external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 710fd572 | patch | commit | ignore whitespace

This change prepares the unit tests for when the ACI handler will get enabl...

coulbeck

23.11.2007 186acabb92e49adad49abbe0cb63952ad0b513a9

This change prepares the unit tests for when the ACI handler will get enabled by default.  Most of the failing tests are fixed by adding bypass-acl privilege to the entries of the users the failing tests bind as.

This change also includes an important fix to the server for operations carrying the proxied auth control.  The ACI check in the core operation is moved after the controls processing to ensure that the correct authorization user is picked up, and the ACI handler now gets the authorization user from the operation rather than the connection.

20 files modified

	opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/core/AddOperation.java	40 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/core/CompareOperation.java	40 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/core/DeleteOperation.java	34 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/core/ModifyDNOperation.java	42 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java	40 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/core/SearchOperation.java	34 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/api/PasswordValidatorTestCase.java	11 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java	28 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java	3 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/CompareOperationTestCase.java	13 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/RejectUnauthReqTests.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java	10 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java	9 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPCompareTestCase.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPModifyTestCase.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPPasswordModifyTestCase.java	427 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPSearchTestCase.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java	2 ●●●●● patch \| view \| raw \| blame \| history

 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java

@@ -221,7 +221,7 @@
     * @return The client entry.
     */
    public Entry getClientEntry() {
       return clientConnection.getAuthenticationInfo().getAuthorizationEntry();
      return operation.getAuthorizationEntry();
    }

    /**
@@ -270,7 +270,7 @@
     * @return  The client's authorization DN.
     */
    public DN getClientDN() {
        return clientConnection.getAuthenticationInfo().getAuthorizationDN();
      return operation.getAuthorizationDN();
    }

    /**

 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java

@@ -226,8 +226,10 @@
                       container.setRights(ACI_WRITE_DELETE);
                       if(!skipAccessCheck && !accessAllowed(container))
                           return false;
                   } else
                   } else {
                     if(!skipAccessCheck)
                       return false;
                   }
                   /*
                    Check if the modification type has an "aci" attribute type.
                    If so, check the syntax of that attribute value. Fail the

 opendj-sdk/opends/src/server/org/opends/server/core/AddOperation.java

@@ -1659,26 +1659,6 @@
          }
        }

        // Check to see if the client has permission to perform the add.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists or
        // if the parent entry does not exist may have already exposed
        // sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break addProcessing;
        }

        // Check to see if there are any controls in the request. If so,
        // then
        // see if there is any special processing required.
@@ -1901,6 +1881,26 @@
        }


        // Check to see if the client has permission to perform the add.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists or
        // if the parent entry does not exist may have already exposed
        // sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break addProcessing;
        }

        // Check for and handle a request to cancel this operation.
        if (cancelRequest != null)
        {

 opendj-sdk/opends/src/server/org/opends/server/core/CompareOperation.java

@@ -744,26 +744,6 @@
          break compareProcessing;
        }

        // Check to see if the client has permission to perform the
        // compare.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break compareProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        List<Control> requestControls = getRequestControls();
@@ -955,6 +935,26 @@
        }


        // Check to see if the client has permission to perform the
        // compare.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break compareProcessing;
        }

        // Check for and handle a request to cancel this operation.
        if (cancelRequest != null)
        {

 opendj-sdk/opends/src/server/org/opends/server/core/DeleteOperation.java

@@ -682,23 +682,6 @@
        // Check to see if the client has permission to perform the
        // delete.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break deleteProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        boolean                   noOp           = false;
@@ -920,6 +903,23 @@
        }


        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break deleteProcessing;
        }

        // Check for and handle a request to cancel this operation.
        if (cancelRequest != null)
        {

 opendj-sdk/opends/src/server/org/opends/server/core/ModifyDNOperation.java

@@ -1144,27 +1144,6 @@
        }


        // Check to see if the client has permission to perform the
        // modify DN.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry or new superior
        // already exists may have already exposed sensitive information
        // to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyDNProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        boolean                    noOp            = false;
@@ -1411,6 +1390,27 @@
        }


        // Check to see if the client has permission to perform the
        // modify DN.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry or new superior
        // already exists may have already exposed sensitive information
        // to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyDNProcessing;
        }

        // Duplicate the entry and set its new DN.  Also, create an empty list
        // to hold the attribute-level modifications.
        newEntry = currentEntry.duplicate();

 opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java

@@ -947,26 +947,6 @@
          break modifyProcessing;
        }

        // Check to see if the client has permission to perform the
        // modify.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyProcessing;
        }

        // Check to see if there are any controls in the request.  If so, then
        // see if there is any special processing required.
        boolean                    noOp            = false;
@@ -1213,6 +1193,26 @@
        }


        // Check to see if the client has permission to perform the
        // modify.

        // FIXME: for now assume that this will check all permission
        // pertinent to the operation. This includes proxy authorization
        // and any other controls specified.

        // FIXME: earlier checks to see if the entry already exists may
        // have already exposed sensitive information to the client.
        if (AccessControlConfigManager.getInstance()
            .getAccessControlHandler().isAllowed(this) == false) {
          setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

          int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
          appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

          skipPostOperation = true;
          break modifyProcessing;
        }

        // Get the password policy state object for the entry that can be used
        // to perform any appropriate password policy processing.  Also, see if
        // the entry is being updated by the end user or an administrator.

 opendj-sdk/opends/src/server/org/opends/server/core/SearchOperation.java

@@ -1652,23 +1652,6 @@
        break searchProcessing;
      }

      // Check to see if the client has permission to perform the
      // search.

      // FIXME: for now assume that this will check all permission
      // pertinent to the operation. This includes proxy authorization
      // and any other controls specified.
      if (AccessControlConfigManager.getInstance()
          .getAccessControlHandler().isAllowed(this) == false) {
        setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

        int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
        appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

        skipPostOperation = true;
        break searchProcessing;
      }

      // Check to see if there are any controls in the request.  If so, then
      // see if there is any special processing required.
      boolean       processSearch    = true;
@@ -1952,6 +1935,23 @@
      }


      // Check to see if the client has permission to perform the
      // search.

      // FIXME: for now assume that this will check all permission
      // pertinent to the operation. This includes proxy authorization
      // and any other controls specified.
      if (AccessControlConfigManager.getInstance()
          .getAccessControlHandler().isAllowed(this) == false) {
        setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

        int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
        appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

        skipPostOperation = true;
        break searchProcessing;
      }

      // Check for and handle a request to cancel this operation.
      if (cancelRequest != null)
      {

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/api/PasswordValidatorTestCase.java

@@ -119,6 +119,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -176,6 +177,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -238,6 +240,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -294,6 +297,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -354,6 +358,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -415,6 +420,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -476,6 +482,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -553,6 +560,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -634,6 +642,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -721,6 +730,7 @@
         "sn: User",
         "cn: Test User",
         "userPassword: password",
         "ds-privilege-name: bypass-acl",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");

@@ -804,6 +814,7 @@
         "sn: User",
         "cn: Test User",
         "userPassword: password",
         "ds-privilege-name: bypass-acl",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");


 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java

@@ -28,7 +28,6 @@

import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
import org.opends.server.TestErrorLogger;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.tools.LDAPModify;
@@ -50,9 +49,6 @@
import java.io.OutputStream;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
import java.io.PrintStream;
import java.io.FileOutputStream;
import java.io.FileNotFoundException;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
@@ -110,7 +106,7 @@
// TODO: Test userattr

  // Tests are disabled this way because a class-level @Test(enabled=false)
  // doesn't appear to work and the aci code itself isn't checked in yet.  
  // doesn't appear to work and the aci handler is not yet enabled.
  private static final boolean TESTS_ARE_DISABLED = true;


@@ -219,10 +215,10 @@

  private static final String BIND_RULE_TODAY = "dayofweek=\"" + getThisDayOfWeek() + "\"";
  private static final String BIND_RULE_TODAY_AND_TOMORROW = "dayofweek=\"" + getThisDayOfWeek() + "," + getTomorrowDayOfWeek() + "\"";
  private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\""; 
  private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\"";

  private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);  
  private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);  
  private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
  private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);

  private static final String BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL = and(BIND_RULE_USERDN_ADMIN, or(BIND_RULE_AUTHMETHOD_SSL, BIND_RULE_DNS_LOCALHOST));

@@ -233,7 +229,7 @@
  private static final String BIND_RULE_GROUPDN_3 = "groupdn=\"ldap:///cn=SomeGroup,dc=example,dc=com || ldap:///cn=SomeOtherGroup,dc=example,dc=com || ldap:///cn=SomeThirdGroup,dc=example,dc=com\"";
  private static final String BIND_RULE_USERDN_FILTER = "userdn=\"ldap:///dc=example,dc=com??one?(|(ou=eng)(ou=acct))\"";

  private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\""; 
  private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\"";

  private static final String BIND_RULE_ONLY_AT_NOON = "timeofday=\"1200\"";
  private static final String BIND_RULE_NOT_AT_NOON = "timeofday!=\"1200\"";
@@ -315,7 +311,7 @@

  private static final String DENY_READ_TO_TOP_LEVEL_CN_ADMINS =
          buildAciValue("name", "deny read to users with 'admin' in their cn", "targetattr", "*", "deny(read)", BIND_RULE_USERDN_TOP_LEVEL_CN_ADMINS);
  

  private static final String DENY_ALL_TO_LOCALHOST =
          buildAciValue("name", "deny all to localhost", "targetattr", "*", "deny(all)", BIND_RULE_IP_LOCALHOST);

@@ -787,7 +783,7 @@
      throw e;
    }
  }
  

  // I'd like to make this  dependsOnMethods = {"testBasisOfInvalidityTestsAreValid(String,String,String)"}
  // but I can't figure out how.
  @Test(dataProvider = "invalidAcis")
@@ -874,7 +870,7 @@
  private static final String NO_ACIS_LDIF = "";

  // ------------------------------------------------------------
  //  THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS 
  //  THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS
  // ------------------------------------------------------------

  private static final String ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF =
@@ -1042,7 +1038,7 @@
  // -----------------------------------------------------------------
  //  THESE ALL WILL RETURN EVERYTHING IN AT LEAST OU=INNER FOR ADMINS
  // -----------------------------------------------------------------
  

  private static final String ALLOW_ALL_BASE_TO_ADMIN =
          makeAddAciLdif(OU_BASE_DN, ALLOW_ALL_TO_ADMIN);

@@ -1089,7 +1085,7 @@
          makeAddAciLdif(OU_BASE_DN, ALLOW_SEARCH_OU_AND_PERSON_TO_SIMPLE);

  // ------------------------------------------------------------
  //  
  //
  // ------------------------------------------------------------

  private static final String NO_SEARCH_RESULTS = "";
@@ -1149,7 +1145,7 @@
            NO_ACIS_LDIF,
            ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF,
            ALLOW_ALL_BASE_DENY_READ_BASE_LDIF,
            ALLOW_READ_BASE_DENY_ALL_BASE_LDIF, 
            ALLOW_READ_BASE_DENY_ALL_BASE_LDIF,
            ALLOW_ALL_BASE_DENY_ALL_INNER_LDIF,
            ALLOW_READ_BASE_DENY_ALL_INNER_LDIF,
            ALLOW_ALL_BASE_DENY_READ_INNER_LDIF,
@@ -1221,7 +1217,7 @@
            ALLOW_BASE_SEARCH_OUR_ATTRS_TO_ADMIN,
            ALLOW_BASE_SEARCH_OU_AND_PERSON_TO_SIMPLE
    );
    

    testParams.addSingleSearch(ADMIN_DN, OU_INNER_DN, OBJECTCLASS_STAR, SCOPE_SUB, INNER_OU_FULL_LDIF__SEARCH_TESTS);
    testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_SUB, LEAF_OU_FULL_LDIF__SEARCH_TESTS);
    testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_ONE, LEVEL_3_USER_LDIF__SEARCH_TESTS);

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java

@@ -1826,7 +1826,8 @@
         "cn: Test User");

    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());
         InternalClientConnection.getRootConnection();
//         new InternalClientConnection(new AuthenticationInfo());

    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(), e.getUserAttributes(),

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/CompareOperationTestCase.java

@@ -39,6 +39,7 @@
import org.opends.server.types.Entry;
import org.opends.server.types.LockManager;
import org.opends.server.TestCaseUtils;
import org.opends.server.util.ServerConstants;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
@@ -117,6 +118,7 @@
         "sn: User",
         "cn: Proxy User",
         "userPassword: password",
         "ds-privilege-name: bypass-acl",
         "ds-privilege-name: proxied-auth");

    Entry proxyUserEntry =
@@ -338,7 +340,7 @@
    examineCompletedOperation(compareOperation);
  }

  @Test(enabled = false) // FIXME Issue 739.
  @Test
  public void testCompareSubtype()
  {
    InternalClientConnection conn =
@@ -556,14 +558,15 @@
    examineIncompleteOperation(compareOperation);
  }

  @Test(enabled = false) // FIXME Issue 741.
  @Test
  public void testCompareProxiedAuthV2Criticality() throws Exception
  {
    InvocationCounterPlugin.resetAllCounters();

    ProxiedAuthV2Control authV2Control =
         new ProxiedAuthV2Control(new ASN1OctetString());
    authV2Control.setCritical(false);
    Control authV2Control =
         new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
                     new ASN1OctetString());

    List<Control> controls = new ArrayList<Control>();
    controls.add(authV2Control);


 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/RejectUnauthReqTests.java

@@ -439,10 +439,12 @@
  /**
   * Tests the whether the unauthenticated ADD,MODIFY,COMPARE,MODRDN and
   * DELETE requests succeed with the default configuration settings.
   * FIXME: This test is disabled because it is unreasonable to expect
   * unauthenticated writes to succeed when access control is enabled.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test()
  @Test(enabled=false)
  public void testOtherOpsUnauthDefCfg() throws Exception
  {
    assertEquals(performAddOperation(false),0);
@@ -472,7 +474,7 @@
    "org.opends.server.core.RejectUnauthReqTests.testUnauthWAIDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testAuthWAIDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testStartTLSUnauthDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
//    "org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
    "org.opends.server.core.RejectUnauthReqTests.testOtherOpsAuthDefCfg"
  })
  public void  testChangeAndVerifyRejUnauthReqCfgAttr()  throws Exception

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java

@@ -40,6 +40,7 @@
import org.opends.server.protocols.ldap.*;
import org.opends.server.types.*;
import org.opends.server.TestCaseUtils;
import org.opends.server.util.ServerConstants;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
import org.opends.server.controls.LDAPAssertionRequestControl;
@@ -1043,13 +1044,14 @@
    examineIncompleteOperation(modifyDNOperation);
  }

  @Test(enabled = false) //FIXME: Issue 741
  @Test
  public void testProcessedProxyAuthV2CriticalityModify() throws Exception
  {
    ProxiedAuthV2Control authV2Control = new ProxiedAuthV2Control(
         new ASN1OctetString("dn:cn=nonexistent,o=test"));
    Control authV2Control =
         new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
                     new ASN1OctetString("dn:cn=nonexistent,o=test"));

    List<Control> controls = new ArrayList<Control>();
    authV2Control.setCritical(false);
    controls.add(authV2Control);
    InvocationCounterPlugin.resetAllCounters();


 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java

@@ -355,6 +355,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -418,6 +419,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -480,6 +482,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -534,6 +537,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -597,6 +601,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -660,6 +665,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -722,6 +728,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -784,6 +791,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");


@@ -1941,6 +1949,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");



 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPCompareTestCase.java

@@ -601,6 +601,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -654,6 +655,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -708,6 +710,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -757,6 +760,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPModifyTestCase.java

@@ -528,6 +528,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -580,6 +581,7 @@
         "objectClass: inetOrgPerson",
         "cn: Test User",
         "givenName: Test",
         "ds-privilege-name: bypass-acl",
         "sn: User");

    InternalClientConnection conn =
@@ -633,6 +635,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");
@@ -681,6 +684,7 @@
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password",
         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
              "cn=Password Policies,cn=config");

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPPasswordModifyTestCase.java

@@ -339,7 +339,24 @@
                "Should have been invalid because:  " + invalidReason);
  }


  /**
   * Add a test user.
   */
  private static void addTestUser() throws Exception
  {
    TestCaseUtils.addEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "ds-privilege-name: bypass-acl",
         "userPassword: password");
  }

  /**
   * Tests the ability to perform a self change including both the current and
@@ -353,24 +370,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -400,24 +400,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -446,24 +429,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -492,24 +458,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -537,24 +486,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -585,24 +517,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -634,24 +549,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -681,24 +579,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -727,24 +608,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -771,24 +635,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -817,24 +664,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -862,24 +692,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -912,24 +725,7 @@
    String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
                            "config" + File.separator + "client.truststore";

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -960,24 +756,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1011,24 +790,7 @@
    String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
                            "config" + File.separator + "client.truststore";

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1059,24 +821,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1106,24 +851,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1209,7 +937,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
    TestCaseUtils.addEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
@@ -1222,13 +950,6 @@
         "userPassword: password",
         "ds-pwp-account-disabled: true");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

    String[] args =
    {
      "-h", "127.0.0.1",
@@ -1258,24 +979,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1306,24 +1010,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1355,24 +1042,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {
@@ -1404,24 +1074,7 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Entry e = TestCaseUtils.makeEntry(
         "dn: uid=test.user,o=test",
         "objectClass: top",
         "objectClass: person",
         "objectClass: organizationalPerson",
         "objectClass: inetOrgPerson",
         "uid: test.user",
         "givenName: Test",
         "sn: User",
         "cn: Test User",
         "userPassword: password");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    AddOperation addOperation =
         conn.processAdd(e.getDN(), e.getObjectClasses(),
                         e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    addTestUser();

    String[] args =
    {

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPSearchTestCase.java

@@ -1401,6 +1401,8 @@

    String[] args =
    {
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b", "o=test",
@@ -1413,6 +1415,8 @@

    args = new String[]
    {
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b", "o=test",
@@ -1426,6 +1430,8 @@

    args = new String[]
    {
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b", "o=test",

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java

@@ -167,6 +167,7 @@
      "ds-privilege-name: backend-backup",
      "ds-privilege-name: backend-restore",
      "ds-privilege-name: proxied-auth",
      "ds-privilege-name: bypass-acl",
      "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
           "cn=Password Policies,cn=config",
      "",
@@ -179,6 +180,7 @@
      "givenName: Unprivileged",
      "sn: User",
      "uid: unprivileged.user",
      "ds-privilege-name: bypass-acl",
      "userPassword: password",
      "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
           "cn=Password Policies,cn=config",

			@@ -221,7 +221,7 @@
			* @return The client entry.
			*/
			public Entry getClientEntry() {
			return clientConnection.getAuthenticationInfo().getAuthorizationEntry();
			return operation.getAuthorizationEntry();
			}

			/**
			@@ -270,7 +270,7 @@
			* @return The client's authorization DN.
			*/
			public DN getClientDN() {
			return clientConnection.getAuthenticationInfo().getAuthorizationDN();
			return operation.getAuthorizationDN();
			}

			/**

			@@ -226,8 +226,10 @@
			container.setRights(ACI_WRITE_DELETE);
			if(!skipAccessCheck && !accessAllowed(container))
			return false;
			} else
			} else {
			if(!skipAccessCheck)
			return false;
			}
			/*
			Check if the modification type has an "aci" attribute type.
			If so, check the syntax of that attribute value. Fail the

			@@ -1659,26 +1659,6 @@
			}
			}

			// Check to see if the client has permission to perform the add.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists or
			// if the parent entry does not exist may have already exposed
			// sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break addProcessing;
			}

			// Check to see if there are any controls in the request. If so,
			// then
			// see if there is any special processing required.
			@@ -1901,6 +1881,26 @@
			}


			// Check to see if the client has permission to perform the add.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists or
			// if the parent entry does not exist may have already exposed
			// sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_ADD_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break addProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -744,26 +744,6 @@
			break compareProcessing;
			}

			// Check to see if the client has permission to perform the
			// compare.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break compareProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			List<Control> requestControls = getRequestControls();
			@@ -955,6 +935,26 @@
			}


			// Check to see if the client has permission to perform the
			// compare.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_COMPARE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break compareProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -682,23 +682,6 @@
			// Check to see if the client has permission to perform the
			// delete.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break deleteProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean noOp = false;
			@@ -920,6 +903,23 @@
			}


			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_DELETE_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break deleteProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -1144,27 +1144,6 @@
			}


			// Check to see if the client has permission to perform the
			// modify DN.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry or new superior
			// already exists may have already exposed sensitive information
			// to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyDNProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean noOp = false;
			@@ -1411,6 +1390,27 @@
			}


			// Check to see if the client has permission to perform the
			// modify DN.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry or new superior
			// already exists may have already exposed sensitive information
			// to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODDN_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyDNProcessing;
			}

			// Duplicate the entry and set its new DN. Also, create an empty list
			// to hold the attribute-level modifications.
			newEntry = currentEntry.duplicate();

			@@ -947,26 +947,6 @@
			break modifyProcessing;
			}

			// Check to see if the client has permission to perform the
			// modify.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean noOp = false;
			@@ -1213,6 +1193,26 @@
			}


			// Check to see if the client has permission to perform the
			// modify.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.

			// FIXME: earlier checks to see if the entry already exists may
			// have already exposed sensitive information to the client.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_MODIFY_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(entryDN)));

			skipPostOperation = true;
			break modifyProcessing;
			}

			// Get the password policy state object for the entry that can be used
			// to perform any appropriate password policy processing. Also, see if
			// the entry is being updated by the end user or an administrator.

			@@ -1652,23 +1652,6 @@
			break searchProcessing;
			}

			// Check to see if the client has permission to perform the
			// search.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

			skipPostOperation = true;
			break searchProcessing;
			}

			// Check to see if there are any controls in the request. If so, then
			// see if there is any special processing required.
			boolean processSearch = true;
			@@ -1952,6 +1935,23 @@
			}


			// Check to see if the client has permission to perform the
			// search.

			// FIXME: for now assume that this will check all permission
			// pertinent to the operation. This includes proxy authorization
			// and any other controls specified.
			if (AccessControlConfigManager.getInstance()
			.getAccessControlHandler().isAllowed(this) == false) {
			setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);

			int msgID = MSGID_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS;
			appendErrorMessage(getMessage(msgID, String.valueOf(baseDN)));

			skipPostOperation = true;
			break searchProcessing;
			}

			// Check for and handle a request to cancel this operation.
			if (cancelRequest != null)
			{

			@@ -119,6 +119,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -176,6 +177,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -238,6 +240,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -294,6 +297,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -354,6 +358,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -415,6 +420,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -476,6 +482,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -553,6 +560,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -634,6 +642,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -721,6 +730,7 @@
			"sn: User",
			"cn: Test User",
			"userPassword: password",
			"ds-privilege-name: bypass-acl",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -804,6 +814,7 @@
			"sn: User",
			"cn: Test User",
			"userPassword: password",
			"ds-privilege-name: bypass-acl",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -28,7 +28,6 @@

			import org.opends.server.DirectoryServerTestCase;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.TestErrorLogger;
			import org.opends.server.types.LDIFImportConfig;
			import org.opends.server.types.LDIFExportConfig;
			import org.opends.server.tools.LDAPModify;
			@@ -50,9 +49,6 @@
			import java.io.OutputStream;
			import java.io.ByteArrayOutputStream;
			import java.io.StringReader;
			import java.io.PrintStream;
			import java.io.FileOutputStream;
			import java.io.FileNotFoundException;
			import java.util.List;
			import java.util.ArrayList;
			import java.util.Map;
			@@ -110,7 +106,7 @@
			// TODO: Test userattr

			// Tests are disabled this way because a class-level @Test(enabled=false)
			// doesn't appear to work and the aci code itself isn't checked in yet.
			// doesn't appear to work and the aci handler is not yet enabled.
			private static final boolean TESTS_ARE_DISABLED = true;


			@@ -219,10 +215,10 @@

			private static final String BIND_RULE_TODAY = "dayofweek=\"" + getThisDayOfWeek() + "\"";
			private static final String BIND_RULE_TODAY_AND_TOMORROW = "dayofweek=\"" + getThisDayOfWeek() + "," + getTomorrowDayOfWeek() + "\"";
			private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\"";
			private static final String BIND_RULE_NOT_TODAY = "dayofweek=\"" + getNotThisDayOfWeek() + "\"";

			private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
			private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);
			private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
			private static final String BIND_RULE_IP_NOT_LOCALHOST_OR_USERDN_ADMIN = or(BIND_RULE_IP_NOT_LOCALHOST, BIND_RULE_USERDN_ADMIN);

			private static final String BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL = and(BIND_RULE_USERDN_ADMIN, or(BIND_RULE_AUTHMETHOD_SSL, BIND_RULE_DNS_LOCALHOST));

			@@ -233,7 +229,7 @@
			private static final String BIND_RULE_GROUPDN_3 = "groupdn=\"ldap:///cn=SomeGroup,dc=example,dc=com \|\| ldap:///cn=SomeOtherGroup,dc=example,dc=com \|\| ldap:///cn=SomeThirdGroup,dc=example,dc=com\"";
			private static final String BIND_RULE_USERDN_FILTER = "userdn=\"ldap:///dc=example,dc=com??one?(\|(ou=eng)(ou=acct))\"";

			private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\"";
			private static final String BIND_RULE_INVALID_DAY = "dayofweek=\"sumday\"";

			private static final String BIND_RULE_ONLY_AT_NOON = "timeofday=\"1200\"";
			private static final String BIND_RULE_NOT_AT_NOON = "timeofday!=\"1200\"";
			@@ -315,7 +311,7 @@

			private static final String DENY_READ_TO_TOP_LEVEL_CN_ADMINS =
			buildAciValue("name", "deny read to users with 'admin' in their cn", "targetattr", "*", "deny(read)", BIND_RULE_USERDN_TOP_LEVEL_CN_ADMINS);


			private static final String DENY_ALL_TO_LOCALHOST =
			buildAciValue("name", "deny all to localhost", "targetattr", "*", "deny(all)", BIND_RULE_IP_LOCALHOST);

			@@ -787,7 +783,7 @@
			throw e;
			}
			}


			// I'd like to make this dependsOnMethods = {"testBasisOfInvalidityTestsAreValid(String,String,String)"}
			// but I can't figure out how.
			@Test(dataProvider = "invalidAcis")
			@@ -874,7 +870,7 @@
			private static final String NO_ACIS_LDIF = "";

			// ------------------------------------------------------------
			// THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS
			// THESE ALL WILL RETURN NO RESULTS FOR ADMINS AND ANONYMOUS
			// ------------------------------------------------------------

			private static final String ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF =
			@@ -1042,7 +1038,7 @@
			// -----------------------------------------------------------------
			// THESE ALL WILL RETURN EVERYTHING IN AT LEAST OU=INNER FOR ADMINS
			// -----------------------------------------------------------------


			private static final String ALLOW_ALL_BASE_TO_ADMIN =
			makeAddAciLdif(OU_BASE_DN, ALLOW_ALL_TO_ADMIN);

			@@ -1089,7 +1085,7 @@
			makeAddAciLdif(OU_BASE_DN, ALLOW_SEARCH_OU_AND_PERSON_TO_SIMPLE);

			// ------------------------------------------------------------
			//
			//
			// ------------------------------------------------------------

			private static final String NO_SEARCH_RESULTS = "";
			@@ -1149,7 +1145,7 @@
			NO_ACIS_LDIF,
			ALLOW_ALL_BASE_DENY_ALL_BASE_LDIF,
			ALLOW_ALL_BASE_DENY_READ_BASE_LDIF,
			ALLOW_READ_BASE_DENY_ALL_BASE_LDIF,
			ALLOW_READ_BASE_DENY_ALL_BASE_LDIF,
			ALLOW_ALL_BASE_DENY_ALL_INNER_LDIF,
			ALLOW_READ_BASE_DENY_ALL_INNER_LDIF,
			ALLOW_ALL_BASE_DENY_READ_INNER_LDIF,
			@@ -1221,7 +1217,7 @@
			ALLOW_BASE_SEARCH_OUR_ATTRS_TO_ADMIN,
			ALLOW_BASE_SEARCH_OU_AND_PERSON_TO_SIMPLE
			);


			testParams.addSingleSearch(ADMIN_DN, OU_INNER_DN, OBJECTCLASS_STAR, SCOPE_SUB, INNER_OU_FULL_LDIF__SEARCH_TESTS);
			testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_SUB, LEAF_OU_FULL_LDIF__SEARCH_TESTS);
			testParams.addSingleSearch(ADMIN_DN, OU_LEAF_DN, OBJECTCLASS_STAR, SCOPE_ONE, LEVEL_3_USER_LDIF__SEARCH_TESTS);

			@@ -1826,7 +1826,8 @@
			"cn: Test User");

			InternalClientConnection conn =
			new InternalClientConnection(new AuthenticationInfo());
			InternalClientConnection.getRootConnection();
			// new InternalClientConnection(new AuthenticationInfo());

			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(), e.getUserAttributes(),

			@@ -39,6 +39,7 @@
			import org.opends.server.types.Entry;
			import org.opends.server.types.LockManager;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.util.ServerConstants;
			import org.opends.server.controls.LDAPAssertionRequestControl;
			import org.opends.server.controls.ProxiedAuthV1Control;
			import org.opends.server.controls.ProxiedAuthV2Control;
			@@ -117,6 +118,7 @@
			"sn: User",
			"cn: Proxy User",
			"userPassword: password",
			"ds-privilege-name: bypass-acl",
			"ds-privilege-name: proxied-auth");

			Entry proxyUserEntry =
			@@ -338,7 +340,7 @@
			examineCompletedOperation(compareOperation);
			}

			@Test(enabled = false) // FIXME Issue 739.
			@Test
			public void testCompareSubtype()
			{
			InternalClientConnection conn =
			@@ -556,14 +558,15 @@
			examineIncompleteOperation(compareOperation);
			}

			@Test(enabled = false) // FIXME Issue 741.
			@Test
			public void testCompareProxiedAuthV2Criticality() throws Exception
			{
			InvocationCounterPlugin.resetAllCounters();

			ProxiedAuthV2Control authV2Control =
			new ProxiedAuthV2Control(new ASN1OctetString());
			authV2Control.setCritical(false);
			Control authV2Control =
			new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
			new ASN1OctetString());

			List<Control> controls = new ArrayList<Control>();
			controls.add(authV2Control);

			@@ -439,10 +439,12 @@
			/**
			* Tests the whether the unauthenticated ADD,MODIFY,COMPARE,MODRDN and
			* DELETE requests succeed with the default configuration settings.
			* FIXME: This test is disabled because it is unreasonable to expect
			* unauthenticated writes to succeed when access control is enabled.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test()
			@Test(enabled=false)
			public void testOtherOpsUnauthDefCfg() throws Exception
			{
			assertEquals(performAddOperation(false),0);
			@@ -472,7 +474,7 @@
			"org.opends.server.core.RejectUnauthReqTests.testUnauthWAIDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testAuthWAIDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testStartTLSUnauthDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
			// "org.opends.server.core.RejectUnauthReqTests.testOtherOpsUnauthDefCfg",
			"org.opends.server.core.RejectUnauthReqTests.testOtherOpsAuthDefCfg"
			})
			public void testChangeAndVerifyRejUnauthReqCfgAttr() throws Exception

			@@ -40,6 +40,7 @@
			import org.opends.server.protocols.ldap.*;
			import org.opends.server.types.*;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.util.ServerConstants;
			import org.opends.server.controls.ProxiedAuthV1Control;
			import org.opends.server.controls.ProxiedAuthV2Control;
			import org.opends.server.controls.LDAPAssertionRequestControl;
			@@ -1043,13 +1044,14 @@
			examineIncompleteOperation(modifyDNOperation);
			}

			@Test(enabled = false) //FIXME: Issue 741
			@Test
			public void testProcessedProxyAuthV2CriticalityModify() throws Exception
			{
			ProxiedAuthV2Control authV2Control = new ProxiedAuthV2Control(
			new ASN1OctetString("dn:cn=nonexistent,o=test"));
			Control authV2Control =
			new Control(ServerConstants.OID_PROXIED_AUTH_V2, false,
			new ASN1OctetString("dn:cn=nonexistent,o=test"));

			List<Control> controls = new ArrayList<Control>();
			authV2Control.setCritical(false);
			controls.add(authV2Control);
			InvocationCounterPlugin.resetAllCounters();

			@@ -355,6 +355,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -418,6 +419,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -480,6 +482,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -534,6 +537,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -597,6 +601,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -660,6 +665,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -722,6 +728,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -784,6 +791,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");


			@@ -1941,6 +1949,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");

			@@ -601,6 +601,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -654,6 +655,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -708,6 +710,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -757,6 +760,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -528,6 +528,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -580,6 +581,7 @@
			"objectClass: inetOrgPerson",
			"cn: Test User",
			"givenName: Test",
			"ds-privilege-name: bypass-acl",
			"sn: User");

			InternalClientConnection conn =
			@@ -633,6 +635,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");
			@@ -681,6 +684,7 @@
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config");

			@@ -339,7 +339,24 @@
			"Should have been invalid because: " + invalidReason);
			}


			/**
			* Add a test user.
			*/
			private static void addTestUser() throws Exception
			{
			TestCaseUtils.addEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"ds-privilege-name: bypass-acl",
			"userPassword: password");
			}

			/**
			* Tests the ability to perform a self change including both the current and
			@@ -353,24 +370,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -400,24 +400,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -446,24 +429,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -492,24 +458,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -537,24 +486,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -585,24 +517,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -634,24 +549,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -681,24 +579,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -727,24 +608,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -771,24 +635,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -817,24 +664,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -862,24 +692,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -912,24 +725,7 @@
			String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
			"config" + File.separator + "client.truststore";

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -960,24 +756,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1011,24 +790,7 @@
			String trustStorePath = DirectoryServer.getServerRoot() + File.separator +
			"config" + File.separator + "client.truststore";

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1059,24 +821,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1106,24 +851,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1209,7 +937,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			TestCaseUtils.addEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			@@ -1222,13 +950,6 @@
			"userPassword: password",
			"ds-pwp-account-disabled: true");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

			String[] args =
			{
			"-h", "127.0.0.1",
			@@ -1258,24 +979,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1306,24 +1010,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1355,24 +1042,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{
			@@ -1404,24 +1074,7 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Entry e = TestCaseUtils.makeEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"userPassword: password");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			AddOperation addOperation =
			conn.processAdd(e.getDN(), e.getObjectClasses(),
			e.getUserAttributes(), e.getOperationalAttributes());
			assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
			addTestUser();

			String[] args =
			{

			@@ -1401,6 +1401,8 @@

			String[] args =
			{
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "o=test",
			@@ -1413,6 +1415,8 @@

			args = new String[]
			{
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "o=test",
			@@ -1426,6 +1430,8 @@

			args = new String[]
			{
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b", "o=test",

			@@ -167,6 +167,7 @@
			"ds-privilege-name: backend-backup",
			"ds-privilege-name: backend-restore",
			"ds-privilege-name: proxied-auth",
			"ds-privilege-name: bypass-acl",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config",
			"",
			@@ -179,6 +180,7 @@
			"givenName: Unprivileged",
			"sn: User",
			"uid: unprivileged.user",
			"ds-privilege-name: bypass-acl",
			"userPassword: password",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config",