external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 15cd2536 | patch | commit | show whitespace

Add testcases for PTA unmapped policy and simple-bind-dn

Gary Williams

19.24.2011 42de257ff22f0e140e37fe5d2de2343ac1dc3126

Add testcases for PTA unmapped policy and simple-bind-dn

1 files added

3 files modified

	opends/tests/staf-tests/functional-tests/shared/data/pta/AD10.ldif	206 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml	2 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml	549 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml	69 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/staf-tests/functional-tests/shared/data/pta/AD10.ldif

New file
@@ -0,0 +1,206 @@
#!/usr/bin/python

# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
# 
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/CDDLv1_0.txt
# or http://forgerock.org/license/CDDLv1.0.html.
# See the License for the specific language governing permissions
# and limitations under the License.
# 
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Copyright 2011 ForgeRock AS.
#
#
# "dc=AD, dc=com" sample LDIF file
#
# Notes:
#    12 total entries.
#     1 (objectclass=domain) entry (dc=AD,dc=com).
#     1 (objectclass=organizationalunit) entries.
#    10 (objectclass=person) entries (all under ou=people,dc=AD,dc=com).
#   

dn: dc=AD,dc=com
objectclass: top
objectclass: domain
dc: AD

dn: ou=People, dc=AD,dc=com
objectclass: top
objectclass: organizationalunit
ou: People

dn: uid=scarter, ou=People, dc=AD,dc=com
cn: Sam Carter
sn: Carter
givenname: Sam
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Sunnyvale
uid: scarter
mail: scarter@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612

dn: uid=tmorris, ou=People, dc=AD,dc=com
cn: Ted Morris
sn: Morris
givenname: Ted
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Santa Clara
uid: tmorris
mail: tmorris@example.com
telephonenumber: +1 408 555 9187
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4117

dn: uid=kvaughan, ou=People, dc=AD,dc=com
cn: Kirsten Vaughan
sn: Vaughan
givenname: Kirsten
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Sunnyvale
uid: kvaughan
mail: kvaughan@example.com
telephonenumber: +1 408 555 5625
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 2871

dn: uid=abergin, ou=People, dc=AD,dc=com
cn: Andy Bergin
sn: Bergin
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Cupertino
uid: abergin
mail: abergin@example.com
telephonenumber: +1 408 555 8585
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3472

dn: uid=dmiller, ou=People, dc=AD,dc=com
cn: David Miller
sn: Miller
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Sunnyvale
uid: dmiller
mail: dmiller@example.com
telephonenumber: +1 408 555 9423
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4135

dn: uid=gfarmer, ou=People, dc=AD,dc=com
cn: Gern Farmer
sn: Farmer
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Cupertino
uid: gfarmer
mail: gfarmer@example.com
telephonenumber: +1 408 555 6201
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1269

dn: uid=kwinters, ou=People, dc=AD,dc=com
cn: Kelly Winters
sn: Winters
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Santa Clara
uid: kwinters
mail: kwinters@example.com
telephonenumber: +1 408 555 9069
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4178

dn: uid=trigden, ou=People, dc=AD,dc=com
cn: Torrey Rigden
sn: Rigden
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Santa Clara
uid: trigden
mail: trigden@example.com
telephonenumber: +1 408 555 9280
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3584

dn: uid=cschmith, ou=People, dc=AD,dc=com
cn: Chris Schmith
sn: Schmith
givenname: Chris
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Santa Clara
uid: cschmith
mail: cschmith@example.com
telephonenumber: +1 408 555 8011
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0416

dn: uid=jwallace, ou=People, dc=AD,dc=com
cn: Judy Wallace
sn: Wallace
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: People
l: Sunnyvale
uid: jwallace
mail: jwallace@example.com
telephonenumber: +1 408 555 0319
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1033


 opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml

@@ -78,8 +78,10 @@
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('basic_pta_001')
                  testsList.append('basic_pta_002')
                  testsList.append('basic_pta_003')
                  testsList.append('basic_pta_004')
                </script>

                <!-- Execute the Tests -->

 opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml

@@ -32,35 +32,26 @@
  <!--- Test Cases : Basic : PTA -->
  
  <!--- Test Case information
  #@TestMarker          Basic: PTA unmapped
  #@TestName            Basic: PTA unmapped
  #@TestMarker          Basic: PTA anon unmapped
  #@TestName            Basic: PTA anon unmapped
  #@TestID              basic_pta_001
  #@TestPurpose         Verify user with a LDAP PTA unmapped policy can authenticated to remote server
  #@TestPreamble
  #@TestSteps           Configure LDAP PTA Policy
  #@TestPostamble
  #@TestResult          Test is successful if the result code is 0
  -->   
  
  <!--- Test Case information
  #@TestMarker          Basic: PTA mapped-bind
  #@TestName            Basic: PTA mapped-bind
  #@TestID              basic_pta_002
  #@TestPurpose         Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
  #@TestPreamble        Setup PTS
  #@TestStep            Configure LDAP PTA Policy for mapped-bind
  #@TestPreamble        Setup PTA
  #@TestStep            Enable AD backend on local server
  #@TestStep            Configure LDAP PTA Policy as unmapped
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            Delete ds-pwp-password-policy-dn from users entry
  #@TestStep            ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestStep            Disable AD backend on local server
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->   
   <function name="basic_pta_002" scope="local">
    <testcase name="getTestCaseName('PTA mapped-bind')">                     
  <function name="basic_pta_001" scope="local">
    <testcase name="getTestCaseName('PTA anon unmapped')">                     
      <sequence> 
        <try>
          <sequence>                
@@ -70,17 +61,40 @@
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'On primary server configure LDAP PTA.' }
              { 'stepMessage' : 'Enable AD backend on local server.' }
            </call>

            <script>
              options=[]
              options.append('--backend-name "AD"')
              options.append('--set enabled:true')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'set-backend-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
              options.append('--set mapped-attribute:seealso')
              options.append('--set mapping-policy:mapped-bind')
              options.append('--set mapping-policy:unmapped')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
              options.append('--type ldap-pass-through')
              options.append('--policy-name "LDAP PTA"')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

@@ -103,7 +117,255 @@

            <script>
              options=[]
              options.append('--policy-name "LDAP PTA"')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
            </call>

            <script>
              remotePTAuserName='uid=jwallace, ou=People, dc=AD,dc=com'
              remotePTAuserPSWD='linear'
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'add'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*' ,
                'dsAttributes'    : '+'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as self.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD ,
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Modify the users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('description: i am now a remote LDAP PTA user')
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD,
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'replace'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'delete'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Disable AD backend on local server.' }
            </call>

            <script>
              options=[]
              options.append('--backend-name "AD"')
              options.append('--set enabled:false')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'set-backend-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
                        
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <call function="'testCase_Postamble'"/>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
 
  <!--- Test Case information
  #@TestMarker          Basic: PTA anon mapped-bind
  #@TestName            Basic: PTA anon mapped-bind
  #@TestID              basic_pta_002
  #@TestPurpose         Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
  #@TestPreamble        Setup PTA
  #@TestStep            Configure LDAP PTA Policy for mapped-bind
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            Delete ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->   
   <function name="basic_pta_002" scope="local">
    <testcase name="getTestCaseName('PTA anon mapped-bind')">                     
      <sequence> 
        <try>
          <sequence>                
            <call function="'testCase_Preamble'"/>
            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'onfigure LDAP PTA Policy for mapped-bind.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
              options.append('--set mapped-attribute:seealso')
              options.append('--set mapping-policy:mapped-bind')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
              options.append('--type ldap-pass-through')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'create-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Read back the "authentication policy" object.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

@@ -234,7 +496,7 @@

            <script>
              options=[]
              options.append('--policy-name "LDAP PTA"')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

@@ -267,11 +529,11 @@
  </function>
      
  <!--- Test Case information
  #@TestMarker          Basic: PTA mapped-search
  #@TestName            Basic: PTA mapped-search
  #@TestMarker          Basic: PTA anon mapped-search
  #@TestName            Basic: PTA anon mapped-search
  #@TestID              basic_pta_003
  #@TestPurpose         Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
  #@TestPreamble        Setup PTS
  #@TestPreamble        Setup PTA
  #@TestStep            Configure LDAP PTA Policy for mapped-search
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
@@ -284,7 +546,7 @@
  #@TestResult          Test is successful if the result code is 0
  -->                           
  <function name="basic_pta_003" scope="local">
    <testcase name="getTestCaseName('PTA mapped-search')">                     
    <testcase name="getTestCaseName('PTA anon mapped-search')">                     
      <sequence> 
        <try>
          <sequence>                
@@ -294,7 +556,7 @@
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'On primary server configure LDAP PTA.' }
              { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' }
            </call>

            <script>
@@ -305,7 +567,234 @@
              options.append('--set mapping-policy:mapped-search')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
              options.append('--type ldap-pass-through')
              options.append('--policy-name "LDAP PTA"')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'create-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Read back the "authentication policy" object.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
            </call>

            <script>
              remotePTAuserName='uid=jvedder, ou=People, o=example'
              remotePTAuserPSWD='befitting'
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'add'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*' ,
                'dsAttributes'    : '+'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as self.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD ,
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Modify the users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('description: i am now a remote LDAP PTA user')
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD,
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'replace'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'delete'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
   
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <call function="'testCase_Postamble'"/>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--- Test Case information
  #@TestMarker          Basic: PTA anon mapped-search
  #@TestName            Basic: PTA anon mapped-search
  #@TestID              basic_pta_003
  #@TestPurpose         Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
  #@TestPreamble        Setup PTA
  #@TestStep            Configure LDAP PTA Policy using mapped-search-bind credentials
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->                           
  <function name="basic_pta_004" scope="local">
    <testcase name="getTestCaseName('PTA simple mapped-search-bind')">                     
      <sequence> 
        <try>
          <sequence>                
            <call function="'testCase_Preamble'"/>
            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
              options.append('--set mapped-attribute:cn')
              options.append('--set mapped-search-base-dn:dc=AD,dc=com')
              options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
              options.append('--set mapped-search-bind-password:secret12')
              options.append('--set mapping-policy:mapped-search')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
              options.append('--type ldap-pass-through')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>


 opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml

@@ -126,6 +126,75 @@
                          'rejectFile'          : serverRejectFile
                        }
                      </call>

                      <script>
                        options=[]
                        options.append('--backend-name "AD"')
                        options.append('--set base-dn:"dc=AD,dc=com"')
                        options.append('--set enabled:true')
                        options.append('--set writability-mode:enabled')
                        options.append('--type local-db')
                        dsconfigOptions=' '.join(options)
                      </script>
          
                      <call function="'dsconfig'">
                        { 'location'            : local_ldap_server.getHostname(),
                          'dsPath'              : '%s/%s' \
                                                   % (local_ldap_server.getDir(),OPENDSNAME),
                          'dsInstanceHost'      : local_ldap_server.getHostname(),
                          'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                          'dsInstanceDn'        : local_ldap_server.getRootDn(),
                          'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                          'subcommand'          : 'create-backend',
                          'optionsString'       : dsconfigOptions
                        }
                      </call>
          
                      <script>
                        dataFile = 'AD10.ldif'
                        serverDataFile   = '%s/pta/%s' \
                          % (local_ldap_server.getDataDir(), dataFile)
                        serverSkipFile   = '%s/pta/skippedAD10.ldif' \
                          % local_ldap_server.getTmpDir()
                        serverRejectFile = '%s/pta/rejectsAD10.ldif' \
                          % local_ldap_server.getTmpDir()
                      </script>
              
                      <call function="'ImportLdifWithScript'">
                        { 'location'           : local_ldap_server.getHostname(),
                          'dsPath'             : '%s/%s' \
                                                   % (local_ldap_server.getDir(),OPENDSNAME),
                          'dsInstanceHost'      : local_ldap_server.getHostname(),
                          'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                          'dsInstanceDn'        : local_ldap_server.getRootDn(),
                          'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                          'backEnd'             : 'AD',
                          'ldifFile'            : serverDataFile,
                          'skipFile'            : serverSkipFile ,
                          'rejectFile'          : serverRejectFile
                        }
                      </call>
  
                      <script>
                        options=[]
                        options.append('--backend-name "AD"')
                        options.append('--set enabled:false')
                        dsconfigOptions=' '.join(options)
                      </script>
          
                      <call function="'dsconfig'">
                        { 'location'            : local_ldap_server.getHostname(),
                          'dsPath'              : '%s/%s' \
                                                   % (local_ldap_server.getDir(),OPENDSNAME),
                          'dsInstanceHost'      : local_ldap_server.getHostname(),
                          'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                          'dsInstanceDn'        : local_ldap_server.getRootDn(),
                          'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                          'subcommand'          : 'set-backend-prop',
                          'optionsString'       : dsconfigOptions
                        }
                      </call>

                    </sequence>
                  <else>
                    <sequence>

New file
			@@ -0,0 +1,206 @@
			#!/usr/bin/python

			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/CDDLv1_0.txt
			# or http://forgerock.org/license/CDDLv1.0.html.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Copyright 2011 ForgeRock AS.
			#
			#
			# "dc=AD, dc=com" sample LDIF file
			#
			# Notes:
			# 12 total entries.
			# 1 (objectclass=domain) entry (dc=AD,dc=com).
			# 1 (objectclass=organizationalunit) entries.
			# 10 (objectclass=person) entries (all under ou=people,dc=AD,dc=com).
			#

			dn: dc=AD,dc=com
			objectclass: top
			objectclass: domain
			dc: AD

			dn: ou=People, dc=AD,dc=com
			objectclass: top
			objectclass: organizationalunit
			ou: People

			dn: uid=scarter, ou=People, dc=AD,dc=com
			cn: Sam Carter
			sn: Carter
			givenname: Sam
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Sunnyvale
			uid: scarter
			mail: scarter@example.com
			telephonenumber: +1 408 555 4798
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 4612

			dn: uid=tmorris, ou=People, dc=AD,dc=com
			cn: Ted Morris
			sn: Morris
			givenname: Ted
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Santa Clara
			uid: tmorris
			mail: tmorris@example.com
			telephonenumber: +1 408 555 9187
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 4117

			dn: uid=kvaughan, ou=People, dc=AD,dc=com
			cn: Kirsten Vaughan
			sn: Vaughan
			givenname: Kirsten
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Sunnyvale
			uid: kvaughan
			mail: kvaughan@example.com
			telephonenumber: +1 408 555 5625
			facsimiletelephonenumber: +1 408 555 3372
			roomnumber: 2871

			dn: uid=abergin, ou=People, dc=AD,dc=com
			cn: Andy Bergin
			sn: Bergin
			givenname: Andy
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Cupertino
			uid: abergin
			mail: abergin@example.com
			telephonenumber: +1 408 555 8585
			facsimiletelephonenumber: +1 408 555 7472
			roomnumber: 3472

			dn: uid=dmiller, ou=People, dc=AD,dc=com
			cn: David Miller
			sn: Miller
			givenname: David
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Sunnyvale
			uid: dmiller
			mail: dmiller@example.com
			telephonenumber: +1 408 555 9423
			facsimiletelephonenumber: +1 408 555 0111
			roomnumber: 4135

			dn: uid=gfarmer, ou=People, dc=AD,dc=com
			cn: Gern Farmer
			sn: Farmer
			givenname: Gern
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Cupertino
			uid: gfarmer
			mail: gfarmer@example.com
			telephonenumber: +1 408 555 6201
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 1269

			dn: uid=kwinters, ou=People, dc=AD,dc=com
			cn: Kelly Winters
			sn: Winters
			givenname: Kelly
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Santa Clara
			uid: kwinters
			mail: kwinters@example.com
			telephonenumber: +1 408 555 9069
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 4178

			dn: uid=trigden, ou=People, dc=AD,dc=com
			cn: Torrey Rigden
			sn: Rigden
			givenname: Torrey
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Santa Clara
			uid: trigden
			mail: trigden@example.com
			telephonenumber: +1 408 555 9280
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 3584

			dn: uid=cschmith, ou=People, dc=AD,dc=com
			cn: Chris Schmith
			sn: Schmith
			givenname: Chris
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Santa Clara
			uid: cschmith
			mail: cschmith@example.com
			telephonenumber: +1 408 555 8011
			facsimiletelephonenumber: +1 408 555 4774
			roomnumber: 0416

			dn: uid=jwallace, ou=People, dc=AD,dc=com
			cn: Judy Wallace
			sn: Wallace
			givenname: Judy
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: People
			l: Sunnyvale
			uid: jwallace
			mail: jwallace@example.com
			telephonenumber: +1 408 555 0319
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 1033

			@@ -78,8 +78,10 @@
			<!-- List of Test Cases -->
			<script>
			testsList=[]
			testsList.append('basic_pta_001')
			testsList.append('basic_pta_002')
			testsList.append('basic_pta_003')
			testsList.append('basic_pta_004')
			</script>

			<!-- Execute the Tests -->

			@@ -32,35 +32,26 @@
			<!--- Test Cases : Basic : PTA -->

			<!--- Test Case information
			#@TestMarker Basic: PTA unmapped
			#@TestName Basic: PTA unmapped
			#@TestMarker Basic: PTA anon unmapped
			#@TestName Basic: PTA anon unmapped
			#@TestID basic_pta_001
			#@TestPurpose Verify user with a LDAP PTA unmapped policy can authenticated to remote server
			#@TestPreamble
			#@TestSteps Configure LDAP PTA Policy
			#@TestPostamble
			#@TestResult Test is successful if the result code is 0
			-->

			<!--- Test Case information
			#@TestMarker Basic: PTA mapped-bind
			#@TestName Basic: PTA mapped-bind
			#@TestID basic_pta_002
			#@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
			#@TestPreamble Setup PTS
			#@TestStep Configure LDAP PTA Policy for mapped-bind
			#@TestPreamble Setup PTA
			#@TestStep Enable AD backend on local server
			#@TestStep Configure LDAP PTA Policy as unmapped
			#@TestStep Read back the "authentication policy" object
			#@TestStep Add ds-pwp-password-policy-dn to users entry
			#@TestStep Search users entry as Directory Manager for operational attributes
			#@TestStep Search users entry as self
			#@TestStep Modify the users entry
			#@TestStep Delete ds-pwp-password-policy-dn from users entry
			#@TestStep ds-pwp-password-policy-dn from users entry
			#@TestStep Remove LDAP PTA Authentication Policy
			#@TestStep Disable AD backend on local server
			#@TestPostamble Cleanup PTA
			#@TestResult Test is successful if the result code is 0
			-->
			<function name="basic_pta_002" scope="local">
			<testcase name="getTestCaseName('PTA mapped-bind')">
			<function name="basic_pta_001" scope="local">
			<testcase name="getTestCaseName('PTA anon unmapped')">
			<sequence>
			<try>
			<sequence>
			@@ -70,17 +61,40 @@
			</message>

			<call function="'testStep'">
			{ 'stepMessage' : 'On primary server configure LDAP PTA.' }
			{ 'stepMessage' : 'Enable AD backend on local server.' }
			</call>

			<script>
			options=[]
			options.append('--backend-name "AD"')
			options.append('--set enabled:true')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'set-backend-prop',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' }
			</call>

			<script>
			options=[]
			options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
			options.append('--set mapped-attribute:seealso')
			options.append('--set mapping-policy:mapped-bind')
			options.append('--set mapping-policy:unmapped')
			options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
			options.append('--type ldap-pass-through')
			options.append('--policy-name "LDAP PTA"')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			@@ -103,7 +117,255 @@

			<script>
			options=[]
			options.append('--policy-name "LDAP PTA"')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'get-password-policy-prop',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
			</call>

			<script>
			remotePTAuserName='uid=jwallace, ou=People, dc=AD,dc=com'
			remotePTAuserPSWD='linear'
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'add'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'dsBaseDN' : remotePTAuserName ,
			'dsFilter' : 'objectclass=*' ,
			'dsAttributes' : '+'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as self.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : remotePTAuserName,
			'dsInstancePswd' : remotePTAuserPSWD ,
			'dsBaseDN' : remotePTAuserName ,
			'dsFilter' : 'objectclass=*'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Modify the users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('description: i am now a remote LDAP PTA user')
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : remotePTAuserName,
			'dsInstancePswd' : remotePTAuserPSWD,
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'replace'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'delete'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'delete-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Disable AD backend on local server.' }
			</call>

			<script>
			options=[]
			options.append('--backend-name "AD"')
			options.append('--set enabled:false')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'set-backend-prop',
			'optionsString' : dsconfigOptions
			}
			</call>

			</sequence>

			<catch exception="'STAXException'" typevar="eType" var="eInfo">
			<message log="1" level="'fatal'">
			'%s: Test failed. eInfo(%s)' % (eType,eInfo)
			</message>
			</catch>
			<finally>
			<call function="'testCase_Postamble'"/>
			</finally>
			</try>
			</sequence>
			</testcase>
			</function>

			<!--- Test Case information
			#@TestMarker Basic: PTA anon mapped-bind
			#@TestName Basic: PTA anon mapped-bind
			#@TestID basic_pta_002
			#@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
			#@TestPreamble Setup PTA
			#@TestStep Configure LDAP PTA Policy for mapped-bind
			#@TestStep Read back the "authentication policy" object
			#@TestStep Add ds-pwp-password-policy-dn to users entry
			#@TestStep Search users entry as Directory Manager for operational attributes
			#@TestStep Search users entry as self
			#@TestStep Modify the users entry
			#@TestStep Delete ds-pwp-password-policy-dn from users entry
			#@TestStep Remove LDAP PTA Authentication Policy
			#@TestPostamble Cleanup PTA
			#@TestResult Test is successful if the result code is 0
			-->
			<function name="basic_pta_002" scope="local">
			<testcase name="getTestCaseName('PTA anon mapped-bind')">
			<sequence>
			<try>
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Test Name = %s' % STAXCurrentTestcase
			</message>

			<call function="'testStep'">
			{ 'stepMessage' : 'onfigure LDAP PTA Policy for mapped-bind.' }
			</call>

			<script>
			options=[]
			options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
			options.append('--set mapped-attribute:seealso')
			options.append('--set mapping-policy:mapped-bind')
			options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
			options.append('--type ldap-pass-through')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'create-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Read back the "authentication policy" object.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			@@ -234,7 +496,7 @@

			<script>
			options=[]
			options.append('--policy-name "LDAP PTA"')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			@@ -267,11 +529,11 @@
			</function>

			<!--- Test Case information
			#@TestMarker Basic: PTA mapped-search
			#@TestName Basic: PTA mapped-search
			#@TestMarker Basic: PTA anon mapped-search
			#@TestName Basic: PTA anon mapped-search
			#@TestID basic_pta_003
			#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
			#@TestPreamble Setup PTS
			#@TestPreamble Setup PTA
			#@TestStep Configure LDAP PTA Policy for mapped-search
			#@TestStep Read back the "authentication policy" object
			#@TestStep Add ds-pwp-password-policy-dn to users entry
			@@ -284,7 +546,7 @@
			#@TestResult Test is successful if the result code is 0
			-->
			<function name="basic_pta_003" scope="local">
			<testcase name="getTestCaseName('PTA mapped-search')">
			<testcase name="getTestCaseName('PTA anon mapped-search')">
			<sequence>
			<try>
			<sequence>
			@@ -294,7 +556,7 @@
			</message>

			<call function="'testStep'">
			{ 'stepMessage' : 'On primary server configure LDAP PTA.' }
			{ 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' }
			</call>

			<script>
			@@ -305,7 +567,234 @@
			options.append('--set mapping-policy:mapped-search')
			options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
			options.append('--type ldap-pass-through')
			options.append('--policy-name "LDAP PTA"')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'create-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Read back the "authentication policy" object.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'get-password-policy-prop',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
			</call>

			<script>
			remotePTAuserName='uid=jvedder, ou=People, o=example'
			remotePTAuserPSWD='befitting'
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'add'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'dsBaseDN' : remotePTAuserName ,
			'dsFilter' : 'objectclass=*' ,
			'dsAttributes' : '+'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as self.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : remotePTAuserName,
			'dsInstancePswd' : remotePTAuserPSWD ,
			'dsBaseDN' : remotePTAuserName ,
			'dsFilter' : 'objectclass=*'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Modify the users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('description: i am now a remote LDAP PTA user')
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : remotePTAuserName,
			'dsInstancePswd' : remotePTAuserPSWD,
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'replace'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'delete'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'delete-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			</sequence>

			<catch exception="'STAXException'" typevar="eType" var="eInfo">
			<message log="1" level="'fatal'">
			'%s: Test failed. eInfo(%s)' % (eType,eInfo)
			</message>
			</catch>
			<finally>
			<call function="'testCase_Postamble'"/>
			</finally>
			</try>
			</sequence>
			</testcase>
			</function>

			<!--- Test Case information
			#@TestMarker Basic: PTA anon mapped-search
			#@TestName Basic: PTA anon mapped-search
			#@TestID basic_pta_003
			#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
			#@TestPreamble Setup PTA
			#@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
			#@TestStep Read back the "authentication policy" object
			#@TestStep Add ds-pwp-password-policy-dn to users entry
			#@TestStep Search users entry as Directory Manager for operational attributes
			#@TestStep Search users entry as self
			#@TestStep Modify the users entry
			#@TestStep ds-pwp-password-policy-dn from users entry
			#@TestStep Remove LDAP PTA Authentication Policy
			#@TestPostamble Cleanup PTA
			#@TestResult Test is successful if the result code is 0
			-->
			<function name="basic_pta_004" scope="local">
			<testcase name="getTestCaseName('PTA simple mapped-search-bind')">
			<sequence>
			<try>
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Test Name = %s' % STAXCurrentTestcase
			</message>

			<call function="'testStep'">
			{ 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
			</call>

			<script>
			options=[]
			options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
			options.append('--set mapped-attribute:cn')
			options.append('--set mapped-search-base-dn:dc=AD,dc=com')
			options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
			options.append('--set mapped-search-bind-password:secret12')
			options.append('--set mapping-policy:mapped-search')
			options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
			options.append('--type ldap-pass-through')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			@@ -126,6 +126,75 @@
			'rejectFile' : serverRejectFile
			}
			</call>

			<script>
			options=[]
			options.append('--backend-name "AD"')
			options.append('--set base-dn:"dc=AD,dc=com"')
			options.append('--set enabled:true')
			options.append('--set writability-mode:enabled')
			options.append('--type local-db')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'create-backend',
			'optionsString' : dsconfigOptions
			}
			</call>

			<script>
			dataFile = 'AD10.ldif'
			serverDataFile = '%s/pta/%s' \
			% (local_ldap_server.getDataDir(), dataFile)
			serverSkipFile = '%s/pta/skippedAD10.ldif' \
			% local_ldap_server.getTmpDir()
			serverRejectFile = '%s/pta/rejectsAD10.ldif' \
			% local_ldap_server.getTmpDir()
			</script>

			<call function="'ImportLdifWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'backEnd' : 'AD',
			'ldifFile' : serverDataFile,
			'skipFile' : serverSkipFile ,
			'rejectFile' : serverRejectFile
			}
			</call>

			<script>
			options=[]
			options.append('--backend-name "AD"')
			options.append('--set enabled:false')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'set-backend-prop',
			'optionsString' : dsconfigOptions
			}
			</call>

			</sequence>
			<else>
			<sequence>