +537,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -597,6 +601,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -660,6 +665,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -722,6 +728,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -784,6 +791,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -1941,6 +1949,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");

			@@ -601,6 +601,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -654,6 +655,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -708,6 +710,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -757,6 +760,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -528,6 +528,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -580,6 +581,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -633,6 +635,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -681,6 +684,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -339,7 +339,24 @@
			"Should have been invalid because: " + invalidReason);
			}


			/**
			* Add a test user.
			*/
			private static void addTestUser() throws Exception
			{
			TestCaseUtils.addEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");
			}

			/**
			* Tests the ability to perform a self change including both the current and
			@@ -353,24 +370,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -400,24 +400,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -446,24 +429,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -492,24 +458,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -537,24 +486,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -585,24 +517,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -634,24 +549,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -681,24 +579,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -727,24 +608,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -771,24 +635,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -817,24 +664,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -862,24 +692,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -912,24 +725,7 @@
			String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
			"config" + File.separator + "client.truststore";

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -960,24 +756,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1011,24 +790,7 @@
			String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
			"config" + File.separator + "client.truststore";

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1059,24 +821,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1106,24 +851,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1209,7 +937,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			TestCaseUtils.addEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			@@ -1222,13 +950,6 @@
			"userPassword: password",
			"ds-pwp-account-disabled: true");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

			String[] args =
			{
			"-h", "127.0.0.1",
			@@ -1258,24 +979,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1306,24 +1010,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1355,24 +1042,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1404,24 +1074,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{

			@@ -1401,6 +1401,8 @@

			String[] args =
			{
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "o=test",
			@@ -1413,6 +1415,8 @@

			args = new String[]
			{
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "o=test",
			@@ -1426,6 +1430,8 @@

			args = new String[]
			{
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "o=test",

			@@ -167,6 +167,7 @@
			"ds-privilege-name: backend-backup",
			"ds-privilege-name: backend-restore",
			"ds-privilege-name: proxied-auth",
			"ds-privilege-name: bypass-acl",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config",
			"",
			@@ -179,6 +180,7 @@
			"givenName: Unprivileged",
			"sn: User",
			"uid: unprivileged.user",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config",