external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -74,6 +74,7 @@
			ds-cfg-global-aci: (target="ldap:///cn=schema")(targetscope="base")(targetattr="attributeTypes\|\|dITContentRules\|\|dITStructureRules\|\|ldapSyntaxes\|\|matchingRules\|\|matchingRuleUse\|\|nameForms\|\|objectClasses")(version 3.0; acl "User-Visible Schema Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
			ds-cfg-global-aci: (target="ldap:///")(targetscope="base")(targetattr="namingContexts\|\|supportedAuthPasswordSchemes\|\|supportedControl\|\|supportedExtension\|\|supportedFeatures\|\|supportedLDAPVersion\|\|supportedSASLMechanisms\|\|vendorName\|\|vendorVersion")(version 3.0; acl "User-Visible Root DSE Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
			ds-cfg-global-aci: (targetattr="createTimestamp\|\|creatorsName\|\|modifiersName\|\|modifyTimestamp\|\|entryDN\|\|entryUUID\|\|subschemaSubentry")(version 3.0; acl "User-Visible Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
			ds-cfg-global-aci: (target="ldap:///dc=replicationchanges")(targetattr="*")(version 3.0; acl "Replication backend access"; deny (all) userdn="ldap:///anyone";)
			cn: Access Control Handler
			ds-cfg-java-class: org.opends.server.authorization.dseecompat.AciHandler
			ds-cfg-enabled: true

			@@ -87,6 +87,8 @@
			import org.opends.messages.Message;
			import org.opends.messages.Severity;
			import org.opends.server.loggers.ErrorLogger;
			import org.opends.server.tools.LDAPModify;
			import org.opends.server.tools.LDAPSearch;

			/**
			* Tests for the replicationServer code.
			@@ -1160,16 +1162,17 @@

			// - Add
			String luentry = new String(
			"dn: uid=new person,ou=People,"+suffix+"\n"
			"dn: cn=Fiona Jensen,ou=People,"+suffix+"\n"
			+ "objectClass: top\n"
			+ "objectclass: person\n"
			+ "objectclass: organizationalPerson\n"
			+ "objectclass: inetOrgPerson\n"
			+ "cn: Fiona Jensen\n"
			+ "sn: Jensen\n"
			+ "uid: new person\n"
			+ "givenName: fjensen\n"
			+ "telephonenumber: +1 408 555 1212\n"
			+ "entryUUID: " + user1entryUUID +"\n");
			+ "entryUUID: " + user1entryUUID +"\n"
			+ "userpassword: fjen$$en"+"\n");
			Entry uentry = TestCaseUtils.entryFromLdifString(luentry);
			cn = new ChangeNumber(time, ts++, serverId);
			AddMsg addMsg2 = new AddMsg(
			@@ -1299,14 +1302,13 @@
			LDAPFilter.decode("(changetype=*)"));
			assertEquals(op.getResultCode(), ResultCode.NO_SUCH_OBJECT);

			testReplicationBackendACIs();

			// General search
			op = connection.processSearch(
			new ASN1OctetString("dc=replicationChanges"),
			SearchScope.WHOLE_SUBTREE,
			LDAPFilter.decode("(changetype=*)"));
			assertEquals(op.getResultCode(), ResultCode.SUCCESS);
			assertEquals(op.getSearchEntries().size(), 5);

			debugInfo("Search result");
			LinkedList<SearchResultEntry> entries = op.getSearchEntries();
			@@ -1320,6 +1322,9 @@
			}
			debugInfo("\n" + stream.toString());

			assertEquals(op.getResultCode(), ResultCode.SUCCESS);
			assertEquals(op.getSearchEntries().size(), 5);

			debugInfo("Query / filter based on changetype");
			op = connection.processSearch(
			new ASN1OctetString("dc=replicationChanges"),
			@@ -1400,9 +1405,84 @@
			assertEquals(op.getResultCode(), ResultCode.SUCCESS);
			assertEquals(op.getSearchEntries().size(), 5);


			if (server1 != null)
			server1.stop();

			debugInfo("Successfully ending searchBackend");
			}

			private static final ByteArrayOutputStream oStream =
			new ByteArrayOutputStream();
			private static final ByteArrayOutputStream eStream =
			new ByteArrayOutputStream();

			private void testReplicationBackendACIs()
			{
			// test search as anonymous
			String[] args =
			{
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "dc=replicationChanges",
			"-s", "sub",
			"(objectClass=*)"
			};

			oStream.reset();
			eStream.reset();
			int retVal =
			LDAPSearch.mainSearch(args, false, oStream, eStream);
			String entries = oStream.toString();

			debugInfo("Entries:" + entries);
			assertEquals(0, retVal, "Returned error: " + eStream);
			assertEquals(entries, "", "Returned entries: " + entries);

			// test search as directory manager returns content
			String[] args3 =
			{
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-b", "dc=replicationChanges",
			"-s", "sub",
			"(objectClass=*)"
			};

			oStream.reset();
			eStream.reset();
			retVal =
			LDAPSearch.mainSearch(args3, false, oStream, eStream);
			entries = oStream.toString();

			debugInfo("Entries:" + entries);
			assertEquals(0, retVal, "Returned error: " + eStream);
			assertTrue(!entries.equalsIgnoreCase(""), "Returned entries: " + entries);

			// test write fails : unwilling to perform
			try
			{
			String ldif = new String(
			"dn: dc=foo, dc=replicationchanges\n"
			+ "objectclass: top\n"
			+ "objectClass: domain\n"
			+ "dc:foo\n");
			String path = TestCaseUtils.createTempFile(ldif);
			String[] args4 =
			{
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-a",
			"-f", path
			};

			retVal =
			LDAPModify.mainModify(args4, false, oStream, eStream);
			assertEquals(retVal, 53, "Returned error: " + eStream);
			} catch(Exception e) {}
			}
			}