external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 32bcf2f7 | patch | commit | ignore whitespace

CR-1822 Fix issue OPENDJ-962: Subject Attr To User Attr Cert Mapper has wro...

Manuel Gaupp

11.13.2013 5eb5d125bb5170aa5bac2136ae14079a80fc3e75

CR-1822 Fix issue OPENDJ-962: Subject Attr To User Attr Cert Mapper has wrong default configuration

1 files added

6 files modified

	opends/resource/config/config.ldif	4 ●●●●● patch \| view \| raw \| blame \| history
	opends/resource/schema/00-core.ldif	6 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapper.java	45 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/resource/client-emailAddress.keystore	patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/resource/server.truststore	patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java	3 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapperTestCase.java	159 ●●●●● patch \| view \| raw \| blame \| history

 opends/resource/config/config.ldif

@@ -22,7 +22,7 @@
#
#      Copyright 2006-2010 Sun Microsystems, Inc.
#      Portions Copyright 2010-2013 ForgeRock AS.
#      Portions Copyright 2012 Manuel Gaupp
#      Portions Copyright 2012-2013 Manuel Gaupp
#
#
# This file contains the primary Directory Server configuration.  It must not
@@ -410,7 +410,7 @@
ds-cfg-java-class: org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper
ds-cfg-enabled: true
ds-cfg-subject-attribute-mapping: cn:cn
ds-cfg-subject-attribute-mapping: e:mail
ds-cfg-subject-attribute-mapping: emailAddress:mail

dn: cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config
objectClass: top

 opends/resource/schema/00-core.ldif

@@ -23,6 +23,7 @@
#
#      Copyright 2006-2010 Sun Microsystems, Inc.
#      Portions Copyright 2011-2012 ForgeRock AS
#      Portions Copyright 2013 Manuel Gaupp
#
#
# This file contains a core set of attribute type and objectlass definitions
@@ -525,6 +526,11 @@
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
  SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation
  X-ORIGIN 'OpenDJ Directory Server' )
attributeTypes: ( 1.2.840.113549.1.9.1 NAME 'emailAddress'
  DESC 'Email address'
  EQUALITY caseIgnoreIA5Match 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  X-ORIGIN 'RFC 2985' )
objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass
  X-ORIGIN 'RFC 4512' )
objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName

 opends/src/server/org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapper.java

@@ -24,6 +24,7 @@
 *
 *      Copyright 2007-2008 Sun Microsystems, Inc.
 *      Portions Copyright 2012 ForgeRock AS
 *      Portions Copyright 2013 Manuel Gaupp
 */
package org.opends.server.extensions;

@@ -135,6 +136,10 @@
        throw new ConfigException(message);
      }

      // Try to normalize the provided certAttrName
      certAttrName = normalizeAttributeName(certAttrName);


      if (attributeMap.containsKey(certAttrName))
      {
        Message message = ERR_SATUACM_DUPLICATE_CERT_ATTR.get(
@@ -271,6 +276,10 @@
      for (int j=0; j < rdn.getNumValues(); j++)
      {
        String lowerName = toLowerCase(rdn.getAttributeName(j));

        // Try to normalize lowerName
        lowerName = normalizeAttributeName(lowerName);

        AttributeType attrType = theAttributeMap.get(lowerName);
        if (attrType != null)
        {
@@ -282,7 +291,8 @@

    if (filterComps.isEmpty())
    {
      Message message = ERR_SATUACM_NO_MAPPABLE_ATTRIBUTES.get(peerName);
      Message message = ERR_SATUACM_NO_MAPPABLE_ATTRIBUTES.get(
           String.valueOf(peerDN));
      throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
    }

@@ -356,7 +366,7 @@
        else
        {
          Message message = ERR_SATUACM_MULTIPLE_MATCHING_ENTRIES.
              get(peerName, String.valueOf(userEntry.getDN()),
              get(String.valueOf(peerDN), String.valueOf(userEntry.getDN()),
                  String.valueOf(entry.getDN()));
          throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
        }
@@ -425,6 +435,9 @@
        break;
      }

      // Try to normalize the provided certAttrName
      certAttrName = normalizeAttributeName(certAttrName);

      if (newAttributeMap.containsKey(certAttrName))
      {
        unacceptableReasons.add(ERR_SATUACM_DUPLICATE_CERT_ATTR.get(
@@ -515,6 +528,9 @@
        break;
      }

      // Try to normalize the provided certAttrName
      certAttrName = normalizeAttributeName(certAttrName);

      if (newAttributeMap.containsKey(certAttrName))
      {
        if (resultCode == ResultCode.SUCCESS)
@@ -598,5 +614,30 @@

   return new ConfigChangeResult(resultCode, adminActionRequired, messages);
  }



  /**
   * Tries to normalize the given attribute name; if normalization is not
   * possible the original String value is returned.
   *
   * @param   attrName  The attribute name which should be normalized.
   *
   * @return  The normalized attribute name.
   */
  private static String normalizeAttributeName(String attrName)
  {
    AttributeType attrType =
         DirectoryServer.getAttributeType(attrName, false);
    if (attrType != null)
    {
      String attrNameNormalized = attrType.getNormalizedPrimaryName();
      if (attrNameNormalized != null)
      {
         attrName = attrNameNormalized;
      }
    }
    return attrName;
  }
}


 opends/tests/unit-tests-testng/resource/client-emailAddress.keystore

Binary files differ

 opends/tests/unit-tests-testng/resource/server.truststore

Binary files differ

 opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java

@@ -24,6 +24,7 @@
 *
 *      Copyright 2006-2010 Sun Microsystems, Inc.
 *      Portions Copyright 2011-2013 ForgeRock AS
 *      Portions Copyright 2013 Manuel Gaupp
 */
package org.opends.server;

@@ -399,6 +400,8 @@
            new File(testConfigDir, "server.truststore"));
        copyFile(new File(testResourceDir, "client.keystore"),
            new File(testConfigDir, "client.keystore"));
        copyFile(new File(testResourceDir, "client-emailAddress.keystore"),
            new File(testConfigDir, "client-emailAddress.keystore"));
        copyFile(new File(testResourceDir, "client.truststore"),
            new File(testConfigDir, "client.truststore"));
        copyFile(new File(testResourceDir, "server-cert.p12"),

 opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapperTestCase.java

@@ -24,6 +24,7 @@
 *
 *      Copyright 2008 Sun Microsystems, Inc.
 *      Portions Copyright 2012 ForgeRock AS
 *      Portions Copyright 2013 Manuel Gaupp
 */
package org.opends.server.extensions;

@@ -180,7 +181,19 @@
           "SubjectAttributeToUserAttributeCertificateMapper",
      "ds-cfg-enabled: true",
      "ds-cfg-subject-attribute-mapping: cn:cn",
      "ds-cfg-user-base-dn: invalid");
      "ds-cfg-user-base-dn: invalid",
      "",
      "dn: cn=Duplicate Cert Attr OID and Name,cn=Certificate Mappers,cn=config",
      "objectClass: top",
      "objectClass: ds-cfg-certificate-mapper",
      "objectClass: " +
           "ds-cfg-subject-attribute-to-user-attribute-certificate-mapper",
      "cn: Duplicate Cert Attr OID and Name",
      "ds-cfg-java-class: org.opends.server.extensions." +
           "SubjectAttributeToUserAttributeCertificateMapper",
      "ds-cfg-enabled: true",
      "ds-cfg-subject-attribute-mapping: cn:cn",
      "ds-cfg-subject-attribute-mapping: 2.5.4.3:displayName");


    Object[][] configEntries = new Object[entries.size()][1];
@@ -279,6 +292,128 @@


  /**
   * Tests a successful mapping using an OID for the mapping.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test()
  public void testSuccessfulMappingUsingAnOID()
         throws Exception
  {
    enableMapper();

    try
    {
      setAttributeMappings(new String[] { "cn:cn", "1.2.840.113549.1.9.1:mail" });

      TestCaseUtils.initializeTestBackend(true);
      TestCaseUtils.addEntry(
        "dn: uid=test.user,o=test",
        "objectClass: top",
        "objectClass: person",
        "objectClass: organizationalPerson",
        "objectClass: inetOrgPerson",
        "objectClass: ds-certificate-user",
        "uid: test.user",
        "givenName: Test",
        "sn: User",
        "cn: Test User",
        "mail: test@example.com");



      String keyStorePath = DirectoryServer.getInstanceRoot() + File.separator +
                            "config" + File.separator + "client-emailAddress.keystore";
      String trustStorePath = DirectoryServer.getInstanceRoot() + File.separator +
                              "config" + File.separator + "client.truststore";

      String[] args =
      {
        "--noPropertiesFile",
        "-h", "127.0.0.1",
        "-p", String.valueOf(TestCaseUtils.getServerLdapsPort()),
        "-Z",
        "-K", keyStorePath,
        "-W", "password",
        "-P", trustStorePath,
        "-r",
        "-b", "",
        "-s", "base",
        "(objectClass=*)"
      };

      assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
    }
    finally
    {
      disableMapper();
      setAttributeMappings(new String[] { "cn:cn", "emailAddress:mail" });
    }
  }



  /**
   * Tests a successful mapping using the default configuration and a
   * certificate containing a subject with an emailAddress.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test()
  public void testSuccessfulMappingDefaultConfigEmailAddress()
         throws Exception
  {
    enableMapper();

    try
    {
      TestCaseUtils.initializeTestBackend(true);
      TestCaseUtils.addEntry(
        "dn: uid=test.user,o=test",
        "objectClass: top",
        "objectClass: person",
        "objectClass: organizationalPerson",
        "objectClass: inetOrgPerson",
        "objectClass: ds-certificate-user",
        "uid: test.user",
        "givenName: Test",
        "sn: User",
        "cn: Test User",
        "mail: test@example.com");



      String keyStorePath = DirectoryServer.getInstanceRoot() + File.separator +
                            "config" + File.separator + "client-emailAddress.keystore";
      String trustStorePath = DirectoryServer.getInstanceRoot() + File.separator +
                              "config" + File.separator + "client.truststore";

      String[] args =
      {
        "--noPropertiesFile",
        "-h", "127.0.0.1",
        "-p", String.valueOf(TestCaseUtils.getServerLdapsPort()),
        "-Z",
        "-K", keyStorePath,
        "-W", "password",
        "-P", trustStorePath,
        "-r",
        "-b", "",
        "-s", "base",
        "(objectClass=*)"
      };

      assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
    }
    finally
    {
      disableMapper();
    }
  }



  /**
   * Tests a successful mapping with multiple attributes.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -334,7 +469,7 @@
    finally
    {
      disableMapper();
      setAttributeMappings(new String[] { "cn:cn", "e:mail" });
      setAttributeMappings(new String[] { "cn:cn", "emailAddress:mail" });
    }
  }

@@ -353,7 +488,7 @@

    try
    {
      setAttributeMappings(new String[] { "e:mail" });
      setAttributeMappings(new String[] { "emailAddress:mail" });

      TestCaseUtils.initializeTestBackend(true);
      TestCaseUtils.addEntry(
@@ -396,7 +531,7 @@
    finally
    {
      disableMapper();
      setAttributeMappings(new String[] { "cn:cn", "e:mail" });
      setAttributeMappings(new String[] { "cn:cn", "emailAddress:mail" });
    }
  }

@@ -592,7 +727,7 @@


  /**
   * Tests to ensure that an attmept to remove the subject attribute will fail.
   * Tests to ensure that an attempt to remove the subject attribute will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
@@ -620,7 +755,7 @@


  /**
   * Tests to ensure that an attmept to set an attribute mapping with no colon
   * Tests to ensure that an attempt to set an attribute mapping with no colon
   * will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -635,7 +770,7 @@


  /**
   * Tests to ensure that an attmept to set an attribute mapping with no cert
   * Tests to ensure that an attempt to set an attribute mapping with no cert
   * attribute will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -650,7 +785,7 @@


  /**
   * Tests to ensure that an attmept to set an attribute mapping with no user
   * Tests to ensure that an attempt to set an attribute mapping with no user
   * attribute will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -665,7 +800,7 @@


  /**
   * Tests to ensure that an attmept to set an attribute mapping with an
   * Tests to ensure that an attempt to set an attribute mapping with an
   * undefined user attribute will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -680,7 +815,7 @@


  /**
   * Tests to ensure that an attmept to set an attribute mapping with a
   * Tests to ensure that an attempt to set an attribute mapping with a
   * duplicate cert attribute mapping will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -695,7 +830,7 @@


  /**
   * Tests to ensure that an attmept to set an attribute mapping with a
   * Tests to ensure that an attempt to set an attribute mapping with a
   * duplicate user attribute mapping will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
@@ -710,7 +845,7 @@


  /**
   * Tests to ensure that an attmept to set an invalid base DN will fail.
   * Tests to ensure that an attempt to set an invalid base DN will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */

			@@ -22,7 +22,7 @@
			#
			# Copyright 2006-2010 Sun Microsystems, Inc.
			# Portions Copyright 2010-2013 ForgeRock AS.
			# Portions Copyright 2012 Manuel Gaupp
			# Portions Copyright 2012-2013 Manuel Gaupp
			#
			#
			# This file contains the primary Directory Server configuration. It must not
			@@ -410,7 +410,7 @@
			ds-cfg-java-class: org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper
			ds-cfg-enabled: true
			ds-cfg-subject-attribute-mapping: cn:cn
			ds-cfg-subject-attribute-mapping: e:mail
			ds-cfg-subject-attribute-mapping: emailAddress:mail

			dn: cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config
			objectClass: top

			@@ -23,6 +23,7 @@
			#
			# Copyright 2006-2010 Sun Microsystems, Inc.
			# Portions Copyright 2011-2012 ForgeRock AS
			# Portions Copyright 2013 Manuel Gaupp
			#
			#
			# This file contains a core set of attribute type and objectlass definitions
			@@ -525,6 +526,11 @@
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
			SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation
			X-ORIGIN 'OpenDJ Directory Server' )
			attributeTypes: ( 1.2.840.113549.1.9.1 NAME 'emailAddress'
			DESC 'Email address'
			EQUALITY caseIgnoreIA5Match
			SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
			X-ORIGIN 'RFC 2985' )
			objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass
			X-ORIGIN 'RFC 4512' )
			objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName

			@@ -24,6 +24,7 @@
			*
			* Copyright 2007-2008 Sun Microsystems, Inc.
			* Portions Copyright 2012 ForgeRock AS
			* Portions Copyright 2013 Manuel Gaupp
			*/
			package org.opends.server.extensions;

			@@ -135,6 +136,10 @@
			throw new ConfigException(message);
			}

			// Try to normalize the provided certAttrName
			certAttrName = normalizeAttributeName(certAttrName);


			if (attributeMap.containsKey(certAttrName))
			{
			Message message = ERR_SATUACM_DUPLICATE_CERT_ATTR.get(
			@@ -271,6 +276,10 @@
			for (int j=0; j < rdn.getNumValues(); j++)
			{
			String lowerName = toLowerCase(rdn.getAttributeName(j));

			// Try to normalize lowerName
			lowerName = normalizeAttributeName(lowerName);

			AttributeType attrType = theAttributeMap.get(lowerName);
			if (attrType != null)
			{
			@@ -282,7 +291,8 @@

			if (filterComps.isEmpty())
			{
			Message message = ERR_SATUACM_NO_MAPPABLE_ATTRIBUTES.get(peerName);
			Message message = ERR_SATUACM_NO_MAPPABLE_ATTRIBUTES.get(
			String.valueOf(peerDN));
			throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
			}

			@@ -356,7 +366,7 @@
			else
			{
			Message message = ERR_SATUACM_MULTIPLE_MATCHING_ENTRIES.
			get(peerName, String.valueOf(userEntry.getDN()),
			get(String.valueOf(peerDN), String.valueOf(userEntry.getDN()),
			String.valueOf(entry.getDN()));
			throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
			}
			@@ -425,6 +435,9 @@
			break;
			}

			// Try to normalize the provided certAttrName
			certAttrName = normalizeAttributeName(certAttrName);

			if (newAttributeMap.containsKey(certAttrName))
			{
			unacceptableReasons.add(ERR_SATUACM_DUPLICATE_CERT_ATTR.get(
			@@ -515,6 +528,9 @@
			break;
			}

			// Try to normalize the provided certAttrName
			certAttrName = normalizeAttributeName(certAttrName);

			if (newAttributeMap.containsKey(certAttrName))
			{
			if (resultCode == ResultCode.SUCCESS)
			@@ -598,5 +614,30 @@

			return new ConfigChangeResult(resultCode, adminActionRequired, messages);
			}



			/**
			* Tries to normalize the given attribute name; if normalization is not
			* possible the original String value is returned.
			*
			* @param attrName The attribute name which should be normalized.
			*
			* @return The normalized attribute name.
			*/
			private static String normalizeAttributeName(String attrName)
			{
			AttributeType attrType =
			DirectoryServer.getAttributeType(attrName, false);
			if (attrType != null)
			{
			String attrNameNormalized = attrType.getNormalizedPrimaryName();
			if (attrNameNormalized != null)
			{
			attrName = attrNameNormalized;
			}
			}
			return attrName;
			}
			}

			@@ -24,6 +24,7 @@
			*
			* Copyright 2006-2010 Sun Microsystems, Inc.
			* Portions Copyright 2011-2013 ForgeRock AS
			* Portions Copyright 2013 Manuel Gaupp
			*/
			package org.opends.server;

			@@ -399,6 +400,8 @@
			new File(testConfigDir, "server.truststore"));
			copyFile(new File(testResourceDir, "client.keystore"),
			new File(testConfigDir, "client.keystore"));
			copyFile(new File(testResourceDir, "client-emailAddress.keystore"),
			new File(testConfigDir, "client-emailAddress.keystore"));
			copyFile(new File(testResourceDir, "client.truststore"),
			new File(testConfigDir, "client.truststore"));
			copyFile(new File(testResourceDir, "server-cert.p12"),

			@@ -24,6 +24,7 @@
			*
			* Copyright 2008 Sun Microsystems, Inc.
			* Portions Copyright 2012 ForgeRock AS
			* Portions Copyright 2013 Manuel Gaupp
			*/
			package org.opends.server.extensions;

			@@ -180,7 +181,19 @@
			"SubjectAttributeToUserAttributeCertificateMapper",
			"ds-cfg-enabled: true",
			"ds-cfg-subject-attribute-mapping: cn:cn",
			"ds-cfg-user-base-dn: invalid");
			"ds-cfg-user-base-dn: invalid",
			"",
			"dn: cn=Duplicate Cert Attr OID and Name,cn=Certificate Mappers,cn=config",
			"objectClass: top",
			"objectClass: ds-cfg-certificate-mapper",
			"objectClass: " +
			"ds-cfg-subject-attribute-to-user-attribute-certificate-mapper",
			"cn: Duplicate Cert Attr OID and Name",
			"ds-cfg-java-class: org.opends.server.extensions." +
			"SubjectAttributeToUserAttributeCertificateMapper",
			"ds-cfg-enabled: true",
			"ds-cfg-subject-attribute-mapping: cn:cn",
			"ds-cfg-subject-attribute-mapping: 2.5.4.3:displayName");


			Object[][] configEntries = new Object[entries.size()][1];
			@@ -279,6 +292,128 @@


			/**
			* Tests a successful mapping using an OID for the mapping.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test()
			public void testSuccessfulMappingUsingAnOID()
			throws Exception
			{
			enableMapper();

			try
			{
			setAttributeMappings(new String[] { "cn:cn", "1.2.840.113549.1.9.1:mail" });

			TestCaseUtils.initializeTestBackend(true);
			TestCaseUtils.addEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"objectClass: ds-certificate-user",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"mail: test@example.com");



			String keyStorePath = DirectoryServer.getInstanceRoot() + File.separator +
			"config" + File.separator + "client-emailAddress.keystore";
			String trustStorePath = DirectoryServer.getInstanceRoot() + File.separator +
			"config" + File.separator + "client.truststore";

			String[] args =
			{
			"--noPropertiesFile",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapsPort()),
			"-Z",
			"-K", keyStorePath,
			"-W", "password",
			"-P", trustStorePath,
			"-r",
			"-b", "",
			"-s", "base",
			"(objectClass=*)"
			};

			assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
			}
			finally
			{
			disableMapper();
			setAttributeMappings(new String[] { "cn:cn", "emailAddress:mail" });
			}
			}



			/**
			* Tests a successful mapping using the default configuration and a
			* certificate containing a subject with an emailAddress.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test()
			public void testSuccessfulMappingDefaultConfigEmailAddress()
			throws Exception
			{
			enableMapper();

			try
			{
			TestCaseUtils.initializeTestBackend(true);
			TestCaseUtils.addEntry(
			"dn: uid=test.user,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"objectClass: ds-certificate-user",
			"uid: test.user",
			"givenName: Test",
			"sn: User",
			"cn: Test User",
			"mail: test@example.com");



			String keyStorePath = DirectoryServer.getInstanceRoot() + File.separator +
			"config" + File.separator + "client-emailAddress.keystore";
			String trustStorePath = DirectoryServer.getInstanceRoot() + File.separator +
			"config" + File.separator + "client.truststore";

			String[] args =
			{
			"--noPropertiesFile",
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapsPort()),
			"-Z",
			"-K", keyStorePath,
			"-W", "password",
			"-P", trustStorePath,
			"-r",
			"-b", "",
			"-s", "base",
			"(objectClass=*)"
			};

			assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
			}
			finally
			{
			disableMapper();
			}
			}



			/**
			* Tests a successful mapping with multiple attributes.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -334,7 +469,7 @@
			finally
			{
			disableMapper();
			setAttributeMappings(new String[] { "cn:cn", "e:mail" });
			setAttributeMappings(new String[] { "cn:cn", "emailAddress:mail" });
			}
			}

			@@ -353,7 +488,7 @@

			try
			{
			setAttributeMappings(new String[] { "e:mail" });
			setAttributeMappings(new String[] { "emailAddress:mail" });

			TestCaseUtils.initializeTestBackend(true);
			TestCaseUtils.addEntry(
			@@ -396,7 +531,7 @@
			finally
			{
			disableMapper();
			setAttributeMappings(new String[] { "cn:cn", "e:mail" });
			setAttributeMappings(new String[] { "cn:cn", "emailAddress:mail" });
			}
			}

			@@ -592,7 +727,7 @@


			/**
			* Tests to ensure that an attmept to remove the subject attribute will fail.
			* Tests to ensure that an attempt to remove the subject attribute will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@@ -620,7 +755,7 @@


			/**
			* Tests to ensure that an attmept to set an attribute mapping with no colon
			* Tests to ensure that an attempt to set an attribute mapping with no colon
			* will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -635,7 +770,7 @@


			/**
			* Tests to ensure that an attmept to set an attribute mapping with no cert
			* Tests to ensure that an attempt to set an attribute mapping with no cert
			* attribute will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -650,7 +785,7 @@


			/**
			* Tests to ensure that an attmept to set an attribute mapping with no user
			* Tests to ensure that an attempt to set an attribute mapping with no user
			* attribute will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -665,7 +800,7 @@


			/**
			* Tests to ensure that an attmept to set an attribute mapping with an
			* Tests to ensure that an attempt to set an attribute mapping with an
			* undefined user attribute will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -680,7 +815,7 @@


			/**
			* Tests to ensure that an attmept to set an attribute mapping with a
			* Tests to ensure that an attempt to set an attribute mapping with a
			* duplicate cert attribute mapping will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -695,7 +830,7 @@


			/**
			* Tests to ensure that an attmept to set an attribute mapping with a
			* Tests to ensure that an attempt to set an attribute mapping with a
			* duplicate user attribute mapping will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			@@ -710,7 +845,7 @@


			/**
			* Tests to ensure that an attmept to set an invalid base DN will fail.
			* Tests to ensure that an attempt to set an invalid base DN will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			*/