external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 18bf6870 | patch | commit | ignore whitespace

use dsconfig to set mapper certificate configuration

smaguin

16.38.2007 16826586e3c777d49c8d7644f7b12cdafc8df9b6

use dsconfig to set mapper certificate configuration

4 files modified

	opends/tests/functional-tests/testcases/security/client_auth/equal_dn_mapper.xml	24 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/client_auth/fingerprint_mapper.xml	93 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/client_auth/subject_attribute_mapper.xml	60 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/client_auth/subject_dn_mapper.xml	49 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/functional-tests/testcases/security/client_auth/equal_dn_mapper.xml

@@ -53,19 +53,19 @@
      <message>
             '----  Configure the SASL EXTERNAL mechanism -----'
      </message>      
    
      <call function="'modifyAnAttribute'">
          { 'dsInstanceHost'       :  DIRECTORY_INSTANCE_HOST ,
             'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
             'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
             'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
             'DNToModify'          :  'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
             'attributeName'        : 'ds-cfg-certificate-mapper',
             'newAttributeValue'  : 'cn=Subject Equals DN,cn=Certificate Mappers,cn=config',
             'changetype' : 'replace',
             'expectedRC'           :  0 }      

     <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-sasl-mechanism-handler-prop' ,
        'objectType'         : 'handler-name' ,
        'objectName'        : 'EXTERNAL',
        'optionsString'      : '--set certificate-mapper:"Subject Equals DN"',
       'expectedRC'     : 0 }
      </call>
   
        
                 
      <call function="'testCase_Postamble'"/>
    </sequence>

 opends/tests/functional-tests/testcases/security/client_auth/fingerprint_mapper.xml

@@ -54,19 +54,19 @@
    <message>
             '----  Configure the SASL EXTERNAL mechanism -----'
    </message>      
    
    <call function="'modifyAnAttribute'">
          { 'dsInstanceHost'       :  DIRECTORY_INSTANCE_HOST ,
             'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
             'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
             'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
             'DNToModify'          :  'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
             'attributeName'        : 'ds-cfg-certificate-mapper',
             'newAttributeValue'  : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
             'changetype' : 'replace',
             'expectedRC'           :  0 }    
    </call>
 

    <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-sasl-mechanism-handler-prop' ,
        'objectType'         : 'handler-name' ,
        'objectName'        : 'EXTERNAL',
        'optionsString'      : '--set certificate-mapper:"Fingerprint Mapper"',
       'expectedRC'     : 0 }
      </call>
  
    <call function="'testCase_Postamble'"/>
  </sequence>
 </testcase>
@@ -144,25 +144,23 @@
   <message>'MD5 fingerprint for %s is  : %s ' %  (USER_2_CERT,MD5_fingerprint_cert2)</message>      
   <message>'SHA1 fingerprint for %s is  : %s ' %  (USER_2_CERT,SHA1_fingerprint_cert2)</message>          

  <!--   Configure the mapper to map MD5 -->        
     <script>
            listAttr = []   
            listAttr.append('ds-cfg-fingerprint-attribute:ds-certificate-fingerprint')
            listAttr.append('ds-cfg-fingerprint-algorithm:MD5')
     </script>    

     <!--   Configure the mapper to map MD5 -->       
     <!-- fingerprint-attribute:ds-certificate-fingerprint   -->
     <!-- fingerprint-algorithm:MD5-->  
    <message>'----- Configure the mapper to map MD5 fingerprint '</message>       
    
     <call function="'modifyAnAttribute'">
    { 'dsInstanceHost'     : DIRECTORY_INSTANCE_HOST ,
    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
    'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
    'dsInstancePswd'       : DIRECTORY_INSTANCE_PSWD ,
    'DNToModify'          : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
    'listAttributes' : listAttr,
    'changetype'              : 'replace',
    'expectedRC'           :  0 }       
    </call>          

    <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-certificate-mapper-prop' ,
        'objectType'         : 'mapper-name' ,
        'objectName'        : 'fingerPrint Mapper',
        'optionsString'      : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:MD5',
       'expectedRC'     : 0 }
      </call> 
               
   
   <!-- configure the user entries -->
   <message>'----- Configure the attribute ds-certificate-fingerprint  for user %s ---' % USER_1_DN</message>
@@ -300,24 +298,21 @@
    
   <!--     Configure the mapper to map SHA1  fingerprint   -->
   <message>'----- Configure the mapper to map SHA1 fingerprint '</message>       
       <script>
            listAttr = []   
            listAttr.append('ds-cfg-fingerprint-attribute:ds-certificate-fingerprint')
            listAttr.append('ds-cfg-fingerprint-algorithm:SHA1')
      </script>      
        
 
     <call function="'modifyAnAttribute'">
    { 'dsInstanceHost'     : DIRECTORY_INSTANCE_HOST ,
    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
    'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
    'dsInstancePswd'       : DIRECTORY_INSTANCE_PSWD ,
    'DNToModify'          : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
    'listAttributes' : listAttr,
    'changetype'              : 'replace',
    'expectedRC'           :  0 }       
    </call>              
    

     <!-- fingerprint-attribute:ds-certificate-fingerprint   -->
     <!-- fingerprint-algorithm:SHA1-->         
    <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-certificate-mapper-prop' ,
        'objectType'         : 'mapper-name' ,
        'objectName'        : 'fingerPrint Mapper',
        'optionsString'      : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:SHA1',
       'expectedRC'     : 0 }
      </call> 
               
    
<!--  Check mapping is working -->         
    <message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>

 opends/tests/functional-tests/testcases/security/client_auth/subject_attribute_mapper.xml

@@ -53,29 +53,20 @@
      <message>
             '----  Configure the SASL EXTERNAL mechanism with Subject Attribute to User Attribute mapper -----'
      </message>      
    
      <call function="'modifyAnAttribute'">
          { 'dsInstanceHost'       :  DIRECTORY_INSTANCE_HOST ,
             'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
             'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
             'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
             'DNToModify'          :  'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
             'attributeName'        : 'ds-cfg-certificate-mapper',
             'newAttributeValue'  : 'cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config',
             'changetype' : 'replace',
             'expectedRC'           :  0 }        
      </call>
   
                
     <message>
             '----  Configure the Subject Attribute to User Attribute mapper -----'
      </message>  
     <script>
             listAttr = []  
             listAttr.append('cn=ds-cfg-subject-attribute-mapping:cn:cn')
             listAttr.append('cn=ds-cfg-subject-attribute-mapping:e:mail')     
      </script>             


     <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-sasl-mechanism-handler-prop' ,
        'objectType'         : 'handler-name' ,
        'objectName'        : 'EXTERNAL',
        'optionsString'      : '--set certificate-mapper:"Subject Attribute to User Attribute"',
       'expectedRC'     : 0 }
      </call>
      
      <call function="'testCase_Postamble'"/>
    </sequence>
  </testcase>
@@ -107,18 +98,19 @@
             '----  Configure the Subject Attribute to User Attribute mapper -----'
      </message>       
      <message>'---- Add a new mapping rule from attribute "uid"  from certificate subject and attribute "description" of the user entry'</message>  
      <call function="'modifyAnAttribute'">
          { 'dsInstanceHost'       :  DIRECTORY_INSTANCE_HOST ,
             'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
             'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
             'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
             'DNToModify'          :  'cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config',
             'attributeName'        : 'ds-cfg-subject-attribute-mapping',
             'newAttributeValue'  : 'uid:description',
             'changetype' : 'replace',
             'expectedRC'           :  0 }        
      </call>
       
      

     <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-certificate-mapper-prop' ,
        'objectType'         : 'mapper-name' ,
        'objectName'        : 'Subject Attribute to User Attribute',
        'optionsString'      : '--set subject-attribute-mapping:"uid:description"',
       'expectedRC'     : 0 }
      </call>      
          
    <message>'----- Configure the attribute description  for user %s ---' % USER_1_DN</message>
    <message>'----- the attribute description will map with the attribute "uid" of the certificate subject'</message>

 opends/tests/functional-tests/testcases/security/client_auth/subject_dn_mapper.xml

@@ -54,18 +54,19 @@
    <message>
             '----  Configure the SASL EXTERNAL mechanism -----'
    </message>      
    
    <call function="'modifyAnAttribute'">
          { 'dsInstanceHost'       :  DIRECTORY_INSTANCE_HOST ,
             'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
             'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
             'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
             'DNToModify'          :  'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
             'attributeName'        : 'ds-cfg-certificate-mapper',
             'newAttributeValue'  : 'cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config',
             'changetype' : 'replace',
             'expectedRC'           :  0 }      
    </call>


     <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-sasl-mechanism-handler-prop' ,
        'objectType'         : 'handler-name' ,
        'objectName'        : 'EXTERNAL',
        'optionsString'      : '--set certificate-mapper:"Subject DN to User Attribute"',
       'expectedRC'     : 0 }
      </call>
 
    <call function="'testCase_Postamble'"/>
  </sequence>
@@ -288,17 +289,19 @@
    
    <message>'----- Configure  the mapping to be done on the attribute description' </message>
          
    <call function="'modifyAnAttribute'">
    { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
    'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
    'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
    'dsInstancePswd'     : DIRECTORY_INSTANCE_PSWD ,
    'DNToModify'        : 'cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config',  
    'attributeName'      : 'ds-cfg-subject-attribute',
    'newAttributeValue'  : 'description',
    'changetype' : 'replace',
    'expectedRC'           :  0 }  
    </call>

     <call function="'dsconfig'">
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST,
        'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
        'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
        'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
        'subcommand'        : 'set-certificate-mapper-prop' ,
        'objectType'         : 'mapper-name' ,
        'objectName'        : 'Subject DN to User Attribute',
        'optionsString'      : '--set subject-attribute:description',
       'expectedRC'     : 0 }
      </call>


    <message>'----- Configure the attribute ds-certificate-subject-dn  for user %s ---' % USER_1_DN</message>

			@@ -53,19 +53,19 @@
			<message>
			'---- Configure the SASL EXTERNAL mechanism -----'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
			'attributeName' : 'ds-cfg-certificate-mapper',
			'newAttributeValue' : 'cn=Subject Equals DN,cn=Certificate Mappers,cn=config',
			'changetype' : 'replace',
			'expectedRC' : 0 }

			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-sasl-mechanism-handler-prop' ,
			'objectType' : 'handler-name' ,
			'objectName' : 'EXTERNAL',
			'optionsString' : '--set certificate-mapper:"Subject Equals DN"',
			'expectedRC' : 0 }
			</call>



			<call function="'testCase_Postamble'"/>
			</sequence>

			@@ -54,19 +54,19 @@
			<message>
			'---- Configure the SASL EXTERNAL mechanism -----'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
			'attributeName' : 'ds-cfg-certificate-mapper',
			'newAttributeValue' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>


			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-sasl-mechanism-handler-prop' ,
			'objectType' : 'handler-name' ,
			'objectName' : 'EXTERNAL',
			'optionsString' : '--set certificate-mapper:"Fingerprint Mapper"',
			'expectedRC' : 0 }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			@@ -144,25 +144,23 @@
			<message>'MD5 fingerprint for %s is : %s ' % (USER_2_CERT,MD5_fingerprint_cert2)</message>
			<message>'SHA1 fingerprint for %s is : %s ' % (USER_2_CERT,SHA1_fingerprint_cert2)</message>

			<!-- Configure the mapper to map MD5 -->
			<script>
			listAttr = []
			listAttr.append('ds-cfg-fingerprint-attribute:ds-certificate-fingerprint')
			listAttr.append('ds-cfg-fingerprint-algorithm:MD5')
			</script>

			<!-- Configure the mapper to map MD5 -->
			<!-- fingerprint-attribute:ds-certificate-fingerprint -->
			<!-- fingerprint-algorithm:MD5-->
			<message>'----- Configure the mapper to map MD5 fingerprint '</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
			'listAttributes' : listAttr,
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>

			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-certificate-mapper-prop' ,
			'objectType' : 'mapper-name' ,
			'objectName' : 'fingerPrint Mapper',
			'optionsString' : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:MD5',
			'expectedRC' : 0 }
			</call>


			<!-- configure the user entries -->
			<message>'----- Configure the attribute ds-certificate-fingerprint for user %s ---' % USER_1_DN</message>
			@@ -300,24 +298,21 @@

			<!-- Configure the mapper to map SHA1 fingerprint -->
			<message>'----- Configure the mapper to map SHA1 fingerprint '</message>
			<script>
			listAttr = []
			listAttr.append('ds-cfg-fingerprint-attribute:ds-certificate-fingerprint')
			listAttr.append('ds-cfg-fingerprint-algorithm:SHA1')
			</script>


			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
			'listAttributes' : listAttr,
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>


			<!-- fingerprint-attribute:ds-certificate-fingerprint -->
			<!-- fingerprint-algorithm:SHA1-->
			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-certificate-mapper-prop' ,
			'objectType' : 'mapper-name' ,
			'objectName' : 'fingerPrint Mapper',
			'optionsString' : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:SHA1',
			'expectedRC' : 0 }
			</call>


			<!-- Check mapping is working -->
			<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>

			@@ -53,29 +53,20 @@
			<message>
			'---- Configure the SASL EXTERNAL mechanism with Subject Attribute to User Attribute mapper -----'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
			'attributeName' : 'ds-cfg-certificate-mapper',
			'newAttributeValue' : 'cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config',
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>


			<message>
			'---- Configure the Subject Attribute to User Attribute mapper -----'
			</message>
			<script>
			listAttr = []
			listAttr.append('cn=ds-cfg-subject-attribute-mapping:cn:cn')
			listAttr.append('cn=ds-cfg-subject-attribute-mapping:e:mail')
			</script>


			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-sasl-mechanism-handler-prop' ,
			'objectType' : 'handler-name' ,
			'objectName' : 'EXTERNAL',
			'optionsString' : '--set certificate-mapper:"Subject Attribute to User Attribute"',
			'expectedRC' : 0 }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			@@ -107,18 +98,19 @@
			'---- Configure the Subject Attribute to User Attribute mapper -----'
			</message>
			<message>'---- Add a new mapping rule from attribute "uid" from certificate subject and attribute "description" of the user entry'</message>
			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config',
			'attributeName' : 'ds-cfg-subject-attribute-mapping',
			'newAttributeValue' : 'uid:description',
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>



			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-certificate-mapper-prop' ,
			'objectType' : 'mapper-name' ,
			'objectName' : 'Subject Attribute to User Attribute',
			'optionsString' : '--set subject-attribute-mapping:"uid:description"',
			'expectedRC' : 0 }
			</call>

			<message>'----- Configure the attribute description for user %s ---' % USER_1_DN</message>
			<message>'----- the attribute description will map with the attribute "uid" of the certificate subject'</message>

			@@ -54,18 +54,19 @@
			<message>
			'---- Configure the SASL EXTERNAL mechanism -----'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=EXTERNAL,cn=SASL Mechanisms,cn=config',
			'attributeName' : 'ds-cfg-certificate-mapper',
			'newAttributeValue' : 'cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config',
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>


			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-sasl-mechanism-handler-prop' ,
			'objectType' : 'handler-name' ,
			'objectName' : 'EXTERNAL',
			'optionsString' : '--set certificate-mapper:"Subject DN to User Attribute"',
			'expectedRC' : 0 }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			@@ -288,17 +289,19 @@

			<message>'----- Configure the mapping to be done on the attribute description' </message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config',
			'attributeName' : 'ds-cfg-subject-attribute',
			'newAttributeValue' : 'description',
			'changetype' : 'replace',
			'expectedRC' : 0 }
			</call>

			<call function="'dsconfig'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'set-certificate-mapper-prop' ,
			'objectType' : 'mapper-name' ,
			'objectName' : 'Subject DN to User Attribute',
			'optionsString' : '--set subject-attribute:description',
			'expectedRC' : 0 }
			</call>


			<message>'----- Configure the attribute ds-certificate-subject-dn for user %s ---' % USER_1_DN</message>