Adding functional test cases for Issue 87, Get Effective Rights support. T...

mkeyes

22.19.2007 1d8ee2f3ff2151c41561da8b20a78f700ecdcd98

Adding functional test cases for Issue 87, Get Effective Rights support. 
This is a partial commit with simple test cases. More complaex test cases will follow in a week or so.

 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci1.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci1"; allow (read) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci10.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci10"; allow (search,read,selfwrite) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci11.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci11"; allow (all) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci12.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
replace: aci
aci: (targetattr="*")(version 3.0; acl "add_aci12"; allow (search,read,export) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci13.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
replace: aci
aci: (targetattr="*")(version 3.0; acl "add_aci13"; allow (search,read,import) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci2.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci2"; allow (search) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci21.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="cn || telephonenumber || roomnumber")(version 3.0; acl "add_aci21"; allow (search,read) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci22.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr!="cn || telephonenumber || roomnumber")(version 3.0; acl "add_aci21"; allow (search,read) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci3.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci3"; allow (search,read) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci4.ldif

New file
@@ -0,0 +1,35 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci4"; allow (read) userdn="ldap:///all";)

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (target="ldap:///ou=People,ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci4"; allow (search) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci5.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci5"; allow (search,read,compare) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci6.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci6"; allow (search,read,add) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci7.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci7"; allow (search,read,delete) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci8.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci8"; allow (search,read,write) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_aci9.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "add_aci9"; allow (search,read,proxy) userdn="ldap:///all";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/add_effrights_aci.ldif

New file
@@ -0,0 +1,30 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: o=ACI Tests, dc=example,dc=com
changetype: modify
add: aci
aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="aclRights || aclRightsInfo")(version 3.0; acl "add_effrights_aci"; allow (search,read) userdn="ldap:///uid=auser, ou=People, o=ACI Tests, dc=example,dc=com";)


 opends/tests/functional-tests/shared/data/aci/aci_effective_rights/del_aci.ldif

New file
@@ -0,0 +1,29 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
changetype: modify
delete: aci


 opends/tests/functional-tests/testcases/aci/aci.xml

@@ -105,6 +105,10 @@
          <call function="'aci_proxy_auth'" />
  
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/aci/aci_effective_rights.xml' % (TESTS_DIR)"/>
          <call function="'aci_effective_rights'" />
  
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/aci/aci_teardown.xml' % (TESTS_DIR)"/>
          <call function="'aci_teardown'" />
  

 opends/tests/functional-tests/testcases/aci/aci_effective_rights.xml

New file
@@ -0,0 +1,2580 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="aci_effective_rights"/>

  <function name="aci_effective_rights">

    <sequence>

      <block name="'aci-effective-rights'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='aci'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             ACI Effective Rights Tests
                #@TestSuitePurpose          Test the basic ACI Get Effective Rights Support.
                #@TestSuiteGroup            Basic ACI Effective Rights Tests
                #@TestScript                aci_effective_rights.xml
          -->
    
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/aci/aci_setup.xml' % (TESTS_DIR)"/>
          <call function="'aci_setup'" />

          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Target Tests
                #@TestName                  Preamble
                #@TestIssue                 87
                #@TestPurpose               Blah blah Test default aci settings
                #@TestPreamble              none
                #@TestStep                  Client searches entry with a branch dn.
                #@TestStep                  Client searches entry with another branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            and no entries are returned 
                                            for all operations.
            -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Preamble'">
              <sequence>
                <call function="'testCase_Preamble'"/>

                <message>
                   'ACI: Effective Rights: Preamble - Removing Search Global ACI'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_rm_global_search.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <script>
                    curr_aci_ldif_file = 'add_effrights_aci.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Preamble - Admin adding get effective rights ACI,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file)  }
                </call>
    
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult }
                </call>
    
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci1.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - read, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - read, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - read, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - read, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - read, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
  
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - search'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci2.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - search, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
  
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - search-read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci3.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - search-read, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - search-read, separate ACIs'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci4.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - search-read, separate ACIs, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, separate ACIs, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - compare'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci5.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - compare, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - compare, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:1,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:1,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - compare, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - compare, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - compare, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - add'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci6.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - add, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - add, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - add, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - add, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - add, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - delete'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci7.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - delete, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - delete, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:1,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - delete, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - delete, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - delete, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - write'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci8.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - write, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - write, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - write, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - write, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - write, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - proxy'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci9.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - proxy, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - proxy, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:1' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:1' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:1' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - proxy, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - proxy, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - proxy, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - selfwrite'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci10.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - selfwrite, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - selfwrite, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:1,selfwrite_delete:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:1,selfwrite_delete:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - selfwrite, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - selfwrite, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - selfwrite, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - all'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci11.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - all, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - all, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:1,delete:1,read:1,write:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:1,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:1,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - all, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - all, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - all, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - export'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci12.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - export, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - export, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - export, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - export, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - export, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: Basic - import'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci13.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: Basic - import, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - import, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid aclRights roomnumber' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - import, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - import, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: Basic - import, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: targetattr with search,read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci21.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: targetattr with search,read, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with search,read, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'roomnumber=*'  ,
                    'attributes'       : 'uid aclRights roomnumber cn' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with search,read, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'roomnumber=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with search,read, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with search,read, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'roomnumber=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                ACI Effective Rights Tests
                #@TestName                  Target equals dn 
                #@TestIssue                 87
                #@TestPurpose               Blah Blah Test with the target set equal to a dn
                #@TestPreamble              Admin adds an aci with the target equal to the dn of one existing branch.
                #@TestStep                  Client searches entry with the targeted branch dn.
                #@TestStep                  Client searches entry that is not with the targeted branch dn.
                #@TestStep                  Remove aci.
                #@TestStep                  Client searches entry with the previously targeted branch dn.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
          -->
          <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
          <!-- cross reference to DS6 docs -->
            <testcase name="'ACI: Effective Rights: targetattr with not equal and search,read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <script>
                    curr_aci_ldif_file = 'add_aci22.ldif'
                    curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
                </script>
        
                <message>
                   'ACI: Effective Rights: targetattr with not equal and search,read, preamble adding aci,\n %s' % curr_aci
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with not equal and search,read, user searching targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'uid=*'  ,
                    'attributes'       : 'uid aclRights roomnumber cn' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'attributeLevel;roomnumber: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with not equal and search,read, user searching non-targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'uid=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with not equal and search,read, admin deleting aci'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % STAGED_DATA_DIR }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'ACI: Effective Rights: targetattr with not equal and search,read, user searching previously targeted entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'uid=*'  ,
                    'attributes'       : 'aclRights' ,
                    'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
                </call>
                
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/aci/aci_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'aci_cleanup'" />
  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>