Refactor ACI functonal tests to follow test suite conventions

Gary Williams

04.21.2012 56c93926f1228e4b7cb1ecc7e6a70d639c436fa9

Refactor ACI functonal tests to follow test suite conventions

 opends/tests/staf-tests/functional-tests/testcases/aci/aci.xml

@@ -56,54 +56,31 @@
            <!-- List of ACI test suites to run -->
            <script>
              suiteList=[]
              suiteList.append('global_acis')
              suiteList.append('aci_target')
              suiteList.append('aci_targetattr')
              suiteList.append('aci_targetfilter')
              suiteList.append('aci_targattrfilter')
              suiteList.append('aci_targetscope')
              suiteList.append('aci_targetcontrol')
              suiteList.append('aci_delete_entry')
              suiteList.append('aci_add_entry')
              suiteList.append('aci_modify_entry')
              suiteList.append('aci_modify_filter_tests')
              suiteList.append('aci_compare_tests')
              suiteList.append('multiple_aci_tests')
              suiteList.append('aci_modify_rdn')
              suiteList.append('aci_rdn_wildcards')
              suiteList.append('aci_bindtypes')
              suiteList.append('aci_proxy_auth')
              suiteList.append('aci_effective_rights')
#OOS          #suiteList.append('aci_import')
#              suiteList.append('global_acis')
#              suiteList.append('target')
#              suiteList.append('targetattr')
#              suiteList.append('targetfilter')
#              suiteList.append('targattrfilter')
#              suiteList.append('targetscope')
              suiteList.append('targetcontrol')
              suiteList.append('delete_entry')
              suiteList.append('add_entry')
              suiteList.append('modify_entry')
              suiteList.append('compare_entry')
              suiteList.append('modify_rdn')
              suiteList.append('modify_filter')
              suiteList.append('rdn_wildcards')
              suiteList.append('bindtypes')
              suiteList.append('proxy_auth')
              suiteList.append('effective_rights')
#OOS              suiteList.append('import')
              suiteList.append('multi_acis')
            </script>

            <!-- Run the test suites -->
            <iterate  var="_suite" in="suiteList">
              <sequence>              
                <try>
                  <sequence>                  
                    <import machine="STAF_LOCAL_HOSTNAME"
                      file="'%s/testcases/aci/%s.xml' % (TESTS_DIR,_suite)"/> 
                    <call function="'%s' % _suite" />
                  </sequence>
                <catch exception="'STAFException.TestSuite.SetupException'">
                  <sequence>
                    <message log="1" level="'fatal'">'Setup of test suite %s failed.' % _suite</message>
                  </sequence>
                </catch>
                <catch exception="'STAFException.TestSuite.MainException'">
                  <sequence>
                    <message log="1" level="'fatal'">'Main part of test suite %s failed.' % _suite</message>
                  </sequence>
                </catch>
                <catch exception="'STAFException.TestSuite.CleanupException'">
                  <sequence>
                    <message log="1" level="'fatal'">'Cleanup of test suite %s failed.' % _suite</message>
                  </sequence>
                </catch>
                </try>
              </sequence>
            </iterate>
            <call function="'testSuite_Run'">
              { 'suites' : suiteList ,
                'group'  : 'aci' }
            </call>
                                    
          </sequence>
        </block>

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_add_entry.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_bindtypes.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_cleanup.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_compare_tests.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_delete_entry.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_effective_rights.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_import.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_entry.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci1.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci11.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci12.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci13.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci14.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci15.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci16.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci2.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci21.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci22.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci23.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci24.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci25.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci26.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci3.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci4.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci5.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_filter_tests_aci6.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_modify_rdn.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_proxy_auth.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_rdn_wildcards.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_setup.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_targattrfilter.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_target.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_targetattr.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_targetcontrol.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_targetfilter.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/aci_targetscope.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/add_entry/add_entry.xml

New file
@@ -0,0 +1,157 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_add_entry"/>
  <function name="aci_add_entry" scope="local">
    <sequence>
      <block name="'aci_add_entry'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'add_entry'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Add Entry'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Add Entry Tests
            #@TestSuitePurpose    Verify that ACI add_entrys are functioning correctly
            #@TestSuiteID         ACI Add Entry Tests
            #@TestSuiteGroup      ACI Add Entry
            #@TestGroup           ACI
            #@TestScript          aci_add_entry.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('add_entry/add_entry_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Add Entry:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_add_entry_001')
                  testsList.append('aci_add_entry_002')
                  testsList.append('aci_add_entry_003')
                  testsList.append('aci_add_entry_004')
                  testsList.append('aci_add_entry_005')
                  testsList.append('aci_add_entry_006')
                  testsList.append('aci_add_entry_007')
                  testsList.append('aci_add_entry_008')
                  testsList.append('aci_add_entry_009')
                  testsList.append('aci_add_entry_010')
                  testsList.append('aci_add_entry_011')
                  testsList.append('aci_add_entry_012')
                  testsList.append('aci_add_entry_013')
                  testsList.append('aci_add_entry_014')
                  testsList.append('aci_add_entry_015')
                  testsList.append('aci_add_entry_016')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/add_entry/add_entry_tests.xml

New file
@@ -0,0 +1,1979 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>
                      
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                ACI Add Entry Tests
        #@TestName                  Preamble
        #@TestIssue                 439
        #@TestPurpose               Test default aci settings
        #@TestPreamble              none
        #@TestStep                  Add extra branches where new entries will be added
        #@TestPostamble             none
        #@TestResult                Success if OpenDS returns 0
                                    for all operations.
                                    
    -->
  <function name="aci_add_entry_001" scope="local">
    <testcase name="getTestCaseName('Add Entry Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Add Preamble - Adding Branches For Add Tests'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/aci_startup_add_entry_tests.ldif' % remote.data }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
 
<!-- general allow(add) tests -->
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry - userdn equals all
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACi where userdn equals all
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches for added entry in the targeted branch.
      #@TestStep                  Client adds an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client add an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_002" scope="local">
    <testcase name="getTestCaseName('Add Entry - userdn equals all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-add_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - userdn equals all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals all, user adding entry to targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-add_entry1.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - userdn equals all, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=kwinters,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals all, user adding entry to non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-add_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals all, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - userdn equals a dn
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI where userdn equals a dn 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches added entry in the targeted branch.
      #@TestStep                  Client adds an entry in the targeted branch with a prohibited userdn.
      #@TestStep                  Client adds an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_003" scope="local">
    <testcase name="getTestCaseName('Add Entry - userdn equals a dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-add_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - userdn equals a dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals a dn, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-add_entry2.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - userdn equals a dn, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=abergin,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals a dn, user adding entry in targeted branch with a prohibited userdn'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals a dn, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-add_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals a dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn equals a dn, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - userdn not equals a dn
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI where the userdn not equals a dn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches added entry in the targeted branch.
      #@TestStep                  Client adds an entry in the targeted branch with a prohibited userdn.
      #@TestStep                  Client adds an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_004" scope="local">
    <testcase name="getTestCaseName('Add Entry - userdn not equals a dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-add_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-add_entry3.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - userdn not equals a dn, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=dmiller,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, user adding entry in targeted branch with a prohibited userdn'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-add_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - add not allowed
      #@TestIssue                 439
      #@TestPurpose               Add an entry where the ACI does not allow an add
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_005" scope="local">
    <testcase name="getTestCaseName('Add Entry - add not allowed')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-delete_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - add not allowed, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - add not allowed, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_allow-delete_entry1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - userdn not equals a dn, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
<!-- general targetfilter tests -->
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - targetfilter with one statement
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI with one targetfilter.
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches added entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_006" scope="local">
    <testcase name="getTestCaseName('Add Entry - targetfilter equals one statement')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - targetfilter equals one statement, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter equals one statement, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targetfilter_entry1.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - targetfilter equals one statement, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=trigden,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter equals one statement, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targetfilter_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter equals one statement, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter equals one statement, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - targetfilter with non-existent attribute
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI with a targetfilter with non-existent attribute
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_007" scope="local">
    <testcase name="getTestCaseName('Add Entry - targetfilter with non-existent attribute')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - targetfilter with non-existent attribute, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter with non-existent attribute, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targetfilter_entry2.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter with non-existent attribute, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targetfilter_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter with non-existent attribute, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - targetfilter with non-existent attribute, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
     
<!-- general targetattr tests -->
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - targetattr with one attribute
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI with a targetattr with one attribute.
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches added entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_008" scope="local">
    <testcase name="getTestCaseName('Add Entry - targetattr with one attribute')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetattr_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - targetattr with one attribute, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - targetattr with one attribute, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targetattr_entry1.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - targetattr with one attribute, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=cschmith,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - targetattr with one attribute, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targetattr_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targetattr with one attribute, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - targetattr with one attribute, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
<!-- general targattrfilter tests -->
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - targattrfilter with add:,del:
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI with a targattrfilter with add:,del:.
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches added entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_009" scope="local">
    <testcase name="getTestCaseName('Add Entry - targattrfilter with add:,del:')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targattrfilter_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - targattrfilter with add:,del:, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add:,del:, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targattrfilter_entry1.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - targattrfilter with add:,del:, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=jwallace,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add:,del:, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targattrfilter_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add:,del:, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add:,del:, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - targattrfilter with add: only
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI with a targattrfilter with add: only.
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Directory Manager searches added entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_010" scope="local">
    <testcase name="getTestCaseName('Add Entry - targattrfilter with add: only')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targattrfilter_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - targattrfilter with add: only, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: only, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targattrfilter_entry2.ldif' % remote.data }
            </call>

            <message>
             'ACI: Add: Add Entry - targattrfilter with add: only, Directory Manager searching added entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=jcrawler,ou=People,ou=aci branch,o=Add Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*'  }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: only, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targattrfilter_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: only, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: only, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - targattrfilter with add: statement false
      #@TestIssue                 439
      #@TestPurpose               Add an entry against an ACI with a targattrfilter with add: statement false.
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_011" scope="local">
    <testcase name="getTestCaseName('Add Entry - targattrfilter with add: statement false')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targattrfilter_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - targattrfilter with add: statement false, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: statement false, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targattrfilter_entry3.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: statement false, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_targattrfilter_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: statement false, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - targattrfilter with add: statement false, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
<!-- multiple ACI tests -->
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - Multi ACIs 1, overall deny
      #@TestIssue                 439
      #@TestPurpose               Add an entry against two ACIs with with overall deny
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_012" scope="local">
    <testcase name="getTestCaseName('Add Entry - Multi ACIs 1, overall deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - Multi ACIs 1, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 1, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 1, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 1, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 1, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - Multi ACIs 2, overall allow
      #@TestIssue                 439
      #@TestPurpose               Add an entry against two ACIs with an overall allow
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_013" scope="local">
    <testcase name="getTestCaseName('Add Entry - Multi ACIs 2, overall allow')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - Multi ACIs 2, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 2, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 2, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 2, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 2, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
          
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - Multi ACIs 3, mixed allow and deny 
      #@TestIssue                 439
      #@TestPurpose               Add an entry against multiple ACIs where the allow or deny depends on specific userds
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the targeted branch by a prohibited user.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_014" scope="local">
    <testcase name="getTestCaseName('Add Entry - Multi ACIs 3, mixed allow and deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - Multi ACIs 3, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 3, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 3, user adding entry in targeted branch by a prohibited user'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 3, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 3, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 3, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
          
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - Multi ACIs 4, overall allow with many ACIs
      #@TestIssue                 439
      #@TestPurpose               Add an entry against many ACIs with an overall allow
      #@TestPreamble              Admin adds many acis.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_015" scope="local">
    <testcase name="getTestCaseName('Add Entry - Multi ACIs 4, overall allow with many ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - Multi ACIs 4, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 4, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry4.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 4, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry4a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 4, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_multi_acis2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 4, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
          
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Add Entry Tests
      #@TestName                  Add Entry  - Multi ACIs 5, mixed allow and deny with many ACIs
      #@TestIssue                 439
      #@TestPurpose               Add an entry against many ACIs where the allow or deny depends on specific userds
      #@TestPreamble              Admin adds many acis.
      #@TestStep                  Client adds an entry in the targeted branch.
      #@TestStep                  Client adds an entry in the targeted branch by a prohibited user.
      #@TestStep                  Client adds an entry in the non-targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_add_entry_016" scope="local">
    <testcase name="getTestCaseName('Add Entry - Multi ACIs 5, mixed allow and deny with many ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_add_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Add: Add Entry - Multi ACIs 5, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 5, user adding entry in targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry5.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 5, user adding entry in targeted branch by a prohibited user'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 5, user adding entry in non-targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_multi_aci_entry5a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 5, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_add_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Add: Add Entry - Multi ACIs 5, user adding entry in previously targeted branch'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeAdded'   : '%s/aci/aci_add_entry/add_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/bindtypes/bindtypes.xml

New file
@@ -0,0 +1,174 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_bindtypes"/>
  <function name="aci_bindtypes" scope="local">
    <sequence>
      <block name="'aci_bindtypes'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'bindtypes'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Bindtypes'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Bindtypes Tests
            #@TestSuitePurpose    Verify that ACI bindtypess are functioning correctly
            #@TestSuiteID         ACI Bindtypes Tests
            #@TestSuiteGroup      ACI Bindtypes
            #@TestGroup           ACI
            #@TestScript          bindtypes.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('bindtypes/bindtypes_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Bindtypes:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_bindtypes_001')
                  testsList.append('aci_bindtypes_002')
                  testsList.append('aci_bindtypes_003')
                  testsList.append('aci_bindtypes_004')
                  testsList.append('aci_bindtypes_005')
                  testsList.append('aci_bindtypes_006')
                  testsList.append('aci_bindtypes_007')
                  testsList.append('aci_bindtypes_008')
                  testsList.append('aci_bindtypes_009')
                  testsList.append('aci_bindtypes_010')
                  testsList.append('aci_bindtypes_011')
                  testsList.append('aci_bindtypes_012')
                  testsList.append('aci_bindtypes_013')
                  testsList.append('aci_bindtypes_014')
                  testsList.append('aci_bindtypes_015')
                  testsList.append('aci_bindtypes_016')
                  testsList.append('aci_bindtypes_017')
                  testsList.append('aci_bindtypes_018')
                  testsList.append('aci_bindtypes_019')
                  testsList.append('aci_bindtypes_020')
                  testsList.append('aci_bindtypes_021')
                  testsList.append('aci_bindtypes_022')
                  testsList.append('aci_bindtypes_023')
                  testsList.append('aci_bindtypes_024')
                  testsList.append('aci_bindtypes_025')
                  testsList.append('aci_bindtypes_026')
                  testsList.append('aci_bindtypes_027')
                  testsList.append('aci_bindtypes_028')
                  testsList.append('aci_bindtypes_029')
                  testsList.append('aci_bindtypes_030')
                  testsList.append('aci_bindtypes_031')
                  testsList.append('aci_bindtypes_032')
                  testsList.append('aci_bindtypes_033')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/bindtypes/bindtypes_tests.xml

New file
Diff too large

 opends/tests/staf-tests/functional-tests/testcases/aci/compare_entry/compare_entry.xml

New file
@@ -0,0 +1,156 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_compare_entry"/>
  <function name="aci_compare_entry" scope="local">
    <sequence>
      <block name="'aci_compare_entry'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'compare_entry'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Compare Entry'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Compare Entry Tests
            #@TestSuitePurpose    Verify that ACI compare_entrys are functioning correctly
            #@TestSuiteID         ACI Compare Entry Tests
            #@TestSuiteGroup      ACI Compare Entry
            #@TestGroup           ACI
            #@TestScript          compare_entry.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('compare_entry/compare_entry_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Compare Entry:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_compare_entry_001')
                  testsList.append('aci_compare_entry_002')
                  testsList.append('aci_compare_entry_003')
                  testsList.append('aci_compare_entry_004')
                  testsList.append('aci_compare_entry_005')
                  testsList.append('aci_compare_entry_006')
                  testsList.append('aci_compare_entry_007')
                  testsList.append('aci_compare_entry_008')
                  testsList.append('aci_compare_entry_009')
                  testsList.append('aci_compare_entry_010')
                  testsList.append('aci_compare_entry_011')
                  testsList.append('aci_compare_entry_012')
                  testsList.append('aci_compare_entry_013')
                  testsList.append('aci_compare_entry_014')
                  testsList.append('aci_compare_entry_015')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/compare_entry/compare_entry_tests.xml

New file
@@ -0,0 +1,1931 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Preamble
      #@TestIssue                 441
      #@TestPurpose               Modify global ACIs
      #@TestPreamble              none
      #@TestStep                  Directory Manager removes global ACI allowing compares
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0.
  -->
  <function name="aci_compare_entry_001" scope="local">
    <testcase name="getTestCaseName('Compare Entry Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Comparet: Preamble - Removing Search Global ACI'
            </message>

            <call function="'modifyGlobalAci'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : GLOBAL_ACI_SEARCH ,
                'opType'                 : 'remove' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
          
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - userdn equals all
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where userdn equals all
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
                                  The return string for step 1 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_002" scope="local">
    <testcase name="getTestCaseName('Compare Attr - userdn equals all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - userdn equals all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn equals all, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - userdn equals all, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn equals all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn equals all, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - userdn not equals a dn
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where userdn not equals a dn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch with a prohibited user.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
                                  The return string for step 1 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_003" scope="local">
    <testcase name="getTestCaseName('Compare Attr - userdn not equals a dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - userdn not equals a dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn not equals a dn, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - userdn not equals a dn, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn not equals a dn, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn not equals a dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn not equals a dn, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - userdn equals a branch dn
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where userdn equals a branch dn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch with another user.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_compare_entry_004" scope="local">
    <testcase name="getTestCaseName('Compare Attr - userdn equals a branch dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci2.1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - userdn equals a branch dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn equals a branch dn, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn equals a branch dn, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn equals a branch dn, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn equals a branch dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn equals a branch dn, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - userdn not equals a branch dn
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where userdn equals a branch dn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch with another user.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
                                  The return string for steps 1 and 2 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_005" scope="local">
    <testcase name="getTestCaseName('Compare Attr - userdn not equals a branch dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci2.2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - userdn not equals a branch dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn not equals a branch dn, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - userdn not equals a branch dn, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - userdn not equals a branch dn, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn not equals a branch dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn not equals a branch dn, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - userdn equals two dns
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where userdn equals two dns
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch with another user.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
                                  The return string for steps 1 and 2 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_006" scope="local">
    <testcase name="getTestCaseName('Compare Attr - userdn equals two dns')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci2.3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - userdn equals two dns, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn equals two dns, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - userdn equals two dns, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - userdn equals two dns, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn equals two dns, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn equals two dns, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - userdn not equals two dns
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where userdn equals a branch dn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch with another user.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_compare_entry_007" scope="local">
    <testcase name="getTestCaseName('Compare Attr - userdn not equals two dns')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci2.4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - userdn not equals two dns, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn not equals two dns, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn not equals two dns, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

           <message>
             'ACI: Compare: Compare Attr - userdn not equals two dns, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn not equals two dns, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn not equals two dns, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - compare not allowed
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI where compare is not allowed
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns
                                  50 for all ldapcompare steps.
  -->
  <function name="aci_compare_entry_008" scope="local">
    <testcase name="getTestCaseName('Compare Attr - compare not allowed')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - compare not allowed, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn compare not allowed, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
             'ACI: Compare: Compare Attr - userdn compare not allowed, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn compare not allowed, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - userdn compare not allowed, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - targetattr with one attribute
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI with a targetattr with one attribute
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares a prohibited attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
                                  The return string for step 1 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_009" scope="local">
    <testcase name="getTestCaseName('Compare Attr - targetattr with one attribute')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - targetattr with one attribute, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - targetattr with one attribute, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - targetattr with one attribute, user comparing prohibited attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'roomnumber:4376',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
             'ACI: Compare: Compare Attr - targetattr with one attribute, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targetattr with one attribute, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targetattr with one attribute, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - targetfilter with one statement
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI with a targetfilter with one statement
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in a prohibited entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
                                  The return string for step 1 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_010" scope="local">
    <testcase name="getTestCaseName('Compare Attr - targetfilter with one statement')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - targetfilter with one statement, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - targetfilter with one statement, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - targetfilter with one statement, user comparing prohibited attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'roomnumber:4376',
                'entryToBeCompared'     : 'uid=jrunner, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

             <message>
             'ACI: Compare: Compare Attr - targetfilter with one statement, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targetfilter with one statement, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targetfilter with one statement, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - targattrfilters with add:,del:
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI with a targattrfilters with add:,del
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares a second attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
                                  The return string for steps 1 and 2 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_011" scope="local">
    <testcase name="getTestCaseName('Compare Attr - targattrfilters with add:,del:')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci6.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - targattrfilters with add:,del:, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - targattrfilters with add:,del:, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - targattrfilters with add:,del:, user comparing prohibited attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'roomnumber:4376',
                'entryToBeCompared'     : 'uid=jrunner, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'false' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - targattrfilters with add:,del:, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targattrfilters with add:,del:, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targattrfilters with add:,del:, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - targattrfilters with add:,del:, returns false
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against an ACI with a targattrfilters with add:,del
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Client compares a second attribute in an entry in the targeted branch.
      #@TestStep                  Client compares an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
                                  The return string for steps 1 and 2 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_012" scope="local">
    <testcase name="getTestCaseName('Compare Attr - targattrfilters with add:,del:, returns false')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci7.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - targattrfilters with add:,del:, returns false, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - targattrfilters with add:,del:, returns false, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - targattrfilters with add:,del:, returns false, user comparing prohibited attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'roomnumber:4376',
                'entryToBeCompared'     : 'uid=jrunner, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'false' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
             'ACI: Compare: Compare Attr - targattrfilters with add:,del:, returns false, user comparing attribute in non-targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targattrfilters with add:,del:, returns false, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - targattrfilters with add:,del:, returns false, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - Multi ACIs 1, overall deny
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against two ACIs, overall deny 
      #@TestPreamble              Admin adds acis.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  50 for all other steps.
  -->
  <function name="aci_compare_entry_013" scope="local">
    <testcase name="getTestCaseName('Compare Attr - Multi ACIs 1, overall deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis8.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - Multi ACIs 1, overall deny, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - Multi ACIs 1, overall deny, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Compare: Compare Attr - Multi ACIs 1, overall deny, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - Multi ACIs 1, overall deny, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Compare Tests
      #@TestName                  Compare Attr - Multi ACIs 2, overall allow
      #@TestIssue                 441
      #@TestPurpose               Compare an attribute in an entry against two ACIs, overall allow 
      #@TestPreamble              Admin adds acis.
      #@TestStep                  Client compares an attribute in an entry in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client compares an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
                                  The return string for step 1 is evaluated to contain the substring, true.
  -->
  <function name="aci_compare_entry_014" scope="local">
    <testcase name="getTestCaseName('Compare Attr - Multi ACIs 2, overall allow')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis9.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_compare_tests/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Compare: Compare Attr - Multi ACIs 2, overall allow, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
             'ACI: Compare: Compare Attr - Multi ACIs 2, overall allow, user comparing attribute in targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'true' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Compare: Compare Attr - Multi ACIs 2, overall allow, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_compare_tests/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Compare: Compare Attr - Multi ACIs 2, overall allow, user comparing attribute in previously targeted branch'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Cupertino',
                'entryToBeCompared'     : 'uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' ,
                'expectedRC'            : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                ACI Compare Tests
    #@TestName                  Postamble
    #@TestIssue                 441
    #@TestPurpose               Reset global ACI to default settings
    #@TestPreamble              none
    #@TestStep                  Directory Manager replaces default global aci.
    #@TestPostamble             none
    #@TestResult                Success if OpenDS returns 0.
  -->
  <function name="aci_compare_entry_015" scope="local">
    <testcase name="getTestCaseName('Compare Entry Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Compare: Resetting Search Global ACI'
            </message>

            <call function="'modifyGlobalAci'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : GLOBAL_ACI_SEARCH ,
                'opType'                 : 'add' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/delete_entry/delete_entry.xml

New file
@@ -0,0 +1,146 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_delete_entry"/>
  <function name="aci_delete_entry" scope="local">
    <sequence>
      <block name="'aci_delete_entry'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'delete_entry'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Delete Entry'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Delete Entry Tests
            #@TestSuitePurpose    Verify that ACI delete_entrys are functioning correctly
            #@TestSuiteID         ACI Delete Entry Tests
            #@TestSuiteGroup      ACI Delete Entry
            #@TestGroup           ACI
            #@TestScript          aci_delete_entry.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('delete_entry/delete_entry_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Delete Entry:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_delete_entry_001')
                  testsList.append('aci_delete_entry_002')
                  testsList.append('aci_delete_entry_003')
                  testsList.append('aci_delete_entry_004')
                  testsList.append('aci_delete_entry_005')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/delete_entry/delete_entry_tests.xml

New file
@@ -0,0 +1,2425 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>

  <!--
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                ACI Delete Entry Tests
        #@TestName                  Preamble
        #@TestIssue                 442
        #@TestPurpose               Test default aci settings
        #@TestPreamble              none
        #@TestStep                  Add extra entries that will be deleted in the tests.
        #@TestStep                  Directory Manager searches entry in a branch.
        #@TestStep                  Directory Manager searches entry in another branch.
        #@TestPostamble             none
        #@TestResult                Success if OpenDS returns 0
                                    for all operations.
                                    
    -->
  <function name="aci_delete_entry_001" scope="local">
    <testcase name="getTestCaseName('Delete Entry Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Delete: Preamble - Adding Entries For Delete Tests'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/aci/aci_delete_entry/aci_startup_delete_entry_tests.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Preamble - Directory Manager searching entry that will be in targeted branch'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid'}
            </call>

            <message>
               'ACI: Delete: Preamble - Directory Manager searching entry that will be in non-targeted branch'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid'}
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
 
<!-- general allow(delete) tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - userdn equals all
      #@TestIssue                 442
      #@TestPurpose               Delete an entry
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Directory Manager searches for deleted entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 32 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_002" scope="local">
    <testcase name="getTestCaseName('Delete Entry - userdn equals all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-delete_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - userdn equals all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals all, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry1.ldif' % remote.data }
            </call>

            <message>
             'ACI: Delete: Delete Entry - userdn equals all, Directory Manager searching deleted entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=bhall,ou=People,ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*' ,
              'expectedRC'       : 32
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals all, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals all, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry  - userdn equals a dn
      #@TestIssue                 442
      #@TestPurpose               Delete an entry
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Directory Manager searches deleted entry in the targeted branch.
      #@TestStep                  Client deletes an entry in the targeted branch with a prohibited userdn.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 32 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_003" scope="local">
    <testcase name="getTestCaseName('Delete Entry - userdn equals a dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-delete_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - userdn equals a dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals a dn, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry2.ldif' % remote.data }
            </call>

            <message>
             'ACI: Delete: Delete Entry - userdn equals a dn, Directory Manager searching deleted entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=tmason,ou=People,ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*' ,
              'expectedRC'       : 32
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals a dn, user deleting entry from targeted branch with prohibited userdn'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals a dn, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals a dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn equals a dn, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry  - userdn not equals a dn
      #@TestIssue                 442
      #@TestPurpose               Delete an entry
      #@TestPreamble              Admin adds an aci with the target not equal to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Directory Manager searches deleted entry in the targeted branch.
      #@TestStep                  Client deletes an entry with a prohibited userdn in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 32 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_004" scope="local">
    <testcase name="getTestCaseName('Delete Entry - userdn not equals a dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-delete_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - userdn not equals a dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn not equals a dn, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry3.ldif' % remote.data }
            </call>

            <message>
             'ACI: Delete: Delete Entry - userdn not equals a dn, Directory Manager searching deleted entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=jreuter,ou=People,ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*' ,
              'expectedRC'       : 32
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn not equals a dn, prohibited user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry3.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn not equals a dn, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-delete_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn not equals a dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - userdn not equals a dn, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - delete not allowed
      #@TestIssue                 442
      #@TestPurpose               Delete an entry when delete is not allowed
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_005" scope="local">
    <testcase name="getTestCaseName('Delete Entry - delete not allowed')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_allow-write_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - delete not allowed, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - delete not allowed, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_allow-write_entry1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - delete not allowed, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - delete not allowed, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
<!-- targetfilter tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetfilter with one statement
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetfilter with one statement 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Directory Manager searches deleted entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 32 for step2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_006" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetfilter equals one statement')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter equals one statement, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals one statement, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry1.ldif' % remote.data }
            </call>

            <message>
             'ACI: Delete: Delete Entry - targetfilter equals one statement, Directory Manager searching deleted entry'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'uid=rdaugherty,ou=People,ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*' ,
              'expectedRC'       : 32
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals one statement, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals one statement, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals one statement, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetfilter with three statements (or) all false
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetfilter with three statements (or) all false 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_007" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetfilter equals three statements (or) all false')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter equals othree statements (or) all false, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (or) all false, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry2.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (or) all false, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (or) all false, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (or) all false, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetfilter not equals three statements (or) all false
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetfilter not equal three statements (or) all false 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_008" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetfilter not equals three statements (or) all false')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter not equals three statements (or) all false, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter not equals three statements (or) all false, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter not equals three statements (or) all false, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter not equals three statements (or) all false, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter not equals three statements (or) all false, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetfilter with three statements (and) all true
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetfilter with three statements (and) all true 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_009" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetfilter equals three statements (and) all true')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter equals othree statements (and) all true, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (and) all true, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry4.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (and) all true, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry4a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (and) all true, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three statements (and) all true, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetfilter contains attribute not present
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetfilter containing attribute not present
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_010" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetfilter contains attribute not present')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetfilter_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter contains attribute not present, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter contains attribute not present, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry5.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter contains attribute not present, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetfilter_entry5a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter contains attribute not present, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter contains attribute not present, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
     
<!-- targetattr tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetattr equals three attributes
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetattr equal to three attributes
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_011" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetattr equals three attributes')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetattr_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter equals three attributes, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals  three attributes, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetattr_entry1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals  three attributes, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetattr_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals  three attributes, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals  three attributes, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targetattr equals attribute not present
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targetattr equal to attribute not present
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_012" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetattr equals attribute not present')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targetattr_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetattr equals attribute not present, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetattr equals attribute not present, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetattr_entry2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetattr equals attribute not present, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targetattr_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetattr equals attribute not present, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetattr equals attribute not present, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
<!-- targattrfilter tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - targattrfilter equals attr value
      #@TestIssue                 442
      #@TestPurpose               Test delete with ACI that has targattrfilter equals attribute value
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client deletes an entry in the targeted branch.
      #@TestStep                  Client deletes an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_013" scope="local">
    <testcase name="getTestCaseName('Delete Entry - targetattr equals attr value')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_targattrfilter_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - targetfilter equals attr value, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals attr value, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targattrfilter_entry1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals attr value, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_targattrfilter_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals attr value, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - targetfilter equals attr value, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - delete branch
      #@TestIssue                 442
      #@TestPurpose               Delete a branch
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes a branch in the targeted branch.
      #@TestStep                  Directory Manager searches in deleted branch in the targeted branch.
      #@TestStep                  Client deletes a branch that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_014" scope="local">
    <testcase name="getTestCaseName('Delete Entry - delete branch')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
            </script>
    
            <call function="'modifyAnAttribute'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'ou=aci branch, o=Delete Tests, o=ACI Tests, dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : allow_aci ,
                'changetype'             : 'add' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_allow-delete_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - delete branch, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - delete branch, user deleting branch from targeted branch'
            </message>

            <call function="'DeleteEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'ou=extra branch 1, ou=aci branch, o=Delete Tests, o=ACI Tests,dc=example,dc=com' ,
                'extraParams'      : '-x'}
            </call>

            <message>
             'ACI: Delete: Delete Entry - delete branch, Directory Manager searching deleted branch'
            </message>

            <call function="'SearchObject'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'dsBaseDN'         : 'ou=extra branch 1, ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
              'dsFilter'         : 'objectclass=*' ,
              'expectedRC'       : 32
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - delete branch, user deleting branch from non-targeted branch'
            </message>

            <call function="'DeleteEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'ou=extra branch 1, ou=non-aci branch, o=Delete Tests, o=ACI Tests,dc=example,dc=com' ,
                'extraParams'      : '-x',
                'expectedRC'       : 50
            }
            </call>

            <call function="'modifyAnAttribute'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'ou=aci branch, o=Delete Tests, o=ACI Tests, dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : allow_aci ,
                'changetype'             : 'delete' }
            </call>
            
            <message>
               'ACI: Delete: Delete Entry - delete branch, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_aci.ldif' % remote.data }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
<!-- multiple ACI tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - Multi ACIs 1, overall deny
      #@TestIssue                 442
      #@TestPurpose               Test delete with 2 ACIs, overall deny  
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_015" scope="local">
    <testcase name="getTestCaseName('Delete Entry - multi ACIs 1, overall deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - multi ACIs 1, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 1, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 1, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 1, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 1, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - Multi ACIs 2, overall allow
      #@TestIssue                 442
      #@TestPurpose               Test delete with 2 ACIs, overall allow  
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_016" scope="local">
    <testcase name="getTestCaseName('Delete Entry - multi ACIs 2, overall allow')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - multi ACIs 2, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 2, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 2, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 2, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 2, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - Multi ACIs 3, mixed allow and deny
      #@TestIssue                 442
      #@TestPurpose               Test delete with 2 ACIs, mixed allow and deny  
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client deletes an entry with the targeted branch by a prohibited userdn.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_017" scope="local">
    <testcase name="getTestCaseName('Delete Entry - multi ACIs 3, mixed allow and deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - multi ACIs 3, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 3, user deleting entry from targeted branch by a prohibited userdn'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 3, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 3, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 3, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 3, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - Multi ACIs 4, overall allow with many ACIs
      #@TestIssue                 442
      #@TestPurpose               Test delete with many ACIs, overall allow with many ACIs  
      #@TestPreamble              Admin adds two acis.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_018" scope="local">
    <testcase name="getTestCaseName('Delete Entry - multi ACIs 4, overall allow with many ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - multi ACIs 4, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 4, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry4.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 4, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry4a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 4, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_acis2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 4, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Delete Entry Tests
      #@TestName                  Delete Entry - Multi ACIs 5, mixed allow and deny with many ACIs
      #@TestIssue                 442
      #@TestPurpose               Test delete with many ACIs, mixed allow and deny with many ACIs  
      #@TestPreamble              Admin adds many acis, mixed allow and deny with many ACIs.
      #@TestStep                  Client deletes an entry with the targeted branch by a prohibited userdn.
      #@TestStep                  Client deletes an entry with the targeted branch.
      #@TestStep                  Client deletes an entry that is not with the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an entry with the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_delete_entry_019" scope="local">
    <testcase name="getTestCaseName('Delete Entry - multi ACIs 5, mixed allow and deny with many ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_multi_acis5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_delete_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Delete: Delete Entry - multi ACIs 5, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 5, user deleting entry from targeted branch by a prohibited userdn'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 5, user deleting entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry5.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 5, user deleting entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_aci_entry5a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 5, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_multi_acis2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Delete: Delete Entry - multi ACIs 5, user deleting entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_delete_entry/del_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                ACI Delete Entry Tests
        #@TestName                  Postamble
        #@TestIssue                 442
        #@TestPurpose               Test default aci settings
        #@TestPreamble              none
        #@TestStep                  Directory Manager searches entry in a branch.
        #@TestStep                  Directory Manager searches entry in another branch.
        #@TestPostamble             none
        #@TestResult                Success if OpenDS returns 0
                                    for all operations.
                                    
    -->
  <function name="aci_delete_entry_020" scope="local">
    <testcase name="getTestCaseName('Delete Entry Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Delete: Postamble - Directory Manager searching entry that was targeted in targeted branch'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid'}
            </call>

            <message>
               'ACI: Delete: Postamble - Directory Manager searching entry that was in non-targeted branch'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=Delete Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid'}
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/effective_rights/effective_rights.xml

New file
@@ -0,0 +1,157 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_effective_rights"/>
  <function name="aci_effective_rights" scope="local">
    <sequence>
      <block name="'aci_effective_rights'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'effective_rights'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Effective Rights'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Effective Rights Tests
            #@TestSuitePurpose    Verify that ACI effective_rights are functioning correctly
            #@TestSuiteID         ACI Effective Rights Tests
            #@TestSuiteGroup      ACI Effective Rights
            #@TestGroup           ACI
            #@TestScript          effective_rights.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('effective_rights/effective_rights_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Effective Rights:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_effective_rights_001')
                  testsList.append('aci_effective_rights_002')
                  testsList.append('aci_effective_rights_003')
                  testsList.append('aci_effective_rights_004')
                  testsList.append('aci_effective_rights_005')
                  testsList.append('aci_effective_rights_006')
                  testsList.append('aci_effective_rights_007')
                  testsList.append('aci_effective_rights_008')
                  testsList.append('aci_effective_rights_009')
                  testsList.append('aci_effective_rights_010')
                  testsList.append('aci_effective_rights_011')
                  testsList.append('aci_effective_rights_012')
                  testsList.append('aci_effective_rights_013')
                  testsList.append('aci_effective_rights_014')
                  testsList.append('aci_effective_rights_015')
                  testsList.append('aci_effective_rights_016')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/effective_rights/effective_rights_tests.xml

New file
@@ -0,0 +1,2825 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Target Tests
      #@TestName                  Preamble
      #@TestIssue                 87
      #@TestPurpose               Prepare for effective rights tests
      #@TestPreamble              none
      #@TestStep                  Admin removes global search ACI
      #@TestStep                  Admin adds ACI to access effective rights
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all operations.
  -->
  <function name="aci_effective_rights_001" scope="local">
    <testcase name="getTestCaseName('Effective Rights Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Effective Rights: Preamble - Removing Search Global ACI'
            </message>

            <call function="'modifyGlobalAci'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : GLOBAL_ACI_SEARCH ,
                'opType'                 : 'remove' }
            </call>
        
            <script>
                allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
            </script>
    
            <call function="'modifyAnAttribute'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : allow_aci ,
                'changetype'             : 'add' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_effrights_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Preamble - Admin adding get effective rights ACI,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file)  }
            </call>
    
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - wildcard 
      #@TestIssue                 1745
      #@TestPurpose               Test effective rights with wildcard
      #@TestPreamble              none
      #@TestStep                  Admin searches for effective rights in an entry using the wildcard notation.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  proper entries are returned for all steps.
  -->
  <function name="aci_effective_rights_002" scope="local">
    <testcase name="getTestCaseName('Basic - wildcard')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <message>
               'ACI: Effective Rights: Basic - wildcard, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'uid=scarter'  ,
                'attributes'       : 'aclRights "*"' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com"' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;cn: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - read 
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with read permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Admin searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Admin searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  no entries are returned for any step.
  -->
  <function name="aci_effective_rights_003" scope="local">
    <testcase name="getTestCaseName('Basic - read')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - read, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - read, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:0,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:0,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - read, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - read, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - read, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - search 
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with search permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  no entries are returned for any step.
  -->
  <function name="aci_effective_rights_004" scope="local">
    <testcase name="getTestCaseName('Basic - search')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - search, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - search, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - search, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - search-read 
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with search-read permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn as shown in doc example.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn with -J option.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  and the attributeLevel permissions are 1 for search and read for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_005" scope="local">
    <testcase name="getTestCaseName('Basic - search-read')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - search-read, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - search-read, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search-read as doc example, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights "*"' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com"' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search-read with -J option, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -J effectiveRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search-read, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search-read, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - search-read, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - search-read in separate ACIs
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with search-read permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  and the attributeLevel permissions are 1 for search and read for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_006" scope="local">
    <testcase name="getTestCaseName('Basic - search-read, separate ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - search-read, separate ACIs, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - search-read, separate ACIs, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - search-read, separate ACIs, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - compare
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with compare permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  and the attributeLevel permissions are 1 for search, read and compare for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_007" scope="local">
    <testcase name="getTestCaseName('Basic - compare')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - compare, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - compare, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:1,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:1,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - compare, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - compare, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - compare, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - add
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with add permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  and the attributeLevel permissions are 1 for search and read for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_008" scope="local">
    <testcase name="getTestCaseName('Basic - add')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci6.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - add, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - add, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:1,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - add, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - add, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - add, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - delete
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with delete permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read and delete,
                                  and the attributeLevel permissions are 1 for search and read for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_009" scope="local">
    <testcase name="getTestCaseName('Basic - delete')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci7.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - delete, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - delete, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:1,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - delete, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - delete, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - delete, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - write
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with write permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read and write,
                                  and the attributeLevel permissions are 1 for search, read, write, selfwrite_add and selfwrite_delete for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_010" scope="local">
    <testcase name="getTestCaseName('Basic - write')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci8.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - write, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - write, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:1,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:1,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:1,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - write, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - write, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - write, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - proxy
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with proxy permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read and proxy,
                                  and the attributeLevel permissions are 1 for search, read, and proxy for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_011" scope="local">
    <testcase name="getTestCaseName('Basic - proxy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci9.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - proxy, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - proxy, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:1' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:1' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:1' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - proxy, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - proxy, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - proxy, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - selfwrite
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with selfwrite permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read and write,
                                  and the attributeLevel permissions are 1 for search, read, selfwrite_add and selfwrite_delete for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_012" scope="local">
    <testcase name="getTestCaseName('Basic - selfwrite')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci10.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - selfwrite, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - selfwrite, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - selfwrite, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - selfwrite, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - selfwrite, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - all
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with all permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for all options but proxy,
                                  and the attributeLevel permissions are 1 for all options but proxy for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_013" scope="local">
    <testcase name="getTestCaseName('Basic - all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci11.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - all, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:1,delete:1,read:1,write:1,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:1,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:1,write:1,selfwrite_add:1,selfwrite_delete:1,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - all, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - all, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'     : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - export
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with export permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  and the attributeLevel permissions are 1 for search and read for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_014" scope="local">
    <testcase name="getTestCaseName('Basic - export')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci12.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - export, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - export, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - export, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - export, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - export, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - import
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with import permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  and the attributeLevel permissions are 1 for search and read for uid and roomnumber. 
  -->
  <function name="aci_effective_rights_015" scope="local">
    <testcase name="getTestCaseName('Basic - import')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci13.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: Basic - import, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: Basic - import, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'uid aclRights roomnumber' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - import, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: Basic - import, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: Basic - import, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - targetattr with search,read
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with targetattr with search,read permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  the attributeLevel permissions are 1 for search and read for roomnumber, 
                                  and all attribute permissions are 0 for uid.
  -->
  <function name="aci_effective_rights_016" scope="local">
    <testcase name="getTestCaseName('targetattr with search,read')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci21.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: targetattr with search,read, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: targetattr with search,read, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'roomnumber=*'  ,
                'attributes'       : 'uid aclRights roomnumber cn' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: targetattr with search,read, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'roomnumber=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: targetattr with search,read, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: targetattr with search,read, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'roomnumber=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Effective Rights Tests
      #@TestName                  Effective Rights - targetattr with search,read
      #@TestIssue                 87
      #@TestPurpose               Test effective rights with targetattr with search,read permission
      #@TestPreamble              Admin adds an aci.
      #@TestStep                  Client searches for effective rights in an entry in the targeted branch dn.
      #@TestStep                  Client searches for effective rights in an entry in the non-targeted branch dn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client searches for effective rights in an entry with the previously targeted branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, and
                                  an entry is returned for step 1.
                                  Also, for step 1, the entryLevel permission is 1 for read,
                                  the attributeLevel permissions are 1 for search and read for uid, 
                                  and all attribute permissions are 0 for roomnumber.
  -->
  <function name="aci_effective_rights_017" scope="local">
    <testcase name="getTestCaseName('targetattr with not equal and search,read')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_aci22.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_effective_rights/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Effective Rights: targetattr with not equal and search,read, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Effective Rights: targetattr with not equal and search,read, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'uid=*'  ,
                'attributes'       : 'uid aclRights roomnumber cn' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryLevel: add:0,delete:0,read:1,write:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;uid: search:1,read:1,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeLevel;roomnumber: search:0,read:0,compare:0,write:0,selfwrite_add:0,selfwrite_delete:0,proxy:0' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Effective Rights: targetattr with not equal and search,read, user searching non-targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'uid=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Effective Rights: targetattr with not equal and search,read, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Effective Rights: targetattr with not equal and search,read, user searching previously targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'uid=*'  ,
                'attributes'       : 'aclRights' ,
                'extraParams'      : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
    
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Target Tests
      #@TestName                  Postamble
      #@TestIssue                 87
      #@TestPurpose               Reset effective rights tests
      #@TestPreamble              none
      #@TestStep                  Admin deletes ACI to access effective rights
      #@TestStep                  Admin puts back global search ACI
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all operations.
  -->
  <function name="aci_effective_rights_018" scope="local">
    <testcase name="getTestCaseName('Effective Rights Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Effective Rights: Postamble - Admin deleting get effective rights ACI'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_effective_rights/del_effrights_aci.ldif' % (remote.data)  }
            </call>

            <script>
                allow_aci='(targetcontrol=\"*\") (version 3.0; acl \"allow control access\"; allow(read) userdn=\"ldap:///anyone\";)'
            </script>
    
            <call function="'modifyAnAttribute'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : allow_aci ,
                'changetype'             : 'delete' }
            </call>
            
            <message>
               'ACI: Effective Rights: Preamble - putting back Search Global ACI'
            </message>

            <call function="'modifyGlobalAci'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : GLOBAL_ACI_SEARCH ,
                'opType'                 : 'add' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/global_acis.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/global_acis/global_acis.xml

New file
@@ -0,0 +1,157 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_global_acis"/>
  <function name="aci_global_acis" scope="local">
    <sequence>
      <block name="'aci_global_acis'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'global'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI GlobalACIs'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI GlobalACIs Tests
            #@TestSuitePurpose    Verify that global ACIs are functioning correctly
            #@TestSuiteID         GlobalACIs Tests
            #@TestSuiteGroup      GlobalACIs
            #@TestGroup           ACI
            #@TestScript          global_acis.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('global_acis/global_acis_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: GlobalACIs:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('global_acis_001')
                  testsList.append('global_acis_002')
                  testsList.append('global_acis_003')
                  testsList.append('global_acis_004')
                  testsList.append('global_acis_005')
                  testsList.append('global_acis_006')
                  testsList.append('global_acis_007')
                  testsList.append('global_acis_008')
                  testsList.append('global_acis_009')
                  testsList.append('global_acis_010')
                  testsList.append('global_acis_011')
                  testsList.append('global_acis_012')
                  testsList.append('global_acis_013')
                  testsList.append('global_acis_014')
                  testsList.append('global_acis_015')
                  testsList.append('global_acis_016')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/global_acis/global_acis_tests.xml

New file
@@ -0,0 +1,1207 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 ! -->
<stax>
                              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search
      #@TestIssue                 1402
      #@TestPurpose               Search against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  The attributes, sn and dn, should be returned 
                                  but not userpassword.
  -->
  <function name="global_acis_001" scope="local">
    <testcase name="getTestCaseName('Search')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, user searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid userpassword' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'sn' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'userpassword' ,
                  'expectedResult'     : '0' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - One operational attribute for one entry
      #@TestIssue                 1622
      #@TestPurpose               Search one operational attribute for one entry against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches one operational attribute of an entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  The attributes, creatorsname and dn, should be returned.
  -->
  <function name="global_acis_002" scope="local">
    <testcase name="getTestCaseName('Search Operational Attribute of an entry')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Global: Search, user searching operational attribute of an entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'creatorsName'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'creatorsName' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - All operational attributes for one entry
      #@TestIssue                 1622
      #@TestPurpose               Search all operational attributes for one entry against default global acis
      #@TestPreamble              Admin modify entry so there are modifyTimestamp and modifiersName attributes
      #@TestStep                  Client searches all operational attributes of an entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  Six attributes and the dn should be returned.
  -->
  <function name="global_acis_003" scope="local">
    <testcase name="getTestCaseName('Search All Operational Attributes of an entry')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, admin modifying entry'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/global_acis/mod_modifier_entry1.ldif' % (remote.data) }
            </call>

            <message>
               'ACI: Global: Search, user searching all operational attributes of an entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : '+'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'creatorsName:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'createTimestamp:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'entryDN:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'modifiersName:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'modifyTimestamp' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'subschemaSubentry:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - One operational attribute for cn=schema
      #@TestIssue                 1622
      #@TestPurpose               Search one operational attribute for cn=schema against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches one operational attribute of cn=schema.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  The attributes, matchingrules and dn, should be returned.
  -->
  <function name="global_acis_004" scope="local">
    <testcase name="getTestCaseName('Search Operational Attribute, cn=schema')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, user searching operational attribute of cn=schema'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'cn=schema' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'matchingRules' ,
                'extraParams'      : '-T -s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'matchingRules:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: cn=schema' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - All operational attributes for cn=schema
      #@TestIssue                 1622
      #@TestPurpose               Search all operational attributes for cn=schema against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches all operational attributes of cn=schema.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  Six attributes and the dn should be returned.
  -->
  <function name="global_acis_005" scope="local">
    <testcase name="getTestCaseName('Search All Operational Attributes, cn=schema')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, user searching operational attribute of cn=schema'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'cn=schema' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : '+' ,
                'extraParams'      : '-T -s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'attributeTypes:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dITStructureRules:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'ldapSyntaxes:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'matchingRules:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'nameForms:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'objectClasses:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: cn=schema' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - One operational attribute for root dse
      #@TestIssue                 1622
      #@TestPurpose               Search one operational attribute for root dse against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches one operational attribute of root dse.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  The attributes, vendorname and dn, should be returned.
  -->
  <function name="global_acis_006" scope="local">
    <testcase name="getTestCaseName('Search Operational Attribute, root dse')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, user searching operational attribute of root dse'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : ' ' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'vendorName' ,
                'extraParams'      : '-T -s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'vendorName:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: ' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - All operational attributes for root dse
      #@TestIssue                 1622
      #@TestPurpose               Search all operational attributes for root dse against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches all operational attributes of root dse.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  Eight attributes and the dn should be returned.
  -->
  <function name="global_acis_007" scope="local">
    <testcase name="getTestCaseName('Search All Operational Attribute, root dse')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, user searching operational attribute of root dse'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : ' ' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : '+' ,
                'extraParams'      : '-T -s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'namingContexts:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'supportedAuthPasswordSchemes:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'supportedControl:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'supportedExtension:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'supportedFeatures:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'supportedSASLMechanisms:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'vendorName:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'vendorVersion:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: ' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - All operational attributes for cn=config
      #@TestIssue                 1622
      #@TestPurpose               Search all operational attributes for cn=config against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches all operational attributes for cn=config.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 50.
  -->
  <function name="global_acis_008" scope="local">
    <testcase name="getTestCaseName('Search Operational Attribute, cn=config')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Search, user searching operational attribute of an entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'cn=config' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : '+' ,
                'expectedRC'       : 50
              }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
              
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - Anonymous
      #@TestIssue                 1621
      #@TestPurpose               Anonymous search against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches entry as anonymous.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entry for step 1.
                                  The attributes, uid, sn and dn, should be returned for specified dn.
  -->
  <function name="global_acis_009" scope="local">
    <testcase name="getTestCaseName('Anon Search')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: AnonSearch, user searching entry'
            </message>

            <call function="'AnonSearchObject'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
                    'dsBaseDN'          : 'ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'          : 'objectclass=*'  ,
                    'extraParams'       : '-T'  ,
                    'dsFilter'          : '(uid=scarter)'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'sn' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Search - Anonymous with not equals filter
      #@TestIssue                 1621
      #@TestPurpose               Anonymous search with not equals filter against default global acis
      #@TestPreamble              none
      #@TestStep                  Client searches entry as anonymous with not equals filter
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and entries for step 1.
                                  The attributes, uid, sn and dn, should be returned for all other entries but the 
                                  for the specified dn.
  -->
  <function name="global_acis_010" scope="local">
    <testcase name="getTestCaseName('Anon Search, not equals filter')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: AnonSearch, not equals filter, user searching entry'
            </message>

            <call function="'AnonSearchObject'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
                    'dsBaseDN'          : 'ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                    'dsFilter'          : 'objectclass=*'  ,
                    'extraParams'       : '-T'  ,
                    'dsFilter'          : '(!(uid=scarter))'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'sn' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'uid' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Compare
      #@TestIssue                 1402
      #@TestPurpose               Compare against default global acis
      #@TestPreamble              none
      #@TestStep                  Client compares attribute in an entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and returns true for step 1.
  -->
  <function name="global_acis_011" scope="local">
    <testcase name="getTestCaseName('Compare')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Compare, user comparing entry'
            </message>

            <call function="'compareEntry'">
            { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'attrToBeCompared'      : 'l:Santa Clara',
                'entryToBeCompared'     : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'true' }
            </call>
                  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Modify
      #@TestIssue                 1402
      #@TestPurpose               Modify against default global acis
      #@TestPreamble              none
      #@TestStep                  Client modifies attribute in an entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 50.
  -->
  <function name="global_acis_012" scope="local">
    <testcase name="getTestCaseName('Modify')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Global: Modify, user modifying entry'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/global_acis/mod_entry1.ldif' % remote.data ,
                'expectedRC'            : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Delete
      #@TestIssue                 1402
      #@TestPurpose               Delete against default global acis
      #@TestPreamble              none
      #@TestStep                  Client deletes an entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 50.
  -->
  <function name="global_acis_013" scope="local">
    <testcase name="getTestCaseName('Delete')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Delete, user deleting entry'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/global_acis/del_entry1.ldif' % remote.data ,
                'expectedRC'            : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Modify RDN
      #@TestIssue                 1402
      #@TestPurpose               Modify RDN against default global acis
      #@TestPreamble              none
      #@TestStep                  Client modifies the RDN of an entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 50.
  -->
  <function name="global_acis_014" scope="local">
    <testcase name="getTestCaseName('Modify RDN')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Modify RDN, user modifying rdn of an entry'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/global_acis/modrdn_entry1.ldif' % remote.data ,
                'expectedRC'            : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Modify Self
      #@TestIssue                 1402
      #@TestPurpose               Modify self against default global acis
      #@TestPreamble              none
      #@TestStep                  Client modifies allowed attribute in the user entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0.
  -->
  <function name="global_acis_015" scope="local">
    <testcase name="getTestCaseName('Self Modify Allow')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Self Modify Allow, user modifying itself'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/global_acis/mod_entry3.ldif' % remote.data }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Global Tests
      #@TestName                  Global ACI Modify Self
      #@TestIssue                 1402
      #@TestPurpose               Modify self against default global acis
      #@TestPreamble              none
      #@TestStep                  Client modifies denied attribute in the user entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 50.
  -->
  <function name="global_acis_016" scope="local">
    <testcase name="getTestCaseName('Self Modify Deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                            
            <message>
               'ACI: Global: Self Modify Deny, user modifying itself'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/global_acis/mod_entry2.ldif' % remote.data ,
                'expectedRC'            : 50 }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/import/import.xml

New file
@@ -0,0 +1,142 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_import"/>
  <function name="aci_import" scope="local">
    <sequence>
      <block name="'aci_import'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'import'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Import'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Import Tests
            #@TestSuitePurpose    Verify that ACI imports are functioning correctly
            #@TestSuiteID         ACI Import Tests
            #@TestSuiteGroup      ACI Import
            #@TestGroup           ACI
            #@TestScript          import.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('import/import_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Import:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_import_001')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/import/import_tests.xml

New file
@@ -0,0 +1,268 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>
                            
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Import Tests
      #@TestName                  ldif-import with bad ACI
      #@TestIssue                 1758
      #@TestPurpose               ldif-import with bad ACI
      #@TestPreamble              none
      #@TestStep                  Root user searching entry.
      #@TestStep                  User searching entry.
      #@TestStep                  Admin adding import task.
      #@TestStep                  Root user searching entry.
      #@TestStep                  User searching entry.
      #@TestStep                  Admin adding leave lockdown task.
      #@TestStep                  Root user searching entry.
      #@TestStep                  User searching entry.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 49
                                  for step 5, and 0
                                  for all other ldap operations. 
                                  Proper entries returned for searches.
  -->
  <function name="aci_import_001" scope="local">
    <testcase name="getTestCaseName('import-ldif with bad ACI')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
 
            <message>
               'ACI: Import: import-ldif with bad ACI, Admin searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'     : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: dc=example,dc=com' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Import: import-ldif with bad ACI, User searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser, ou=People, o=ACI Tests, dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: dc=example,dc=com' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Import: import-ldif with bad ACI, user adding import task'
            </message>

            <call function="'ImportLdifWithScript'">
            { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
              'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT ,
              'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
              'ldifFile'            : '%s/aci/aci_import/import_task.ldif' % remote.data
            }
            </call>

            <if expr="STAFCmdRC != 0">
                <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'ACI: Import: import-ldif with bad ACI, Admin searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: dc=example,dc=com' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Import: import-ldif with bad ACI, User searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser, o=ACI Import Tests, dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49
              }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <message>
               'Privileges: Import Tasks: import-ldif, user adding leave lockdown task'
            </message>

            <call function="'leaveLockdownTask'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'taskID'           : 'Import Bad ACI Leave Lockdown Task'
            }
            </call>
            
            <if expr="STAFCmdRC != 0">
                <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'ACI: Import: import-ldif with bad ACI, Admin searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: dc=example,dc=com' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Import: import-ldif with bad ACI, User searching entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser, o=ACI Import Tests, dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'dn: dc=example,dc=com' }
            </call>
               
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/modify_entry/modify_entry.xml

New file
@@ -0,0 +1,169 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_modify_entry"/>
  <function name="aci_modify_entry" scope="local">
    <sequence>
      <block name="'aci_modify_entry'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'modify_entry'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Modify Entry'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Modify Entry Tests
            #@TestSuitePurpose    Verify that ACI modify_entrys are functioning correctly
            #@TestSuiteID         ACI Modify Entry Tests
            #@TestSuiteGroup      ACI Modify Entry
            #@TestGroup           ACI
            #@TestScript          aci_modify_entry.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('modify_entry/modify_entry_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Modify Entry:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_modify_entry_001')
                  testsList.append('aci_modify_entry_002')
                  testsList.append('aci_modify_entry_003')
                  testsList.append('aci_modify_entry_004')
                  testsList.append('aci_modify_entry_005')
                  testsList.append('aci_modify_entry_006')
                  testsList.append('aci_modify_entry_007')
                  testsList.append('aci_modify_entry_008')
                  testsList.append('aci_modify_entry_009')
                  testsList.append('aci_modify_entry_010')
                  testsList.append('aci_modify_entry_011')
                  testsList.append('aci_modify_entry_012')
                  testsList.append('aci_modify_entry_013')
                  testsList.append('aci_modify_entry_014')
                  testsList.append('aci_modify_entry_015')
                  testsList.append('aci_modify_entry_016')
                  testsList.append('aci_modify_entry_017')
                  testsList.append('aci_modify_entry_018')
                  testsList.append('aci_modify_entry_019')
                  testsList.append('aci_modify_entry_020')
                  testsList.append('aci_modify_entry_021')
                  testsList.append('aci_modify_entry_022')
                  testsList.append('aci_modify_entry_023')
                  testsList.append('aci_modify_entry_024')
                  testsList.append('aci_modify_entry_025')
                  testsList.append('aci_modify_entry_026')
                  testsList.append('aci_modify_entry_027')
                  testsList.append('aci_modify_entry_028')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/modify_entry/modify_entry_tests.xml

New file
@@ -0,0 +1,3532 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>
       
  <!--
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                ACI Modify Entry Tests
        #@TestName                  Preamble
        #@TestIssue                 444
        #@TestPurpose               Add additional entries
        #@TestPreamble              none
        #@TestStep                  Directory Manager adds additional entries.
        #@TestPostamble             none
        #@TestResult                Success if OpenDS returns 0
                                    for all operations.
                                    
    -->
  <function name="aci_modify_entry_001" scope="local">
    <testcase name="getTestCaseName('Modify Entry Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Modify: Preamble - Adding Entries For Modify Tests'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/aci/aci_modify_entry/aci_startup_modify_tests.ldif' % remote.data }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
 
<!-- replace attribute tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - userdn equals all
      #@TestIssue                 444
      #@TestPurpose               Modifies an attribute with targetattr=* and userdn =all
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_002" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - userdn equals all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - userdn equals all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - userdn equals all, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - userdn equals all, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - userdn equals all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - userdn equals all, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - targetattr equals three attributes
      #@TestIssue                 444
      #@TestPurpose               Modify an attribute where targetattr equals three attributes
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_003" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - targetattr equals three attributes')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - targetattr equals three attributes, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr equals three attributes, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr equals three attributes, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry2.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr equals three attributes, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr equals three attributes, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr equals three attributes, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - targetattr not equals three attributes
      #@TestIssue                 444
      #@TestPurpose               Modify an attribute with targetattr not equals three attributes
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_004" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - targetattr not equals three attributes')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - targetattr not equals three attributes, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr not equals three attributes, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr not equals three attributes, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry3.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr not equals three attributes, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_entry3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr not equals three attributes, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr not equals three attributes, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - write not allowed
      #@TestIssue                 444
      #@TestPurpose               Modify an attribute where write is not allowed
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_005" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - write not allowed')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - write not allowed, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - write not allowed, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_entry4.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - write not allowed, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_entry4.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - write not allowed, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_entry4a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - write not allowed, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - write not allowed, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - targetattr and targattrfilters 
      #@TestIssue                 444
      #@TestPurpose               Modify an attribute with a combination of targetattr and targattrfilters
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies a prohibited attribute value by targattrfilter in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in a prohibited entry that is in the targeted branch.
      #@TestStep                  Client modifies a prohibited attribute value by targetattr in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_006" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - targetattr and targattrfilter')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_entry5.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, user modifying prohibited attr (by targattrfilter) in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_entry5.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, user modifying prohibited entry (by targattrfilter) from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_entry5.2.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, user modifying prohibited attr (by targetattr) in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_entry5.3.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_entry5a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, overall allow, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetattr and targattrfilter, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - targetfilter with three statements with or, one statement true
      #@TestIssue                 444
      #@TestPurpose               Modify an attribute with targetfilter with three statements with or, one statement true
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in a prohibited entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_007" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - targetfilter with three statements with or, one statement true')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci6.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter with three statements with or, one statement true, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter with three statements with or, one statement true, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_entry6.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter with three statements with or, one statement true, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_entry6.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter with three statements with or, one statement true, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_entry6a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter with three statements with or, one statement true, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter with three statements with or, one statement true, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - targetfilter not equals three statements with and, all statements true 
      #@TestIssue                 444
      #@TestPurpose               Modify an attribute with targetfilter not equals three statements with and, all statements true
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in a prohibited entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_008" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - targetfilter not equals three statements with and, all statements true')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_aci7.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter not equals three statements with and, all statements true , preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter not equals three statements with and, all statements true , user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_entry7.1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter not equals three statements with and, all statements true , user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_entry7.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter not equals three statements with and, all statements true , user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_entry7a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter not equals three statements with and, all statements true , admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - targetfilter not equals three statements with and, all statements true , user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - multiple ACIs 1, overall deny
      #@TestIssue                 444
      #@TestPurpose               Modify attribute value with 2 ACIs, overall deny  
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_009" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - multiple ACIs 1, overall deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_multi_acis8.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 1, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 1, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry8.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 1, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry8a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 1, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 1, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - multiple ACIs 2, overall allow 
      #@TestIssue                 444
      #@TestPurpose               Modify attribute value with 2 ACIs, overall allow 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_010" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - multiple ACIs 2, overall allow')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_multi_acis9.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 2, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 2, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry9.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 2, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry9a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 2, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 2, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
             
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - multiple ACIs 3, mixed allow and deny 
      #@TestIssue                 444
      #@TestPurpose               Modify attribute value with 2 ACIs, mixed allow and deny by userdn 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry by a prohibited user in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_011" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - multiple ACIs 3, mixed allow and deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_multi_acis10.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 3, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 3, user modifying entry by prohibited user from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry10.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 3, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry10.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 3, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry10a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 3, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_multi_acis.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 3, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
             
 <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - multiple ACIs 4, overall allow with many ACIs 
      #@TestIssue                 444
      #@TestPurpose               Modify attribute value with many ACIs, overall allow with many ACIs 
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_012" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - multiple ACIs 4, overall allow with many ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_multi_acis11.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 4, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 4, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry11.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 4, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry11a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 4, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_multi_acis2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 4, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
             
 <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Modify Attribute Value - multiple ACIs 5, mixed allow and deny with many ACIs 
      #@TestIssue                 444
      #@TestPurpose               Modify attribute value with many ACIs, mixed allow and deny with many ACIs
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry by a prohibited user in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_013" scope="local">
    <testcase name="getTestCaseName('Modify Attribute Value - multiple ACIs 5, mixed allow and deny with many ACIs')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modify_multi_acis12.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 5, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 5, user modifying entry by prohibited user from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 5, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry12.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 5, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_multi_acis_entry12a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 5, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_multi_acis2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Modify Attribute Value - multiple ACIs 5, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
             
<!-- delete attribute tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Delete Attribute Value - userdn equals dn
      #@TestIssue                 444
      #@TestPurpose               Deletes an attribute from an entry where targetattr=* and userdn=[a dn]
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an attribute value with a prohibited user in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_014" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - userdn equals dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - userdn equals dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - userdn equals dn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - userdn equals dn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - userdn equals dn, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - userdn equals dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - userdn equals dn, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Delete Attribute Value - targetattr equals one attribute
      #@TestIssue                 444
      #@TestPurpose               Delete an attribute with targetattr equals one attribute
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_015" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - targetattr equals one attribute')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - targetattr equals one attribute, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr equals one attribute, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr equals one attribute, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete2.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr equals one attribute, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr equals one attribute, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr equals one attribute, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Delete Attribute Value - targetattr not equals one attribute
      #@TestIssue                 444
      #@TestPurpose               Delete an attribute with targetattr not equals one attribute
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_016" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - targetattr not equals one attribute')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - targetattr not equals one attribute, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr not equals one attribute, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr not equals one attribute, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete3.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr not equals one attribute, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_delete2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr not equals one attribute, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Ddelete Attribute Value - targetattr not equals one attribute, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Delete Attribute Value - write not allowed
      #@TestIssue                 444
      #@TestPurpose               Deletes an attribute where write is not allowed
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_017" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - write not allowed')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - write not allowed, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - write not allowed, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_delete4.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - write not allowed, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_delete4.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - write not allowed, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_delete4a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - write not allowed, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - write not allowed, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Delete Attribute Value - targetattr and targattrfilter 
      #@TestIssue                 444
      #@TestPurpose               Delete an attribute with a combination of targetattr and targattrfilter
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes a prohibited attribute value by targattrfilter in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in a prohibited entry that is in the targeted branch.
      #@TestStep                  Client deletes a prohibited attribute value by targetattr in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_018" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - targetattr and targattrfilter')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_delete5.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, user modifying prohibited attr (by targattrfilter) in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_delete5.1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, user modifying prohibited entry (by targattrfilter) from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_delete5.2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, user modifying prohibited attr (by targetattr) in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_delete5.3.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_delete5a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, overall allow, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetattr and targattrfilter, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
 <!--
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                ACI Modify Entry Tests
        #@TestName                  Delete Attribute Value - targetfilter with three statements with or, none true
        #@TestIssue                 444
        #@TestPurpose               Delete an attribute with targetfilter with three statements with or, none true
        #@TestPreamble              Admin adds an aci to the dn of one existing branch.
        #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
        #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
        #@TestStep                  Remove aci.
        #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
        #@TestPostamble             none
        #@TestResult                Success if OpenDS returns 0
                                    for ACI add and delete operations, and
                                    50 for all other steps.
    -->
  <function name="aci_modify_entry_019" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - targetfilter with three statements with or, none true')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci6.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter with three statements with or, none true, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter with three statements with or, none true, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_delete6.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter with three statements with or, none true, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_delete6a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter with three statements with or, none true, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter with three statements with or, none true, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Delete Attribute Value - targetfilter equals three statements with and, all statements false 
      #@TestIssue                 444
      #@TestPurpose               Delete an attribute with targetfilter equals three statements with and, all statements false
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client deletes an attribute value in an entry in the targeted branch.
      #@TestStep                  Client deletes an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client deletes an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_020" scope="local">
    <testcase name="getTestCaseName('Delete Attribute Value - targetfilter equals three statements with and, all statements false')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_delete_aci7.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter equals three statements with and, all statements false, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter equals three statements with and, all statements false, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_delete7.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter equals three statements with and, all statements false, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_delete7a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter equals three statements with and, all statements false, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Delete Attribute Value - targetfilter equals three statements with and, all statements false, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

<!-- add attribute tests -->
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Add Attribute Value - userdn not equals dn
      #@TestIssue                 444
      #@TestPurpose               Adds an attribute to an entry with targetattr=* and userdn not equals to a dn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an attribute with a prohibited user in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an attribute in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 2, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_021" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - userdn not equals dn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - userdn not equals dn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - userdn not equals dn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - userdn not equals dn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - userdn not equals dn, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add1a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - userdn not equals dn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - userdn not equals dn, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Add Attribute Value - targetattr equals one attribute not present
      #@TestIssue                 444
      #@TestPurpose               Add an attribute value to an entry with targetattr equals one attribute not present
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an attribute in an entry in the targeted branch.
      #@TestStep                  Client adds a prohibited attribute in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_022" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - targetattr equals one attribute not present')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - targetattr equals one attribute not present, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr equals one attribute not present, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr equals one attribute not present, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add2.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr equals one attribute not present, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add2a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr equals one attribute not present, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr equals one attribute not present, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Add Attribute Value - targetattr not equals attribute, add multi-values
      #@TestIssue                 444
      #@TestPurpose               Add multi-valued attribute to an entry with targetattr not equals attribute, add multi-values
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds another attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_023" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - targetattr not equals attribute, add multi-values')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci3.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, user modifying entry with second attribute value from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add3.1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add3.2.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-write_add3a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr not equals attribute, add multi-values, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Add Attribute Value - write not allowed
      #@TestIssue                 444
      #@TestPurpose               Adds an attribute value where write is not allowed
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds a prohibited attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_024" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - write not allowed')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - write not allowed, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - write not allowed, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_add4.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - write not allowed, user modifying prohibited attr in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_add4.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - write not allowed, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_allow-read_add4a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - write not allowed, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - write not allowed, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Add Attribute Value - targetattr and targattrfilter 
      #@TestIssue                 444
      #@TestPurpose               Add an attribute value with a combination of targetattr and targattrfilter
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds a prohibited attribute value by targattrfilter in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute value in a prohibited entry that is in the targeted branch.
      #@TestStep                  Client adds a prohibited attribute value by targetattr in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_025" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - targetattr and targattrfilter')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_add5.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, user modifying prohibited attr (by targattrfilter) in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_add5.1.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, user modifying prohibited entry (by targattrfilter) from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_add5.2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, user modifying prohibited attr (by targetattr) in entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_add5.3.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targattrfilter_delete5a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, overall allow, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetattr and targattrfilter, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
 <!--
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                ACI Modify Entry Tests
        #@TestName                  Add Attribute Value - targetfilter not equals three statements with or, none true
        #@TestIssue                 444
        #@TestPurpose               Add an attribute value with targetfilter not equals three statements with or, none true
        #@TestPreamble              Admin adds an aci to the dn of one existing branch.
        #@TestStep                  Client adds an attribute value in an entry in the targeted branch.
        #@TestStep                  Client adds an attribute value in an entry that is not in the targeted branch.
        #@TestStep                  Remove aci.
        #@TestStep                  Client adds an attribute value in an entry in the previously targeted branch.
        #@TestPostamble             none
        #@TestResult                Success if OpenDS returns 0
                                    for ACI add and delete operations, and
                                    50 for all other steps.
    -->
  <function name="aci_modify_entry_026" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - targetfilter not equals three statements with or, none true')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci6.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with or, none true, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with or, none true, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_add6.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with or, none true, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_delete6a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with or, none true, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with or, none true, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Add Attribute Value - targetfilter equals three statements with and, all statements false 
      #@TestIssue                 444
      #@TestPurpose               Add an attribute with targetfilter equals three statements with and, all statements false
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client adds an attribute value in an entry in the targeted branch.
      #@TestStep                  Client adds an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client adds an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_entry_027" scope="local">
    <testcase name="getTestCaseName('Add Attribute Value - targetfilter not equals three statements with and, all statements false')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_add_aci7.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_entry/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify: Add Attribute Value - targetfilternot equals three statements with and, all statements false, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with and, all statements false, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_add7.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with and, all statements false, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/mod_targetfilter_add7a.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with and, all statements false, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify: Add Attribute Value - targetfilter not equals three statements with and, all statements false, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_entry/add_common_prohibited_attr.ldif' % remote.data ,
                'expectedRC'       : 50
            }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>


                            
  <!--
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                ACI Modify Entry Tests
    #@TestName                  Postamble
    #@TestIssue                 444
    #@TestPurpose               Remove entries
    #@TestPreamble              none
    #@TestStep                  Directory Manager removes entries that were used for testing.
    #@TestPostamble             none
    #@TestResult                Success if OpenDS returns 0.
  -->
  <function name="aci_modify_entry_028" scope="local">
    <testcase name="getTestCaseName('Modify Entry Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Modify: Postamble - delete branch, o=Modify Tests'
            </message>

            <call function="'DeleteEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'o=Modify Tests, o=ACI Tests,dc=example,dc=com' ,
                'extraParams'      : '-x'}
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/modify_filter/modify_filter.xml

New file
@@ -0,0 +1,159 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_modify_filter"/>
  <function name="aci_modify_filter" scope="local">
    <sequence>
      <block name="'aci_modify_filter'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'modify_filter'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Modify Filter'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Modify Filter Tests
            #@TestSuitePurpose    Verify that ACI modify_filters are functioning correctly
            #@TestSuiteID         ACI Modify Filter Tests
            #@TestSuiteGroup      ACI Modify Filter
            #@TestGroup           ACI
            #@TestScript          aci_modify_filter.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('modify_filter/modify_filter_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Modify Filter:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_modify_filter_001')
                  testsList.append('aci_modify_filter_002')
                  testsList.append('aci_modify_filter_003')
                  testsList.append('aci_modify_filter_004')
                  testsList.append('aci_modify_filter_005')
                  testsList.append('aci_modify_filter_006')
                  testsList.append('aci_modify_filter_007')
                  testsList.append('aci_modify_filter_008')
                  testsList.append('aci_modify_filter_009')
                  testsList.append('aci_modify_filter_010')
                  testsList.append('aci_modify_filter_011')
                  testsList.append('aci_modify_filter_012')
                  testsList.append('aci_modify_filter_013')
                  testsList.append('aci_modify_filter_014')
                  testsList.append('aci_modify_filter_015')
                  testsList.append('aci_modify_filter_016')
                  testsList.append('aci_modify_filter_017')
                  testsList.append('aci_modify_filter_018')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/modify_filter/modify_filter_tests.xml

New file
Diff too large

 opends/tests/staf-tests/functional-tests/testcases/aci/modify_rdn/modify_rdn.xml

New file
@@ -0,0 +1,156 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_modify_rdn"/>
  <function name="aci_modify_rdn" scope="local">
    <sequence>
      <block name="'aci_modify_rdn'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'modify_rdn'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Modify RDN'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Modify RDN Tests
            #@TestSuitePurpose    Verify that ACI modify_rdns are functioning correctly
            #@TestSuiteID         ACI Modify RDN Tests
            #@TestSuiteGroup      ACI Modify RDN
            #@TestGroup           ACI
            #@TestScript          modify_rdn.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('modify_rdn/modify_rdn_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Modify RDN:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_modify_rdn_001')
                  testsList.append('aci_modify_rdn_002')
                  testsList.append('aci_modify_rdn_003')
                  testsList.append('aci_modify_rdn_004')
                  testsList.append('aci_modify_rdn_005')
                  testsList.append('aci_modify_rdn_006')
                  testsList.append('aci_modify_rdn_007')
                  testsList.append('aci_modify_rdn_008')
                  testsList.append('aci_modify_rdn_009')
                  testsList.append('aci_modify_rdn_010')
                  testsList.append('aci_modify_rdn_011')
                  testsList.append('aci_modify_rdn_012')
                  testsList.append('aci_modify_rdn_013')
                  testsList.append('aci_modify_rdn_014')
                  testsList.append('aci_modify_rdn_015')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/modify_rdn/modify_rdn_tests.xml

New file
@@ -0,0 +1,2197 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>
                                  
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Preamble
      #@TestIssue                 445
      #@TestPurpose               Add additional entries
      #@TestPreamble              none
      #@TestStep                  Directory Manager adds additional entries.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all operations.
                                  
  -->
  <function name="aci_modify_rdn_001" scope="local">
    <testcase name="getTestCaseName('Modify RDN Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Modify RDN: Preamble - Adding Entries For Modify RDN Tests'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/aci/aci_modify_rdn/aci_startup_modrdn_tests.ldif' % remote.data }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
 
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Leaf - targetattr=* and userdn=all
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of a leaf with targetattr=* and userdn=all
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_002" scope="local">
    <testcase name="getTestCaseName('Leaf - targetattr=* and userdn=all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci1.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry1.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=newtmorris, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=newtmorris,ou=People,ou=branch one,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=tmorris, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry1a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr=* and userdn=all, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
    
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Branch - targetattr=* and userdn=all
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of a branch with targetattr=* and userdn=all
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Admin restores the branch to the old rdn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 2 and 4, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_003" scope="local">
    <testcase name="getTestCaseName('Branch - targetattr=* and userdn=all')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci2.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=New People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=kvaughan,ou=New People,ou=branch one,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry2a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr=* and userdn=all, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
    
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                ACI Modify Entry Tests
    #@TestName                  Leaf - targetattr equals three attributes with uid
    #@TestIssue                 445                
    #@TestPurpose               Modify an rdn where targetattr equals three attributes with uid
    #@TestPreamble              Admin adds an aci to the dn of one existing branch.
    #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
    #@TestStep                  Admin searches for the entry with the new rdn.
    #@TestStep                  Admin searches for the entry with the old rdn.
    #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
    #@TestStep                  Remove aci.
    #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
    #@TestPostamble             none
    #@TestResult                Success if OpenDS returns 0
                                for ACI add and delete operations, 
                                0 for steps 1 and 2, and
                                50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_004" scope="local">
    <testcase name="getTestCaseName('Leaf - targetattr equals three attributes with uid')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
              <script>
                  curr_aci_ldif_file = 'add_modrdn_aci3.ldif'
                  curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
              </script>
      
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, preamble adding aci,\n %s' % curr_aci
              </message>
  
              <call function="'modifyEntry'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                  'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
              </call>
  
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, user modifying entry from targeted branch'
              </message>
  
              <call function="'modifyEntry'">
                { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                  'dsInstancePswd'        : 'ACIRules' ,
                  'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry3.ldif' % remote.data }
              </call>
  
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, user searching targeted entry, new rdn'
              </message>
  
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'dsBaseDN'         : 'uid=newdmiller, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'attributes'       : 'cn'}
              </call>
  
              <script> 
               returnString = STAXResult[0][1]
              </script> 
  
              <call function="'searchStringForSubstring'">
                  { 'returnString'       : returnString ,
                    'testString'         : 'dn: uid=newdmiller,ou=People,ou=branch one,ou=aci branch,o=Modify RDN Tests' }
              </call>
              
              <if expr="returnCode != '1'">
                  <tcstatus result="'fail'"/>
              </if>
  
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, user searching targeted entry, old rdn'
              </message>
  
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'dsBaseDN'         : 'uid=dmiller, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'attributes'       : 'cn',
                  'expectedRC'       : 32
                }
              </call>
  
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, user modifying entry from non-targeted branch'
              </message>
  
              <call function="'modifyEntry'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry3a.ldif' % remote.data ,
                  'expectedRC'          : 50
              }
              </call>
  
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, admin deleting aci'
              </message>
  
              <call function="'modifyEntry'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
              </call>
  
              <message>
                 'ACI: Modify RDN: Leaf - targetattr equals three attributes with uid, user modifying entry in previously targeted branch'
              </message>
  
              <call function="'modifyEntry'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                  'expectedRC'          : 50
                }
              </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                ACI Modify Entry Tests
    #@TestName                  Leaf - targetattr equals three attributes without uid
    #@TestIssue                 445                
    #@TestPurpose               Modify an rdn where targetattr equals three attributes without uid
    #@TestPreamble              Admin adds an aci to the dn of one existing branch.
    #@TestStep                  Client modifies an rdn of an entry in the targeted branch.
    #@TestStep                  Client modifies an rdn of an entry that is not in the targeted branch.
    #@TestStep                  Remove aci.
    #@TestStep                  Client modifies an rdn of an entry in the previously targeted branch.
    #@TestPostamble             none
    #@TestResult                Success if OpenDS returns 0
                                for ACI add and delete operations, 
                                0 for step 1, and
                                50 for all other steps.
  -->
  <function name="aci_modify_rdn_005" scope="local">
    <testcase name="getTestCaseName('Leaf - targetattr equals three attributes without uid')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci4.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Leaf - targetattr equals three attributes without uid, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr equals three attributes without uid, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry4.ldif' % remote.data ,
                'expectedRC'            : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr equals three attributes without uid, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry4a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr equals three attributes without uid, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr equals three attributes without uid, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Branch - targetattr with three attributes equals ou
      #@TestIssue                 445                
      #@TestPurpose               Modify an attribute where targetattr equals equals ou
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Admin restores the branch to the old rdn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_006" scope="local">
    <testcase name="getTestCaseName('Branch - targetattr with three attributes equals ou')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_modrdn_aci5.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry5.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=New People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=kvaughan,ou=New People,ou=branch one,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry5a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes equals ou, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Branch - targetattr with three attributes not equals ou
      #@TestIssue                 445                
      #@TestPurpose               Modify an attribute where targetattr with three attributes not equals ou
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an attribute value in an entry in the targeted branch.
      #@TestStep                  Client modifies an attribute value in an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an attribute value in an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 for all other steps.
  -->
  <function name="aci_modify_rdn_007" scope="local">
    <testcase name="getTestCaseName('Branch - targetattr with three attributes not equals ou')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci6.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes not equals ou, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes not equals ou, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry6.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes not equals ou, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry6a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes not equals ou, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - targetattr with three attributes not equals ou, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Leaf - Multi ACIs, allow and deny
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of a leaf with some entries allowed and some entries denied
      #@TestPreamble              Admin adds multiple acis.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is in the targeted branch but prohibited.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_008" scope="local">
    <testcase name="getTestCaseName('Leaf - Multi ACIs, allow and deny')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci7.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry7.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=newtrigden, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=newtrigden,ou=People,ou=branch one,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=trigden, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, user modifying prohibited entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry7.1.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry7a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - Multi ACIs, allow and deny, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Branch - Multi ACIs, deny write on new branch
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of a branch where new branch has a deny write
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Client restores the branch to the old rdn.
      #@TestStep                  Admin replaces the aci.
      #@TestStep                  Client restores the branch to the old rdn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 2 and 7, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_009" scope="local">
    <testcase name="getTestCaseName('Branch - Multi ACIs, deny write on new branch')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci8.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry8.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch two, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=kvaughan,ou=People,ou=branch two,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry8a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore3.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, preamble replacing aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/replace_modrdn_aci8.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify Entry Tests
      #@TestName                  Leaf - targetattr with three attributes not equals uid, delete old rdn
      #@TestIssue                 445                
      #@TestPurpose               Modify an rdn where targetattr with three attributes not equals uid, delete old rdn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies an rdn of an entry in the targeted branch.
      #@TestStep                  Client modifies an rdn of an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies an rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for step 1, and
                                  50 for all other steps.
  -->
  <function name="aci_modify_rdn_010" scope="local">
    <testcase name="getTestCaseName('Leaf - targetattr with three attributes not equals uid, delete old rdn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci9.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, delete old rdn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, delete old rdn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry9.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, delete old rdn, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry9a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, delete old rdn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, delete old rdn, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Leaf - targetattr with three attributes not equals uid, don't delete old rdn
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of an entry with targetattr with three attributes not equals uid, don't delete old rdn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1 and 2, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_011" scope="local">
    <testcase name="getTestCaseName('Leaf - targetattr with three attributes not equals uid, dont delete old rdn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci10.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry10.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'sn=wallace, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: sn=wallace,ou=People,ou=branch one,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=jwallace, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry10a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals uid, dont delete old rdn, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of an entry with  leaf with targetattr with three attributes not equals sn and cn, dont delete old rdn
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, and 
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_012" scope="local">
    <testcase name="getTestCaseName('Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci11.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry11.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry11a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Leaf - targetattr with three attributes not equals sn and cn, dont delete old rdn, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Branch - Multi ACIs, targattrfilters add:ou, del:ou
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of a branch where targattrfilters add:ou, del:ou
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Admin restores the branch to the old rdn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 2 and 4, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_013" scope="local">
    <testcase name="getTestCaseName('Branch - Multi ACIs, targattrfilters add:ou, del:ou')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci21.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry21.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch two, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=kvaughan,ou=People,ou=branch two,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry21a.ldif' % remote.data ,
                'expectedRC'          : 50
            }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore3.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Modify RDN Tests
      #@TestName                  Branch - Multi ACIs, targattrfilters add:ou, del:ou 2
      #@TestIssue                 445
      #@TestPurpose               Modifies an rdn of a branch where targattrfilters add:ou, del:ou
      #@TestPreamble              Admin adds an aci to the dn of one existing branch.
      #@TestStep                  Client modifies the rdn of an entry in the targeted branch.
      #@TestStep                  Admin searches for the entry with the new rdn.
      #@TestStep                  Admin searches for the entry with the old rdn.
      #@TestStep                  Client modifies the rdn of an entry that is not in the targeted branch.
      #@TestStep                  Client restores the branch to the old rdn.
      #@TestStep                  Admin replaces the aci.
      #@TestStep                  Client restores the branch to the old rdn.
      #@TestStep                  Remove aci.
      #@TestStep                  Client modifies the rdn of an entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for ACI add and delete operations, 
                                  0 for steps 1, 2 and 7, and
                                  50 or 32 for all other steps.
  -->
  <function name="aci_modify_rdn_014" scope="local">
    <testcase name="getTestCaseName('Branch - Multi ACIs, targattrfilters add:ou, del:ou 2')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>
                          
            <script>
                curr_aci_ldif_file = 'add_modrdn_aci22.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_modify_rdn/%s' % (local.data,curr_aci_ldif_file));
            </script>
    
            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, preamble adding aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, user modifying entry from targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'          : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'        : 'ACIRules' ,
                'entryToBeModified'     : '%s/aci/aci_modify_rdn/modrdn_entry22.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, user searching targeted entry, new rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch two, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=kvaughan,ou=People,ou=branch two,ou=aci branch,o=Modify RDN Tests' }
            </call>
            
            <if expr="returnCode != '1'">
                <tcstatus result="'fail'"/>
            </if>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, user searching targeted entry, old rdn'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=kvaughan, ou=People, ou=branch one, ou=aci branch, o=Modify RDN Tests,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn',
                'expectedRC'       : 32
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, user modifying entry from non-targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_entry22a.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore4.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, preamble replacing aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/replace_modrdn_aci22.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, deny write on new branch, user restoring branch in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/modrdn_restore4.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, admin deleting aci'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Modify RDN: Branch - Multi ACIs, targattrfilters add:ou, del:ou 2, user modifying entry in previously targeted branch'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'entryToBeModified'   : '%s/aci/aci_modify_rdn/mod_common_prohibited_entry.ldif' % remote.data ,
                'expectedRC'          : 50
              }
            </call>
    
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
     
  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                ACI Modify RDN Tests
    #@TestName                  Postamble
    #@TestIssue                 445
    #@TestPurpose               Remove entries
    #@TestPreamble              none
    #@TestStep                  Directory Manager removes entries that were used for testing.
    #@TestPostamble             none
    #@TestResult                Success if OpenDS returns 0.
  -->
  <function name="aci_modify_rdn_015" scope="local">
    <testcase name="getTestCaseName('Modify RDN Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Modify RDN: Postamble - delete branch, o=Modify RDN Tests'
            </message>

            <call function="'DeleteEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'o=Modify RDN Tests, o=ACI Tests,dc=example,dc=com' ,
                'extraParams'      : '-x'}
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/multi_acis/multi_acis.xml

New file
@@ -0,0 +1,166 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_multi_acis"/>
  <function name="aci_multi_acis" scope="local">
    <sequence>
      <block name="'aci_multi_acis'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'multi_acis'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Multi ACIs'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Multi ACIs Tests
            #@TestSuitePurpose    Verify that ACI multi_acis are functioning correctly
            #@TestSuiteID         ACI Multi ACIs Tests
            #@TestSuiteGroup      ACI Multi ACIs
            #@TestGroup           ACI
            #@TestScript          multi_acis.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('multi_acis/multi_acis_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Multi ACIs:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_multi_acis_001')
                  testsList.append('aci_multi_acis_002')
                  testsList.append('aci_multi_acis_003')
                  testsList.append('aci_multi_acis_004')
                  testsList.append('aci_multi_acis_005')
                  testsList.append('aci_multi_acis_006')
                  testsList.append('aci_multi_acis_007')
                  testsList.append('aci_multi_acis_008')
                  testsList.append('aci_multi_acis_009')
                  testsList.append('aci_multi_acis_010')
                  testsList.append('aci_multi_acis_011')
                  testsList.append('aci_multi_acis_012')
                  testsList.append('aci_multi_acis_013')
                  testsList.append('aci_multi_acis_014')
                  testsList.append('aci_multi_acis_015')
                  testsList.append('aci_multi_acis_016')
                  testsList.append('aci_multi_acis_017')
                  testsList.append('aci_multi_acis_018')
                  testsList.append('aci_multi_acis_019')
                  testsList.append('aci_multi_acis_020')
                  testsList.append('aci_multi_acis_021')
                  testsList.append('aci_multi_acis_022')
                  testsList.append('aci_multi_acis_023')
                  testsList.append('aci_multi_acis_024')
                  testsList.append('aci_multi_acis_025')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/multi_acis/multi_acis_tests.xml

New file
Diff too large

 opends/tests/staf-tests/functional-tests/testcases/aci/multiple_aci_tests.xml

File was deleted

 opends/tests/staf-tests/functional-tests/testcases/aci/proxy_auth/proxy_auth.xml

New file
@@ -0,0 +1,152 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="aci_proxy_auth"/>
  <function name="aci_proxy_auth" scope="local">
    <sequence>
      <block name="'aci_proxy_auth'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'aci'        
              CurrentTestPath['suite'] = 'proxy_auth'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'ACI Proxy Auth'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       ACI Proxy Auth Tests
            #@TestSuitePurpose    Verify that ACI proxy_auths are functioning correctly
            #@TestSuiteID         ACI Proxy Auth Tests
            #@TestSuiteGroup      ACI Proxy Auth
            #@TestGroup           ACI
            #@TestScript          proxy_auth.xml
            #@TestHTMLLink        http://www.forgerock.org/
              -->
                  
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'stopServer'     : False,
                    'ldifFile'       : '%s/aci/aci_startup.ldif' % remote.data,
                    'friendlyName'   : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('proxy_auth/proxy_auth_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to aci tests -->
                <script>
                  msg1 = 'ACI: Proxy Auth:'
                </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('aci_proxy_auth_001')
                  testsList.append('aci_proxy_auth_002')
                  testsList.append('aci_proxy_auth_003')
                  testsList.append('aci_proxy_auth_004')
                  testsList.append('aci_proxy_auth_005')
                  testsList.append('aci_proxy_auth_006')
                  testsList.append('aci_proxy_auth_007')
                  testsList.append('aci_proxy_auth_008')
                  testsList.append('aci_proxy_auth_009')
#OOS                  testsList.append('aci_proxy_auth_010')
                  testsList.append('aci_proxy_auth_011')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>

              <catch exception="'STAFException.TestSuite.SetupException'">
                <sequence>
                  <message log="1" level="'fatal'">
                    'Setup of test suite failed.'
                  </message>
                  <rethrow/>
                </sequence>
              </catch>
  
              <finally>
                <message>'Test Cases Completed.'</message>
              </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: ACI Cleanup.'</message>
              <try>
                <sequence>
                  <call function="'common_cleanup'">
                    { 'friendlyName'  : _label }
                  </call>
              </sequence>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/aci/proxy_auth/proxy_auth_tests.xml

New file
@@ -0,0 +1,2597 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying * information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011-2012 ForgeRock AS.
 ! -->
<stax>

  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Preamble
      #@TestIssue                 1489
      #@TestPurpose               Test default aci settings
      #@TestPreamble              none
      #@TestStep                  Client searches entry for an attribute in a branch dn.
      #@TestStep                  Client searches entry for an attribute in another branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and no entries are returned 
                                  for all operations.
  -->
  <function name="aci_proxy_auth_001" scope="local">
    <testcase name="getTestCaseName('Proxy Auth Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Proxy Auth: Preamble - Removing Search Global ACI'
            </message>

            <!-- Remove the global ACI -->    
            <call function="'modifyGlobalAci'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : GLOBAL_ACI_SEARCH ,
                'opType'                 : 'remove' }
            </call>

            <!-- Allow the proxy auth control for all ldap users read only -->            
            <script>
                allow_aci='(targetcontrol=\"2.16.840.1.113730.3.4.18\") (version 3.0; acl \"allow proxy auth control access\"; allow(read) userdn=\"ldap:///anyone\";)'
            </script>

            <!--  Add the ACI under suffix -->        
            <call function="'modifyAnAttribute'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : allow_aci ,
                'changetype'             : 'add' }
            </call>
            
            <message>
             'ACI: Proxy Auth: Preamble - existing branch, user searching entry that will be targeted in future tests'
            </message>

            <!-- Search a users entry as another user. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'cn=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>

            <!-- TODO: Also perform a modify operation - should return insufficient access -->              

            <message>
               'ACI: Proxy Auth: Preamble - existing branch, user searching entry that will be non-targeted in future tests'
            </message>

            <!-- Search a users entry as another user. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'cn=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests' }
            </call>

            <!-- TODO: Also perform a modify operation - should return insufficient access -->
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user, one proxied user
      #@TestPreamble              none
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry that does not have the targeted dn for the targetattr.
      #@TestStep                  Remove all acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  No entries are returned for any steps.
  -->
  <function name="aci_proxy_auth_002" scope="local">
    <testcase name="getTestCaseName('one proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Proxy Auth: one proxied user, user searching targeted entry'
            </message>

            <!-- Search a users entry as another user (uid=auser). This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one proxied user, second user searching targeted entry'
            </message>

            <!-- Search a users entry as another user (uid=buser). This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one proxied user, proxied user searching targeted entry'
            </message>

            <!-- Search a users entry as uid=aproxy. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>

            <!-- Add the proxi aci for user uid=aproxy under ou=aci branch -->              
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one proxied user, preamble adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one proxied user, proxy user searching targeted entry'
            </message>

            <!-- Search users entry with proxy dn without allowed aci access. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>

            <!-- TODO: Also perform a modify operation - should return insufficient access -->
                          
            <message>
               'ACI: Proxy Auth: one proxied user, admin deleting both acis'
            </message>

            <!-- Delete the proxy aci for user uid=aproxy -->  
            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one proxied user, user searching targeted entry'
            </message>

            <!-- Search a users entry as another user. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one user, one proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user, one proxied user
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  Entry is returned only for steps 1 and 5 
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_003" scope="local">
    <testcase name="getTestCaseName('one user, one proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <!-- Allow user uid=auser access to all entries under ou=aci branch -->
            <script>
                curr_aci_ldif_file = 'add_user_aci_all.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user, one proxied user, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
            </message>

            <!-- Search a users entry under suffix as uid=auser. This should return a result -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
            </message>

            <!-- Search a users entry as another user. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one proxied user, proxied user searching targeted entry'
            </message>

            <!-- Search a users entry just as proxy user. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>

            <!-- Add the proxi aci for user uid=aproxy under ou=aci branch -->             
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user, one proxied user, adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user, one proxied user, proxied user searching targeted entry'
            </message>

            <!-- Search users entry with proxy dn with allowed aci access. This should return results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>

            <!-- TODO: Also perform a modify operation - should return success -->
            
            <message>
               'ACI: Proxy Auth: one user, one proxied user, proxied second user searching targeted entry'
            </message>

            <!-- Search users entry with proxy dn without allowed aci access. This should return no results -->
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one proxied user, admin deleting both acis'
            </message>

            <!-- Remove aci attribute for uid=auser -->  
            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
            </message>

            <!-- Search a users entry as a uid=auser. This should return no results -->  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one user for adds, one proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user for adds, one proxied user
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  No entries returned for any step.
  -->
  <function name="aci_proxy_auth_004" scope="local">
    <testcase name="getTestCaseName('one user for adds, one proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_add.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one user for searches, one proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user for searches, one proxied user
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  Entry is returned only for steps 1 and 5 
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_005" scope="local">
    <testcase name="getTestCaseName('one user for searches, one proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_search.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one user for searches reads separate level, one proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user for searches reads separate level, one proxied user
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Remove another level of acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  Entry is returned only for steps 1 and 5 
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_006" scope="local">
    <testcase name="getTestCaseName('one user for searches reads separate level, one proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_search_sep.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci2.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with many users with wildcard, one proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with many users with wildcard, one proxied user
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Remove another level of acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  Entry is returned only for steps 1, 2, 5 and 6 
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_007" scope="local">
    <testcase name="getTestCaseName('many users with wildcard, one proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_all_wildcard.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one user, many proxied users with wildcard
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user, many proxied users with wildcard
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Remove another level of acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations. 
                                  Entry is returned only for steps 1, 2, 5 and 6 
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_008" scope="local">
    <testcase name="getTestCaseName('many users one user, many proxied users with wildcard')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_all.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_proxy_aci_wildcard.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, preamble adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with one user, one bad proxied user
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with one user, one bad proxied user
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as proxied user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Admin adds an aci giving proxied user permission to access as user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through user.
      #@TestStep                  Client searches entry in targeted branch as proxied user through second user.
      #@TestStep                  Remove all acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations, except step 4 where 123 is expected.
                                  Entry is returned only for step 1  
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_009" scope="local">
    <testcase name="getTestCaseName('one user, one bad proxied user')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_all.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  ,
                'expectedRC'       : 123 }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'SEARCH operation failed' ,
                  'expectedResult'     : '1' }
            </call>
            
            <script>
                curr_aci_ldif_file = 'add_proxy_aci.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  ,
                'expectedRC'       : 123 }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'SEARCH operation failed' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ProxyRules' ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  ,
                'expectedRC'       : 123 }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'SEARCH operation failed' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Proxy rights with Directory Manager as proxy
      #@TestIssue                 1489
      #@TestPurpose               Test ACI with proxy rights with Directory Manager as proxy
      #@TestPreamble              Admin adds an aci giving user search and read access to one branch.
      #@TestStep                  Client searches entry in targeted branch as user.
      #@TestStep                  Client searches entry in targeted branch as second user.
      #@TestStep                  Client searches entry in targeted branch as cn=Directory Manager proxied user.
      #@TestStep                  Admin adds ds-privilege-name to cn=Directory Manager
      #@TestStep                  Client searches entry in targeted branch as cn=Directory Manager proxied user.
      #@TestStep                  Client searches entry in targeted branch as cn=Directory Manager proxied user through second user.
      #@TestStep                  Admin deletes ds-privilege-name from cn=Directory Manager
      #@TestStep                  Remove all acis.
      #@TestStep                  Client searches entry in the previously targeted branch.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  for all ldap operations except step 3 where 123 is expected. 
                                  Entry is returned only for steps 1 and 5
                                  and only with the specified attribute.
  -->
  <function name="aci_proxy_auth_010" scope="local">
    <testcase name="getTestCaseName('Directory Manager as proxy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <script>
                curr_aci_ldif_file = 'add_user_aci_all.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, preamble adding user aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'SEARCH operation failed' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, adding proxied-auth'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/add_proxy_auth_dm.ldif' % (remote.data) }
            </call>

            <script>
                curr_aci_ldif_file = 'add_proxy_aci_dm.ldif'
                curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (local.data,curr_aci_ldif_file));
            </script>
      
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, adding proxy aci,\n %s' % curr_aci
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/%s' % (remote.data,curr_aci_ldif_file) }
            </call>

            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, proxied user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsProxyDN'        : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '1' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '1' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, proxied second user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsProxyDN'        : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'  }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'cn:' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, deleting proxied-auth'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_proxy_auth_dm.ldif' % (remote.data) }
            </call>

            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, admin deleting both acis'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/aci/aci_proxy_auth/del_aci.ldif' % remote.data }
            </call>

            <message>
               'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'cn sn uid telephonenumber' }
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestStringNotPresent'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
            </call>
              
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
          
  <!--
      Place test-specific test information here.
      The tag, TestMarker, must be the same as the tag, TestSuiteName.
      #@TestMarker                ACI Proxy Authorization Tests
      #@TestName                  Postamble
      #@TestIssue                 1489
      #@TestPurpose               Test default aci settings
      #@TestPreamble              none
      #@TestStep                  Client searches entry for an attribute in a branch dn.
      #@TestStep                  Client searches entry for an attribute in another branch dn.
      #@TestPostamble             none
      #@TestResult                Success if OpenDS returns 0
                                  and no entries are returned 
                                  for all operations.
  -->
  <function name="aci_proxy_auth_011" scope="local">
    <testcase name="getTestCaseName('Proxy Auth Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <message>
               'ACI: Proxy Auth: Postamble - existing branch, user searching entry that will be targeted in future tests'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'cn=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Postamble - existing branch, user searching entry that will be non-targeted in future tests'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'ACIRules' ,
                'dsBaseDN'         : 'uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
                'dsFilter'         : 'cn=*'  ,
                'attributes'       : 'cn sn uid telephonenumber'}
            </call>

            <script> 
             returnString = STAXResult[0][1]
            </script> 

            <call function="'searchStringForSubstring'">
                { 'returnString'       : returnString ,
                  'testString'         : 'dn: uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests' ,
                  'expectedResult'     : '0' }
            </call>
            
            <script>
                allow_aci='(targetcontrol=\"2.16.840.1.113730.3.4.18\") (version 3.0; acl \"allow proxy auth control access\"; allow(read) userdn=\"ldap:///anyone\";)'
            </script>
    
            <call function="'modifyAnAttribute'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : allow_aci ,
                'changetype'             : 'delete' }
            </call>
            
            <message>
               'ACI: Proxy Auth: Postamble - Resetting Search Global ACI'
            </message>

            <call function="'modifyGlobalAci'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : GLOBAL_ACI_SEARCH ,
                'opType'                 : 'add' }
            </call>
                
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

Diff truncated after the above file
opends/tests/staf-tests/functional-tests/testcases/aci/rdn_wildcards/rdn_wildcards.xml
opends/tests/staf-tests/functional-tests/testcases/aci/rdn_wildcards/rdn_wildcards_tests.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targattrfilter/targattrfilter.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targattrfilter/targattrfilter_tests.xml
opends/tests/staf-tests/functional-tests/testcases/aci/target/target.xml
opends/tests/staf-tests/functional-tests/testcases/aci/target/target_tests.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetattr/targetattr.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetattr/targetattr_tests.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol_tests.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetfilter/targetfilter.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetfilter/targetfilter_tests.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetscope/targetscope.xml
opends/tests/staf-tests/functional-tests/testcases/aci/targetscope/targetscope_tests.xml