external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 0e87ef45 | patch | commit | show whitespace

Converted Privileges test suites to use dsconfig for changing global ACIs.

mkeyes

31.45.2007 0900da4d66436ec9dfba097e4fab2d315602d427

Converted Privileges test suites to use dsconfig for changing global ACIs.

4 files modified

	opends/tests/functional-tests/testcases/privileges/privileges.xml	1 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_directory_manager.xml	50 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_new_root_user.xml	46 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_users.xml	92 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/functional-tests/testcases/privileges/privileges.xml

@@ -39,6 +39,7 @@
    
          <script>
            CurrentTestPath['group']='privileges'
            GLOBAL_ACI_SEARCH="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
          </script>
      
          <call function="'testGroup_Preamble'"/>

 opends/tests/functional-tests/testcases/privileges/privileges_directory_manager.xml

@@ -87,20 +87,13 @@
                   'Privileges: Directory Manager: bypass-acl, preamble, alternate root user removing global search ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' 
                  }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -240,16 +233,13 @@
                   'Privileges: Directory Manager: bypass-acl, alternate root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' 
                  }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
               <message>
@@ -308,20 +298,13 @@
                   'Privileges: Directory Manager: bypass-acl, alternate bind DN, alternate root user removing global search ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' 
                  }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
    
                <message>
@@ -383,16 +366,13 @@
                   'Privileges: Directory Manager:  bypass-acl, alternate bind DN, alternate root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' 
                  }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
    
               <message>
@@ -1150,7 +1130,7 @@
                </message>
    
                <script>
                    global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                    another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
@@ -1160,7 +1140,7 @@
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'add' 
                  }
                </call>
@@ -1294,7 +1274,7 @@
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'delete' 
                  }
                </call>

 opends/tests/functional-tests/testcases/privileges/privileges_new_root_user.xml

@@ -127,19 +127,13 @@
                   'Privileges: New Root User: bypass-acl, alternative root user removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -275,15 +269,13 @@
                   'Privileges: New Root User: bypass-acl, alternative root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
                <message>
@@ -340,19 +332,13 @@
                   'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -412,15 +398,13 @@
                   'Privileges: New Root User:  bypass-acl, alternate bind DN, alternative root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
                <message>
@@ -1159,7 +1143,7 @@
                </message>
    
                <script>
                    global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                  another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
@@ -1169,7 +1153,7 @@
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'add' }
                </call>
                
@@ -1297,7 +1281,7 @@
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'delete' }
                </call>
                

 opends/tests/functional-tests/testcases/privileges/privileges_users.xml

@@ -114,19 +114,13 @@
                   'Privileges: Users: bypass-acl, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -244,15 +238,13 @@
                   'Privileges: Users:  Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
                <message>
@@ -314,19 +306,13 @@
                   'Privileges: Users: bypass-acl with proxy, preamble, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -505,15 +491,13 @@
                   'Privileges: Users:  bypass-acl with proxy, Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
                <message>
@@ -575,19 +559,13 @@
                   'Privileges: Users: bypass-acl with minus notation, preamble, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -762,15 +740,13 @@
                   'Privileges: Users:  bypass-acl with minus notation, Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
                <message>
@@ -827,19 +803,13 @@
                   'Privileges: Users: bypass-acl self-modify add, preamble, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'remove' }
                </call>
                
                <message>
@@ -890,15 +860,13 @@
                   'Privileges: Users:  bypass-acl self-modify add, Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                    'aciValue'               : GLOBAL_ACI_SEARCH ,
                    'opType'                 : 'add' }
                </call>
                
                <message>
@@ -1903,7 +1871,7 @@
                </message>
    
                <script>
                    global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                    another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
@@ -1913,7 +1881,7 @@
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'add' ,
                    'expectedRC'             : 50
                  }
@@ -1945,7 +1913,7 @@
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'add' ,
                    'expectedRC'             : 50
                  }
@@ -1977,7 +1945,7 @@
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'add' ,
                    'expectedRC'             : 50
                  }
@@ -2013,7 +1981,7 @@
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'add' }
                </call>
                
@@ -2111,7 +2079,7 @@
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci',
                    'newAttributeValue'      : global_aci ,
                    'newAttributeValue'      : another_aci ,
                    'changetype'             : 'delete' }
                </call>

			@@ -39,6 +39,7 @@

			<script>
			CurrentTestPath['group']='privileges'
			GLOBAL_ACI_SEARCH="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'testGroup_Preamble'"/>

			@@ -87,20 +87,13 @@
			'Privileges: Directory Manager: bypass-acl, preamble, alternate root user removing global search ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete'
			}
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -240,16 +233,13 @@
			'Privileges: Directory Manager: bypass-acl, alternate root user putting back global search ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add'
			}
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -308,20 +298,13 @@
			'Privileges: Directory Manager: bypass-acl, alternate bind DN, alternate root user removing global search ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete'
			}
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -383,16 +366,13 @@
			'Privileges: Directory Manager: bypass-acl, alternate bind DN, alternate root user putting back global search ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add'
			}
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -1150,7 +1130,7 @@
			</message>

			<script>
			global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			@@ -1160,7 +1140,7 @@
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'add'
			}
			</call>
			@@ -1294,7 +1274,7 @@
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'delete'
			}
			</call>

			@@ -127,19 +127,13 @@
			'Privileges: New Root User: bypass-acl, alternative root user removing search global ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -275,15 +269,13 @@
			'Privileges: New Root User: bypass-acl, alternative root user putting back global search ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -340,19 +332,13 @@
			'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user removing search global ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -412,15 +398,13 @@
			'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user putting back global search ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -1159,7 +1143,7 @@
			</message>

			<script>
			global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			@@ -1169,7 +1153,7 @@
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'add' }
			</call>

			@@ -1297,7 +1281,7 @@
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'delete' }
			</call>

			@@ -114,19 +114,13 @@
			'Privileges: Users: bypass-acl, removing search global ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -244,15 +238,13 @@
			'Privileges: Users: Putting Back Search Global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -314,19 +306,13 @@
			'Privileges: Users: bypass-acl with proxy, preamble, removing search global ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -505,15 +491,13 @@
			'Privileges: Users: bypass-acl with proxy, Putting Back Search Global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -575,19 +559,13 @@
			'Privileges: Users: bypass-acl with minus notation, preamble, removing search global ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -762,15 +740,13 @@
			'Privileges: Users: bypass-acl with minus notation, Putting Back Search Global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -827,19 +803,13 @@
			'Privileges: Users: bypass-acl self-modify add, preamble, removing search global ACI'
			</message>

			<script>
			global_aci="(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'delete' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'remove' }
			</call>

			<message>
			@@ -890,15 +860,13 @@
			'Privileges: Users: bypass-acl self-modify add, Putting Back Search Global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'modifyGlobalAci'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'changetype' : 'add' }
			'aciValue' : GLOBAL_ACI_SEARCH ,
			'opType' : 'add' }
			</call>

			<message>
			@@ -1903,7 +1871,7 @@
			</message>

			<script>
			global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			another_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword\|\|authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			@@ -1913,7 +1881,7 @@
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'add' ,
			'expectedRC' : 50
			}
			@@ -1945,7 +1913,7 @@
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'add' ,
			'expectedRC' : 50
			}
			@@ -1977,7 +1945,7 @@
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'add' ,
			'expectedRC' : 50
			}
			@@ -2013,7 +1981,7 @@
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'add' }
			</call>

			@@ -2111,7 +2079,7 @@
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci',
			'newAttributeValue' : global_aci ,
			'newAttributeValue' : another_aci ,
			'changetype' : 'delete' }
			</call>