external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 464832bb | patch | commit | ignore whitespace

Code cleanup: - Replaced use of Socket by RemoteConnection - Replaced use o...

Jean-Noël Rouvignac

24.21.2016 684830f9e78326aba7a0140444c0e41dcfaff809

Code cleanup:
- Replaced use of Socket by RemoteConnection
- Replaced use of the various InternalClientConnection.processModify() methods
by InternalClientConnection.processModify(ModifyRequest)
everywhere it is not critical and perfs will be equivalent

43 files modified

	opendj-server-legacy/src/main/java/org/forgerock/opendj/adapter/server3x/Adapters.java	8 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java	8 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/protocols/internal/InternalClientConnection.java	88 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/tasks/TaskUtils.java	43 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/api/PasswordValidatorTestCase.java	52 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/backends/ChangelogBackendTestCase.java	23 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/controls/PasswordPolicyControlTestCase.java	8 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/controls/PersistentSearchControlTest.java	32 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/AbandonOperationTestCase.java	41 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/BackendConfigManagerTestCase.java	42 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/BindOperationTestCase.java	800 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/GroupManagerTestCase.java	170 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java	73 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java	598 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/SearchOperationTestCase.java	5 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/CancelExtendedOperationTestCase.java	860 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/EntityTagVirtualAttributeProviderTestCase.java	78 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/ExactMatchIdentityMapperTestCase.java	127 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/ExternalSASLMechanismHandlerTestCase.java	26 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/FingerprintCertificateMapperTestCase.java	120 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java	33 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java	30 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapperTestCase.java	57 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapperTestCase.java	60 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/WhoAmIExtendedOperationTestCase.java	254 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/plugins/AttributeCleanupPluginTestCase.java	174 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java	31 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/plugins/SambaPasswordPluginTestCase.java	24 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/internal/InternalClientConnectionTestCase.java	13 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/internal/InternalLDAPSocketTestCase.java	369 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/JmxPrivilegeTestCase.java	17 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/LDAPBinaryOptionTestCase.java	94 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/LDAPv2TestCase.java	376 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/TestModifyRequestProtocolOp.java	69 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/replication/ReplicationTestCase.java	11 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/replication/UpdateOperationTest.java	37 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/replication/plugin/IsolationTest.java	23 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/tasks/DisconnectClientTaskTestCase.java	187 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/tools/RebuildIndexTestCase.java	73 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java	51 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/tools/VerifyIndexTestCase.java	54 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/types/PrivilegeTestCase.java	146 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElementTest.java	35 ●●●●● patch \| view \| raw \| blame \| history

 opendj-server-legacy/src/main/java/org/forgerock/opendj/adapter/server3x/Adapters.java

@@ -11,7 +11,7 @@
 * Header, with the fields enclosed by brackets [] replaced by your own identifying
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2013-2015 ForgeRock AS.
 * Copyright 2013-2016 ForgeRock AS.
 */
package org.forgerock.opendj.adapter.server3x;

@@ -57,7 +57,6 @@
import org.opends.server.core.DeleteOperation;
import org.opends.server.core.ExtendedOperation;
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchListener;
import org.opends.server.protocols.internal.InternalSearchOperation;
@@ -238,10 +237,7 @@

            @Override
            public Result modify(final ModifyRequest request) throws LdapException {
                final ModifyOperation modifyOperation =
                        icc.processModify(valueOfObject(request.getName()), toRawModifications(request
                                .getModifications()), to(request.getControls()));
                return getResponseResult(modifyOperation);
                return getResponseResult(icc.processModify(request));
            }

            @Override

 opendj-server-legacy/src/main/java/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java

@@ -51,7 +51,6 @@
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.ServerContext;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.ldap.*;
import org.opends.server.schema.SchemaConstants;
import org.opends.server.schema.UserPasswordSyntax;
@@ -72,6 +71,7 @@

import static org.opends.messages.ExtensionMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.ldap.LDAPConstants.*;
import static org.opends.server.util.StaticUtils.*;

@@ -1531,10 +1531,8 @@
                OP_ATTR_PTAPOLICY_CACHED_PASSWORD_TIME,
                provider.getCurrentTime()));

            InternalClientConnection conn = InternalClientConnection
                .getRootConnection();
            ModifyOperation internalModify = conn.processModify(userEntry
                .getName().toString(), modifications);
            ModifyOperation internalModify = getRootConnection().processModify(
                ByteString.valueOfObject(userEntry.getName()), modifications);

            ResultCode resultCode = internalModify.getResultCode();
            if (resultCode != ResultCode.SUCCESS)

 opendj-server-legacy/src/main/java/org/opends/server/protocols/internal/InternalClientConnection.java

@@ -31,6 +31,7 @@
import org.forgerock.opendj.ldap.AttributeDescription;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConnectionHandler;
@@ -76,6 +77,7 @@
import org.opends.server.util.ModifyChangeRecordEntry;
import org.opends.server.util.ModifyDNChangeRecordEntry;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.opends.messages.ProtocolMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.util.CollectionUtils.*;
@@ -1427,55 +1429,6 @@
    return extendedOperation;
  }



  /**
   * Processes an internal modify operation with the provided
   * information.
   *
   * @param  rawEntryDN        The raw entry DN for this modify
   *                           operation.
   * @param  rawModifications  The set of modifications for this
   *                           modify operation.
   *
   * @return  A reference to the modify operation that was processed
   *          and contains information about the result of the
   *          processing.
   */
  public ModifyOperation processModify(String rawEntryDN,
                              List<RawModification> rawModifications)
  {
    return processModify(ByteString.valueOfUtf8(rawEntryDN),
                         rawModifications, null);
  }



  /**
   * Processes an internal modify operation with the provided
   * information.
   *
   * @param  rawEntryDN        The raw entry DN for this modify
   *                           operation.
   * @param  rawModifications  The set of modifications for this
   *                           modify operation.
   * @param  controls          The set of controls to include in the
   *                           request.
   *
   * @return  A reference to the modify operation that was processed
   *          and contains information about the result of the
   *          processing.
   */
  public ModifyOperation processModify(String rawEntryDN,
                              List<RawModification> rawModifications,
                              List<Control> controls)
  {
    return processModify(ByteString.valueOfUtf8(rawEntryDN),
                         rawModifications, controls);
  }



  /**
   * Processes an internal modify operation with the provided
   * information.
@@ -1497,22 +1450,7 @@



  /**
   * Processes an internal modify operation with the provided
   * information.
   *
   * @param  rawEntryDN        The raw entry DN for this modify
   *                           operation.
   * @param  rawModifications  The set of modifications for this
   *                           modify operation.
   * @param  controls          The set of controls to include in the
   *                           request.
   *
   * @return  A reference to the modify operation that was processed
   *          and contains information about the result of the
   *          processing.
   */
  public ModifyOperation processModify(ByteString rawEntryDN,
  private ModifyOperation processModify(ByteString rawEntryDN,
                              List<RawModification> rawModifications,
                              List<Control> controls)
  {
@@ -1587,13 +1525,25 @@
   *          and contains information about the result of the
   *          processing.
   */
  public ModifyOperation processModify(
                              ModifyChangeRecordEntry modifyRecord)
  public ModifyOperation processModify(ModifyChangeRecordEntry modifyRecord)
  {
    return processModify(modifyRecord.getDN().toString(),
                         modifyRecord.getModifications());
    return processModify(ByteString.valueOfObject(modifyRecord.getDN()),
        modifyRecord.getModifications(), null);
  }

  /**
   * Processes an internal modify operation with the provided information.
   *
   * @param modifyRequest
   *          The modify request with information about the changes to perform.
   * @return A reference to the modify operation that was processed and contains information about
   *         the result of the processing.
   */
  public ModifyOperation processModify(ModifyRequest modifyRequest)
  {
    return processModify(ByteString.valueOfObject(modifyRequest.getName()),
        toRawModifications(modifyRequest.getModifications()), to(modifyRequest.getControls()));
  }


  /**

 opendj-server-legacy/src/main/java/org/opends/server/tasks/TaskUtils.java

@@ -12,7 +12,7 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.tasks;

@@ -25,9 +25,8 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.TaskMessages;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.admin.server.ServerManagementContext;
import org.opends.server.admin.std.server.BackendCfg;
import org.opends.server.admin.std.server.RootCfg;
@@ -36,19 +35,19 @@
import org.opends.server.config.StringConfigAttribute;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPModification;
import org.opends.server.types.Attribute;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.RawModification;
import org.opends.server.util.CollectionUtils;
import org.opends.server.util.ServerConstants;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.messages.ConfigMessages.*;
import static org.opends.messages.TaskMessages.*;
import static org.opends.messages.ToolMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.ServerConstants.*;
import static org.opends.server.util.StaticUtils.*;

/**
@@ -222,20 +221,14 @@
                                   e.getMessageObject(), e);
    }

    LDAPAttribute a = new LDAPAttribute(ATTR_BACKEND_ENABLED, ServerConstants.TRUE_VALUE);
    LDAPModification m = new LDAPModification(ModificationType.REPLACE, a);

    ArrayList<RawModification> modList = CollectionUtils.<RawModification> newArrayList(m);

    String backendDNString = configEntryDN.toString();
    ByteString rawEntryDN = ByteString.valueOfUtf8(backendDNString);
    ModifyOperation internalModify = getRootConnection().processModify(rawEntryDN, modList);
    ModifyRequest modifyRequest = newModifyRequest(from(configEntryDN))
        .addModification(REPLACE, ATTR_BACKEND_ENABLED, TRUE_VALUE);
    ModifyOperation internalModify = getRootConnection().processModify(modifyRequest);

    ResultCode resultCode = internalModify.getResultCode();
    if (resultCode != ResultCode.SUCCESS)
    {
      LocalizableMessage message =
          TaskMessages.ERR_TASK_CANNOT_ENABLE_BACKEND.get(backendDNString);
      LocalizableMessage message = ERR_TASK_CANNOT_ENABLE_BACKEND.get(configEntryDN);
      throw new DirectoryException(resultCode, message);
    }
  }
@@ -264,20 +257,14 @@
                                   e.getMessageObject(), e);
    }

    LDAPAttribute a = new LDAPAttribute(ATTR_BACKEND_ENABLED, ServerConstants.FALSE_VALUE);
    LDAPModification m = new LDAPModification(ModificationType.REPLACE, a);

    ArrayList<RawModification> modList = CollectionUtils.<RawModification> newArrayList(m);

    String backendDNString = configEntryDN.toString();
    ByteString rawEntryDN = ByteString.valueOfUtf8(backendDNString);
    ModifyOperation internalModify = getRootConnection().processModify(rawEntryDN, modList);
    ModifyRequest modifyRequest = newModifyRequest(from(configEntryDN))
        .addModification(REPLACE, ATTR_BACKEND_ENABLED, FALSE_VALUE);
    ModifyOperation internalModify = getRootConnection().processModify(modifyRequest);

    ResultCode resultCode = internalModify.getResultCode();
    if (resultCode != ResultCode.SUCCESS)
    {
      LocalizableMessage message =
          TaskMessages.ERR_TASK_CANNOT_DISABLE_BACKEND.get(backendDNString);
      LocalizableMessage message = ERR_TASK_CANNOT_DISABLE_BACKEND.get(configEntryDN);
      throw new DirectoryException(resultCode, message);
    }
  }

 opendj-server-legacy/src/test/java/org/opends/server/api/PasswordValidatorTestCase.java

@@ -21,26 +21,16 @@
import static org.opends.server.TestCaseUtils.*;
import static org.testng.Assert.*;

import java.net.Socket;
import java.util.ArrayList;
import java.util.Set;

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.TestCaseUtils;
import org.opends.server.extensions.TestPasswordValidator;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPModification;
import org.opends.server.protocols.ldap.ModifyRequestProtocolOp;
import org.opends.server.protocols.ldap.ModifyResponseProtocolOp;
import org.opends.server.tools.LDAPPasswordModify;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.RawModification;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
@@ -417,41 +407,15 @@
         "ds-privilege-name: bypass-acl",
         "userPassword: password");

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("uid=test.user,o=test", "password");
      conn.modify(newModifyRequest("uid=test.user,o=test")
          .addModification(REPLACE, "userPassword", "newPassword"));

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
      new BindRequestProtocolOp(
               ByteString.valueOfUtf8("uid=test.user,o=test"),
                                3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0);

    LDAPAttribute attr = new LDAPAttribute("userPassword", "newPassword");
    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE, attr));

    ModifyRequestProtocolOp modifyRequest =
         new ModifyRequestProtocolOp(
                  ByteString.valueOfUtf8("uid=test.user,o=test"), mods);
    message = new LDAPMessage(2, modifyRequest);
    w.writeMessage(message);

    message = r.readMessage();
    ModifyResponseProtocolOp modifyResponse =
         message.getModifyResponseProtocolOp();
    assertEquals(modifyResponse.getResultCode(), 0);

    assertEquals(TestPasswordValidator.getLastNewPassword(),
                 ByteString.valueOfUtf8("newPassword"));
    assertTrue(TestPasswordValidator.getLastCurrentPasswords().isEmpty());
      assertEquals(TestPasswordValidator.getLastNewPassword(), ByteString.valueOfUtf8("newPassword"));
      assertTrue(TestPasswordValidator.getLastCurrentPasswords().isEmpty());
    }
  }



 opendj-server-legacy/src/test/java/org/opends/server/backends/ChangelogBackendTestCase.java

@@ -11,14 +11,17 @@
 * Header, with the fields enclosed by brackets [] replaced by your own identifying
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2014-2015 ForgeRock AS.
 * Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.backends;

import static java.util.concurrent.TimeUnit.*;

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.ResultCode.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.messages.ReplicationMessages.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.replication.protocol.OperationContext.*;
@@ -45,7 +48,6 @@
import org.assertj.core.api.SoftAssertions;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.admin.std.server.ExternalChangelogDomainCfg;
@@ -688,12 +690,15 @@
          "telephonenumber: 131313");

      // mod 'sn' of fiona with 'sn' configured as ecl-incl-att
      final ModifyOperation modOp1 = connection.processModify(uentry1.getName(), createAttributeModif("sn", "newsn"));
      final ModifyOperation modOp1 = connection.processModify(
          newModifyRequest(from(uentry1.getName()))
          .addModification(REPLACE, "sn", "newsn"));
      waitForSearchOpResult(modOp1, ResultCode.SUCCESS);

      // mod 'telephonenumber' of robert
      final ModifyOperation modOp2 = connection.processModify(uentry2.getName(),
          createAttributeModif("telephonenumber", "555555"));
      final ModifyOperation modOp2 = connection.processModify(
          newModifyRequest(from(uentry2.getName()))
          .addModification(REPLACE, "telephonenumber", "555555"));
      waitForSearchOpResult(modOp2, ResultCode.SUCCESS);

      // moddn robert to robert2
@@ -1204,16 +1209,10 @@
  {
    assertSameServerId(replicaId, csn);
    DN baseDN = DN.valueOf("uid=" + testName + "3," + replicaId.getBaseDN());
    List<Modification> mods = createAttributeModif("description", "new value");
    List<Modification> mods = newArrayList(new Modification(REPLACE, Attributes.create("description", "new value")));
    return new ModifyMsg(csn, baseDN, mods, testName + "uuid3");
  }

  private List<Modification> createAttributeModif(String attributeName, String valueString)
  {
    Attribute attr = Attributes.create(attributeName, valueString);
    return newArrayList(new Modification(ModificationType.REPLACE, attr));
  }

  private UpdateMsg generateModDNMsg(ReplicaId replicaId, CSN csn, String testName) throws Exception
  {
    assertSameServerId(replicaId, csn);

 opendj-server-legacy/src/test/java/org/opends/server/controls/PasswordPolicyControlTestCase.java

@@ -103,16 +103,18 @@
        "userPassword: password",
        "ds-privilege-name: bypass-acl");

    try (RemoteConnection c = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPMessage bindMessage = c.bind("uid=test.user,o=test", "password", newPasswordPolicyControl());
      SimpleBindRequest bindRequest = newSimpleBindRequest("uid=test.user,o=test", "password".toCharArray())
          .addControl(newPasswordPolicyControl());
      LDAPMessage bindMessage = conn.bind(bindRequest, false);
      assertTrue(passwordPolicyControlExists(bindMessage.getControls(), PasswordPolicyErrorType.CHANGE_AFTER_RESET));

      AddRequest addRequest = newAddRequest("ou=People,o=test")
          .addAttribute("objectClass", "organizationalUnit")
          .addAttribute("ou", "People")
          .addControl(newPasswordPolicyControl());
      LDAPMessage message = c.add(addRequest, false);
      LDAPMessage message = conn.add(addRequest, false);

      AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
      assertNotEquals(addResponse.getResultCode(), LDAPResultCode.SUCCESS);

 opendj-server-legacy/src/test/java/org/opends/server/controls/PersistentSearchControlTest.java

@@ -12,11 +12,12 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2010 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.controls;

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.controls.PersistentSearchChangeType.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
@@ -24,7 +25,11 @@
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

import java.util.*;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.io.ASN1;
@@ -34,18 +39,19 @@
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.util.Utils;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.protocols.ldap.LDAPModification;
import org.opends.server.protocols.ldap.LDAPReader;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.types.*;
import org.opends.server.types.CancelRequest;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.LDAPException;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@@ -507,15 +513,9 @@
  {
    TestCaseUtils.initializeTestBackend(true);
    //Modify the configuration to allow only 1 concurrent persistent search.
    InternalClientConnection conn = getRootConnection();

    LDAPAttribute attr = new LDAPAttribute("ds-cfg-max-psearches", "1");

    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE, attr));

    ModifyOperation modifyOperation =
         conn.processModify(ByteString.valueOfUtf8("cn=config"), mods);
    ModifyRequest modifyRequest = newModifyRequest("cn=config")
        .addModification(ModificationType.REPLACE, "ds-cfg-max-psearches", "1");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    //Create a persistent search request.
@@ -524,7 +524,7 @@
        .setTypesOnly(true)
        .addAttribute("cn")
        .addControl(new PersistentSearchControl(changeTypes, true, true));
    final InternalSearchOperation search = conn.processSearch(request);
    final InternalSearchOperation search = getRootConnection().processSearch(request);

    Thread t = new Thread(new Runnable() {
      @Override

 opendj-server-legacy/src/test/java/org/opends/server/core/AbandonOperationTestCase.java

@@ -20,7 +20,6 @@
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

import java.net.Socket;
import java.util.ArrayList;
import java.util.LinkedHashSet;

@@ -54,14 +53,12 @@
import org.opends.server.protocols.ldap.ModifyResponseProtocolOp;
import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
import org.opends.server.protocols.ldap.SearchResultDoneProtocolOp;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.CancelRequest;
import org.opends.server.types.Control;
import org.opends.server.types.Operation;
import org.opends.server.types.RawAttribute;
import org.opends.server.types.RawModification;
import org.opends.server.util.StaticUtils;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@@ -202,20 +199,14 @@
  {
    // Establish a connection to the server.  It can be unauthenticated for the
    // purpose of this test.
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPWriter w = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // Send the abandon request to the server and wait a few seconds to ensure
      // it has completed before closing the connection.
      conn.writeMessage(new AbandonRequestProtocolOp(1), DisconnectClientPlugin.createDisconnectControlList("PreParse"));


    // Send the abandon request to the server and wait a few seconds to ensure
    // it has completed before closing the connection.
    AbandonRequestProtocolOp abandonRequest = new AbandonRequestProtocolOp(1);
    LDAPMessage message = new LDAPMessage(2, abandonRequest,
         DisconnectClientPlugin.createDisconnectControlList("PreParse"));
    w.writeMessage(message);

    Thread.sleep(3000);

    StaticUtils.close(s);
      Thread.sleep(3000);
    }

    // NOTE:  We can't check to see if pre-parse plugins were called yet
    //        because there's no plugin ordering.  It's possible that the
@@ -237,18 +228,14 @@
  {
    // Establish a connection to the server.  It can be unauthenticated for the
    // purpose of this test.
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPWriter w = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // Send the abandon request to the server and wait a few seconds to ensure
      // it has completed before closing the connection.
      conn.writeMessage(new AbandonRequestProtocolOp(1));


    // Send the abandon request to the server and wait a few seconds to ensure
    // it has completed before closing the connection.
    AbandonRequestProtocolOp abandonRequest = new AbandonRequestProtocolOp(1);
    w.writeMessage(new LDAPMessage(2, abandonRequest));

    Thread.sleep(3000);

    s.close();
      Thread.sleep(3000);
    }
  }



 opendj-server-legacy/src/test/java/org/opends/server/core/BackendConfigManagerTestCase.java

@@ -12,7 +12,7 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.core;

@@ -20,25 +20,25 @@

import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.Backend;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.util.StaticUtils;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

/**
@@ -183,29 +183,22 @@
    assertNull(DirectoryServer.getBackend(backendID));
    assertFalse(DirectoryServer.isNamingContext(baseDN));


    InternalClientConnection conn = getRootConnection();
    // Modify the backend to enable it.
    ArrayList<Modification> mods = newArrayList(new Modification(REPLACE, Attributes.create("ds-cfg-enabled", "true")));
    ModifyOperation modifyOperation =
         conn.processModify(backendEntry.getName(), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    enableBackend(backendEntry, true);

    Backend<?> backend = DirectoryServer.getBackend(backendID);
    assertBackend(baseDN, backend);
    createEntry(baseDN, backend);


    // Modify the backend to disable it.
    mods = newArrayList(new Modification(REPLACE, Attributes.create("ds-cfg-enabled", "false")));
    modifyOperation = conn.processModify(backendEntry.getName(), mods);
    enableBackend(backendEntry, false);
    assertNull(DirectoryServer.getBackend(backendID));
    assertFalse(DirectoryServer.entryExists(baseDN));
    assertFalse(DirectoryServer.isNamingContext(baseDN));


    // Delete the disabled backend.
    DeleteOperation deleteOperation = conn.processDelete(backendEntry.getName());
    DeleteOperation deleteOperation = getRootConnection().processDelete(backendEntry.getName());
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
  }

@@ -413,28 +406,19 @@
    // Now we can create the grandchild base entry.
    createEntry(grandchildBaseDN, grandchildBackend);


    InternalClientConnection conn = getRootConnection();
    // Verify that a subtree search can see all three entries.
    final SearchRequest request = newSearchRequest(parentBaseDN, SearchScope.WHOLE_SUBTREE);
    assertSearchResultsSize(request, 3);


    // Disable the intermediate (child) backend.  This should be allowed.
    ArrayList<Modification> mods =
        newArrayList(new Modification(REPLACE, Attributes.create("ds-cfg-enabled", "false")));
    ModifyOperation modifyOperation =
         conn.processModify(childBackendEntry.getName(), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    enableBackend(childBackendEntry, false);

    assertSearchResultsSize(request, 2);


    // Re-enable the intermediate backend.
    mods = newArrayList(new Modification(REPLACE, Attributes.create("ds-cfg-enabled", "true")));
    modifyOperation = conn.processModify(childBackendEntry.getName(), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    enableBackend(childBackendEntry, true);


    // Update our reference to the child backend since the old one is no longer
@@ -478,6 +462,14 @@
    assertNull(DirectoryServer.getBackend(parentBackendID));
  }

  private void enableBackend(Entry entry, boolean enabled)
  {
    ModifyRequest modifyRequest = newModifyRequest(from(entry.getName()))
        .addModification(REPLACE, "ds-cfg-enabled", Boolean.toString(enabled));
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

  private void assertSearchResultsSize(final SearchRequest request, int expected)
  {
    InternalSearchOperation internalSearch = getRootConnection().processSearch(request);

 opendj-server-legacy/src/test/java/org/opends/server/core/BindOperationTestCase.java

@@ -12,35 +12,46 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2010 Sun Microsystems, Inc.
 * Portions Copyright 2011-2015 ForgeRock AS.
 * Portions Copyright 2011-2016 ForgeRock AS.
 */
package org.opends.server.core;

import java.net.Socket;
import java.util.ArrayList;
import java.util.List;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.plugins.DisconnectClientPlugin;
import org.opends.server.plugins.InvocationCounterPlugin;
import org.opends.server.plugins.ShortCircuitPlugin;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.ldap.*;
import org.opends.server.tools.*;
import org.opends.server.tools.LDAPReader;
import org.opends.server.types.*;
import org.opends.server.util.StaticUtils;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPResultCode;
import org.opends.server.tools.LDAPDelete;
import org.opends.server.tools.LDAPModify;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.CancelRequest;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.Operation;
import org.opends.server.types.OperationType;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.ldap.LDAPConstants.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

@@ -607,11 +618,7 @@
    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperation bindOperation =
                       conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds);
    BindOperation bindOperation = conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds());
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(bindOperation.getSASLAuthUserEntry());
  }
@@ -675,11 +682,7 @@
    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperation bindOperation =
         conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds);
    BindOperation bindOperation = conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds());
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(bindOperation.getUserEntryDN());
  }
@@ -720,11 +723,7 @@
    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperation bindOperation =
         conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds);
    BindOperation bindOperation = conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds());
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
    assertTrue(bindOperation.getProcessingStartTime() > 0);
    assertTrue(bindOperation.getProcessingStopTime() >=
@@ -800,11 +799,7 @@
    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperation bindOperation =
         conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds);
    BindOperation bindOperation = conn.processSASLBind(DN.rootDN(), "PLAIN", saslCreds());
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);

//    assertTrue(InvocationCounterPlugin.getPreParseCount() > 0);
@@ -826,27 +821,18 @@
  public void testBindDisconnectInPreParseSimpleAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), 3,
                                   ByteString.empty());
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList("PreParse"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(anonymousBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PreParse"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -862,28 +848,18 @@
  public void testBindDisconnectInPreOperationSimpleAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), 3,
                                   ByteString.empty());
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PreOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(anonymousBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PreOperation"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -899,28 +875,18 @@
  public void testBindDisconnectInPostOperationSimpleAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), 3,
                                   ByteString.empty());
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PostOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(anonymousBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PostOperation"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -936,27 +902,17 @@
  public void testBindDisconnectInPostResponseSimpleAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), 3,
                                   ByteString.empty());
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PostResponse"));
    w.writeMessage(message);

    message = r.readMessage();
    while (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      assertThat(message.getProtocolOpType()).isIn(OP_TYPE_BIND_RESPONSE, OP_TYPE_EXTENDED_RESPONSE);
      message = r.readMessage();
    }
      conn.writeMessage(anonymousBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PostResponse"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      while (message != null)
      {
        assertThat(message.getProtocolOpType()).isIn(OP_TYPE_BIND_RESPONSE, OP_TYPE_EXTENDED_RESPONSE);
        message = conn.readMessage();
      }
    }
  }


@@ -971,30 +927,41 @@
  public void testBindDisconnectInPreParseSimpleAuthenticated()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList("PreParse"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(bindRequest(), DisconnectClientPlugin.createDisconnectControlList("PreParse"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }

  private BindRequestProtocolOp bindRequest()
  {
    String bindDn = "cn=Directory Manager";
    String bindPwd = "password";
    return new BindRequestProtocolOp(ByteString.valueOfUtf8(bindDn), 3, ByteString.valueOfUtf8(bindPwd));
  }

  private BindRequestProtocolOp anonymousBindRequest()
  {
    return new BindRequestProtocolOp(ByteString.empty(), 3, ByteString.empty());
  }

  private ByteString saslCreds()
  {
    return ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");
  }

  private BindRequestProtocolOp plainBindRequest()
  {
    return new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds());
  }

  /**
   * Tests an authenticated simple bind operation to ensure that it's treated
@@ -1007,28 +974,18 @@
  public void testBindDisconnectInPreOperationSimpleAuthenticated()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PreOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(bindRequest(), DisconnectClientPlugin.createDisconnectControlList("PreOperation"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -1044,28 +1001,18 @@
  public void testBindDisconnectInPostOperationSimpleAuthenticated()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PostOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(bindRequest(), DisconnectClientPlugin.createDisconnectControlList("PostOperation"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -1081,27 +1028,17 @@
  public void testBindDisconnectInPostResponseSimpleAuthenticated()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PostResponse"));
    w.writeMessage(message);

    message = r.readMessage();
    while (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      assertThat(message.getProtocolOpType()).isIn(OP_TYPE_BIND_RESPONSE, OP_TYPE_EXTENDED_RESPONSE);
      message = r.readMessage();
    }
      conn.writeMessage(bindRequest(), DisconnectClientPlugin.createDisconnectControlList("PostResponse"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      while (message != null)
      {
        assertThat(message.getProtocolOpType()).isIn(OP_TYPE_BIND_RESPONSE, OP_TYPE_EXTENDED_RESPONSE);
        message = conn.readMessage();
      }
    }
  }


@@ -1116,29 +1053,18 @@
  public void testBindDisconnectInPreParseSASL()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds);
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList("PreParse"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(plainBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PreParse"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -1153,30 +1079,20 @@
  public void testBindDisconnectInPreOperationSASL()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds);
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PreOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
    }
      conn.writeMessage(
          plainBindRequest(),
          DisconnectClientPlugin.createDisconnectControlList("PreOperation"));

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }
  }


@@ -1191,34 +1107,20 @@
  public void testBindDisconnectInPostOperationSASL()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds);
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PostOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    if (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      // If we got an element back, then it must be a notice of disconnect
      // unsolicited notification.
      assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      conn.writeMessage(plainBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PostOperation"));

      LDAPMessage message = conn.readMessage();
      if (message != null)
      {
        // If we got an element back, then it must be a notice of disconnect
        // unsolicited notification.
        assertEquals(message.getProtocolOpType(), OP_TYPE_EXTENDED_RESPONSE);
      }
    }

    StaticUtils.close(s);
  }



  /**
   * Tests a SASL bind operation to ensure that it's treated properly if the
   * client connection is lost in post-response plugin processing.
@@ -1229,33 +1131,19 @@
  public void testBindDisconnectInPostResponseSASL()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds);
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         DisconnectClientPlugin.createDisconnectControlList(
              "PostResponse"));
    w.writeMessage(message);

    message = r.readMessage();
    while (message != null)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      assertThat(message.getProtocolOpType()).isIn(OP_TYPE_BIND_RESPONSE, OP_TYPE_EXTENDED_RESPONSE);
      message = r.readMessage();
      conn.writeMessage(plainBindRequest(), DisconnectClientPlugin.createDisconnectControlList("PostResponse"));

      LDAPMessage message = conn.readMessage();
      while (message != null)
      {
        assertThat(message.getProtocolOpType()).isIn(OP_TYPE_BIND_RESPONSE, OP_TYPE_EXTENDED_RESPONSE);
        message = conn.readMessage();
      }
    }

    StaticUtils.close(s);
  }



  /**
   * Tests an anonymous simple bind operation to ensure that it's treated
   * properly if the operation gets short-circuited in pre-parse plugin
@@ -1267,23 +1155,14 @@
  public void testBindShortCircuitInPreParseSimpleAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(anonymousBindRequest(), ShortCircuitPlugin.createShortCircuitControlList(80, "PreParse"));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), 3,
                                   ByteString.empty());
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         ShortCircuitPlugin.createShortCircuitControlList(80, "PreParse"));
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 80);

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 80);
    }
  }


@@ -1299,28 +1178,16 @@
  public void testBindShortCircuitInPreOperationSimpleAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(anonymousBindRequest(), ShortCircuitPlugin.createShortCircuitControlList(80, "PreOperation"));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), 3,
                                   ByteString.empty());
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         ShortCircuitPlugin.createShortCircuitControlList(80,
                                                              "PreOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 80);

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 80);
    }
  }



  /**
   * Tests an authenticated simple bind operation to ensure that it's treated
   * properly if the operation gets short-circuited in pre-parse plugin
@@ -1332,23 +1199,14 @@
  public void testBindShortCircuitInPreParseSimpleAuthenticated()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(bindRequest(), ShortCircuitPlugin.createShortCircuitControlList(80, "PreParse"));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         ShortCircuitPlugin.createShortCircuitControlList(80, "PreParse"));
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 80);

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 80);
    }
  }


@@ -1364,24 +1222,14 @@
  public void testBindShortCircuitInPreOperationSimpleAuthenticated()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(bindRequest(), ShortCircuitPlugin.createShortCircuitControlList(80, "PreOperation"));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         ShortCircuitPlugin.createShortCircuitControlList(80,
                                                              "PreOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 80);

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 80);
    }
  }


@@ -1396,25 +1244,14 @@
  public void testBindShortCircuitInPreParseSASL()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(plainBindRequest(), ShortCircuitPlugin.createShortCircuitControlList(80, "PreParse"));

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds);
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         ShortCircuitPlugin.createShortCircuitControlList(80, "PreParse"));
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 80);

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 80);
    }
  }


@@ -1429,26 +1266,14 @@
  public void testBindShortCircuitInPreOperationSASL()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    TestCaseUtils.configureSocket(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(plainBindRequest(), ShortCircuitPlugin.createShortCircuitControlList(80, "PreOperation"));

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "PLAIN", saslCreds);
    LDAPMessage message = new LDAPMessage(1, bindRequest,
         ShortCircuitPlugin.createShortCircuitControlList(80,
                                                              "PreOperation"));
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 80);

    StaticUtils.close(s);
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 80);
    }
  }


@@ -1479,12 +1304,7 @@
    InternalClientConnection conn =
         new InternalClientConnection(new AuthenticationInfo());

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperation bindOperation =
         conn.processSASLBind(ByteString.valueOfUtf8("invaliddn"), "PLAIN",
                              saslCreds);
    BindOperation bindOperation = conn.processSASLBind(ByteString.valueOfUtf8("invaliddn"), "PLAIN", saslCreds());
    assertEquals(bindOperation.getResultCode(), ResultCode.INVALID_CREDENTIALS);
  }

@@ -1527,13 +1347,10 @@
    ArrayList<Control> requestControls = new ArrayList<>(1);
    requestControls.add(new LDAPControl("1.2.3.4", true));

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperationBasis bindOperation =
         new BindOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
         new BindOperationBasis(conn, nextOperationID(), nextMessageID(),
                           requestControls, "3", DN.rootDN(), "PLAIN",
                        saslCreds);
            saslCreds());
    bindOperation.run();
    assertEquals(bindOperation.getResultCode(),
                 ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
@@ -1578,13 +1395,10 @@
    ArrayList<Control> requestControls = new ArrayList<>(1);
    requestControls.add(new LDAPControl("1.2.3.4", false));

    ByteString saslCreds =
         ByteString.valueOfUtf8("\u0000dn:cn=Directory Manager\u0000password");

    BindOperationBasis bindOperation =
         new BindOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
         new BindOperationBasis(conn, nextOperationID(), nextMessageID(),
                           requestControls, "3", DN.rootDN(), "PLAIN",
                           saslCreds);
            saslCreds());
    bindOperation.run();
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
  }
@@ -1652,26 +1466,21 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    bindWithDnRequiresPassword(false);

    String attr = "ds-cfg-bind-with-dn-requires-password";
    ArrayList<Modification> mods = newArrayList(new Modification(REPLACE, Attributes.create(attr, "false")));
    ModifyOperation modifyOperation =
         conn.processModify(DN.valueOf("cn=config"), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    BindOperation bindOperation =
         conn.processSimpleBind(ByteString.valueOfUtf8("cn=Directory Manager"),
                                ByteString.empty());
    BindOperation bindOperation = getRootConnection().processSimpleBind("cn=Directory Manager", "");
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);

    mods = newArrayList(new Modification(REPLACE, Attributes.create(attr, "true")));
    modifyOperation =  conn.processModify(DN.valueOf("cn=config"), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    bindWithDnRequiresPassword(true);
  }


  private void bindWithDnRequiresPassword(boolean required)
  {
    ModifyRequest modifyRequest = newModifyRequest("cn=config")
        .addModification(REPLACE, "ds-cfg-bind-with-dn-requires-password", Boolean.toString(required));
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

  /**
   * Tests performing a simple bind operation as a user who doesn't have a
@@ -1828,42 +1637,21 @@
    String dnString = "uid=rebind.test,o=test";
    DN userDN = DN.valueOf(dnString);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    TestCaseUtils.configureSocket(s);
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind(dnString, "password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8(dnString),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);
      assertNotNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
      assertEquals(DirectoryServer.getAuthenticatedUsers().get(userDN).size(), 1);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0);
      // We occasionally run into
      // ProtocolMessages.MSGID_LDAP_CLIENT_DUPLICATE_MESSAGE_ID, so we wait
      // for previous ops to complete.
      TestCaseUtils.quiesceServer();
      conn.bind("cn=Directory Manager", "password");

    assertNotNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
    assertEquals(DirectoryServer.getAuthenticatedUsers().get(userDN).size(),
                 1);

    // We occasionally run into
    // ProtocolMessages.MSGID_LDAP_CLIENT_DUPLICATE_MESSAGE_ID, so we wait
    // for previous ops to complete.
    TestCaseUtils.quiesceServer();
    bindRequest = new BindRequestProtocolOp(
                           ByteString.valueOfUtf8("cn=Directory Manager"), 3,
                           ByteString.valueOfUtf8("password"));
    message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0, message.toString());

    assertNull(DirectoryServer.getAuthenticatedUsers().get(userDN));

    s.close();
      assertNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
    }
  }


@@ -1901,44 +1689,31 @@
    String dnString = "uid=test,ou=people,dc=example,dc=com";
    DN userDN = DN.valueOf(dnString);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    TestCaseUtils.configureSocket(s);
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8(dnString),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse =
            message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0);

    assertNotNull(DirectoryServer.getAuthenticatedUsers().get(
            userDN));
    assertEquals(DirectoryServer.getAuthenticatedUsers().get(
            userDN).size(), 1);

    String[] args =
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-J", OID_SUBTREE_DELETE_CONTROL + ":true",
      "--noPropertiesFile",
      "ou=people,dc=example,dc=com"
    };
    assertEquals(LDAPDelete.mainDelete(args, false, null, System.err), 0);
      conn.bind(dnString, "password");

    assertNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
      assertNotNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
      assertEquals(DirectoryServer.getAuthenticatedUsers().get(userDN).size(), 1);

    s.close();
      String[] args =
        {
        "-h", "127.0.0.1",
        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-D", "cn=Directory Manager",
        "-w", "password",
        "-J", OID_SUBTREE_DELETE_CONTROL + ":true",
        "--noPropertiesFile",
        "ou=people,dc=example,dc=com"
        };
      assertEquals(LDAPDelete.mainDelete(args, false, null, System.err), 0);

    TestCaseUtils.clearBackend("userRoot");
      assertNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
    }
    finally
    {
      TestCaseUtils.clearBackend("userRoot");
    }
  }


@@ -1976,54 +1751,37 @@
    String dnString = "uid=test,ou=people,dc=example,dc=com";
    DN userDN = DN.valueOf(dnString);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    TestCaseUtils.configureSocket(s);
    LDAPReader r = new LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8(dnString),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse =
            message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0);

    assertNotNull(DirectoryServer.getAuthenticatedUsers().get(
            userDN));
    assertEquals(DirectoryServer.getAuthenticatedUsers().get(
            userDN).size(), 1);

    String path = TestCaseUtils.createTempFile(
         "dn: ou=people,dc=example,dc=com",
         "changetype: moddn",
         "newRDN: ou=users",
         "deleteOldRDN: 1");
    String[] args =
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-D", "cn=Directory Manager",
      "-w", "password",
      "--noPropertiesFile",
      "-f", path
    };
    assertEquals(LDAPModify.mainModify(args, false, null, System.err), 0);
      conn.bind(dnString, "password");

    String newDNString = "uid=test,ou=users,dc=example,dc=com";
    DN newUserDN = DN.valueOf(newDNString);
      assertNotNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
      assertEquals(DirectoryServer.getAuthenticatedUsers().get(userDN).size(), 1);

    assertNotNull(DirectoryServer.getAuthenticatedUsers().get(
            newUserDN));
    assertEquals(DirectoryServer.getAuthenticatedUsers().get(
            newUserDN).size(), 1);
      String path = TestCaseUtils.createTempFile(
          "dn: ou=people,dc=example,dc=com",
          "changetype: moddn",
          "newRDN: ou=users",
          "deleteOldRDN: 1");
      String[] args =
        {
        "-h", "127.0.0.1",
        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-D", "cn=Directory Manager",
        "-w", "password",
        "--noPropertiesFile",
        "-f", path
        };
      assertEquals(LDAPModify.mainModify(args, false, null, System.err), 0);

    s.close();

    TestCaseUtils.clearBackend("userRoot");
      DN newUserDN = DN.valueOf("uid=test,ou=users,dc=example,dc=com");
      assertNotNull(DirectoryServer.getAuthenticatedUsers().get(newUserDN));
      assertEquals(DirectoryServer.getAuthenticatedUsers().get(newUserDN).size(), 1);
    }
    finally
    {
      TestCaseUtils.clearBackend("userRoot");
    }
  }



 opendj-server-legacy/src/test/java/org/opends/server/core/GroupManagerTestCase.java

@@ -12,18 +12,17 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2008-2010 Sun Microsystems, Inc.
 * Portions Copyright 2011-2015 ForgeRock AS.
 * Portions Copyright 2011-2016 ForgeRock AS.
 */
package org.opends.server.core;

import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.std.server.GroupImplementationCfg;
import org.opends.server.api.Group;
@@ -35,20 +34,20 @@
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.tools.LDAPDelete;
import org.opends.server.tools.LDAPModify;
import org.opends.server.types.Attribute;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.MemberList;
import org.opends.server.types.MembershipException;
import org.opends.server.types.Modification;
import org.opends.server.types.RDN;
import org.opends.server.types.SearchFilter;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.opends.server.util.ServerConstants.*;
@@ -236,34 +235,23 @@
    //Add even numbered members.
    group1Instance.addMember(user2Entry);
    group1Instance.addMember(user4Entry);

    //Switch things around, change groups and members to odd numbered nested
    //groups and odd numbered members via ldap modify.
    LinkedList<Modification> mods = new LinkedList<>();
    Attribute g1 = Attributes.create("member", "cn=group 1,ou=Groups,o=test");
    Attribute g2 = Attributes.create("member", "cn=group 2,ou=Groups,o=test");
    Attribute g3 = Attributes.create("member", "cn=group 3,ou=Groups,o=test");
    Attribute g4 = Attributes.create("member", "cn=group 4,ou=Groups,o=test");
    Attribute u1 = Attributes.create("member", "uid=user.1,ou=People,o=test");
    Attribute u2 = Attributes.create("member", "uid=user.2,ou=People,o=test");
    Attribute u3 = Attributes.create("member", "uid=user.3,ou=People,o=test");
    Attribute u4 = Attributes.create("member", "uid=user.4,ou=People,o=test");
    Attribute u5 = Attributes.create("member", "uid=user.5,ou=People,o=test");
    //Delete even groups and users.
    mods.add(new Modification(ModificationType.DELETE, g2));
    mods.add(new Modification(ModificationType.DELETE, g4));
    mods.add(new Modification(ModificationType.DELETE, u2));
    mods.add(new Modification(ModificationType.DELETE, u4));
    final ModifyRequest modifyRequest = newModifyRequest(from(group1Instance.getGroupDN()));
    modifyRequest.addModification(DELETE, "member", "cn=group 2,ou=Groups,o=test");
    modifyRequest.addModification(DELETE, "member", "cn=group 4,ou=Groups,o=test");
    modifyRequest.addModification(DELETE, "member", "uid=user.2,ou=People,o=test");
    modifyRequest.addModification(DELETE, "member", "uid=user.4,ou=People,o=test");
    //Add odd groups and users.
    mods.add(new Modification(ModificationType.ADD, g1));
    mods.add(new Modification(ModificationType.ADD, g3));
    mods.add(new Modification(ModificationType.ADD, u1));
    mods.add(new Modification(ModificationType.ADD, u3));
    mods.add(new Modification(ModificationType.ADD, u5));
    InternalClientConnection conn =
            InternalClientConnection.getRootConnection();
    ModifyOperation modifyOperation =
            conn.processModify(group1Instance.getGroupDN(), mods);
    modifyRequest.addModification(ADD, "member", "cn=group 1,ou=Groups,o=test");
    modifyRequest.addModification(ADD, "member", "cn=group 3,ou=Groups,o=test");
    modifyRequest.addModification(ADD, "member", "uid=user.1,ou=People,o=test");
    modifyRequest.addModification(ADD, "member", "uid=user.3,ou=People,o=test");
    modifyRequest.addModification(ADD, "member", "uid=user.5,ou=People,o=test");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    //Check that the user membership changes were picked up.
    assertFalse(group1Instance.isMember(user2Entry));
    assertFalse(group1Instance.isMember(user4Entry));
@@ -316,10 +304,8 @@
    //Add some nested groups and members.
    group1Instance.addNestedGroup(group2DN);
    group1Instance.addMember(user1Entry);
    InternalClientConnection conn =
            InternalClientConnection.getRootConnection();
    //Delete the group.
    DeleteOperation deleteOperation = conn.processDelete(group1DN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(group1DN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(group1DN));
    //Membership check should throw an exception.
@@ -447,15 +433,10 @@
              "it didn't");
    } catch (DirectoryException ex) {}
    //Modify list via ldap modify.
    LinkedList<Modification> mods = new LinkedList<>();
    Attribute a2 = Attributes.create("member", "cn=group 2,ou=Groups,o=test");
    Attribute a3 = Attributes.create("member", "cn=group 1,ou=Groups,o=test");
    mods.add(new Modification(ModificationType.DELETE, a2));
    mods.add(new Modification(ModificationType.ADD, a3));
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    ModifyOperation modifyOperation =
                        conn.processModify(group1Instance.getGroupDN(), mods);
    final ModifyRequest modifyRequest = newModifyRequest(from(group1Instance.getGroupDN()))
        .addModification(DELETE, "member", "cn=group 2,ou=Groups,o=test")
        .addModification(ADD, "member", "cn=group 1,ou=Groups,o=test");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    //Check removing a group already removed via ldap modify fails.
    try
@@ -585,9 +566,7 @@
    groupInstance.toString(new StringBuilder());


    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -705,15 +684,10 @@


    // Modify the group and make sure the group manager gets updated accordingly
    LinkedList<Modification> mods = new LinkedList<>();
    Attribute a2 = Attributes.create("member", "uid=user.2,ou=People,o=test");
    Attribute a3 = Attributes.create("member", "uid=user.3,ou=People,o=test");
    mods.add(new Modification(ModificationType.DELETE, a2));
    mods.add(new Modification(ModificationType.ADD, a3));

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    ModifyOperation modifyOperation = conn.processModify(groupDN, mods);
    final ModifyRequest modifyRequest = newModifyRequest(from(groupDN))
        .addModification(DELETE, "member", "uid=user.2,ou=People,o=test")
        .addModification(ADD, "member", "uid=user.3,ou=People,o=test");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    groupInstance = groupManager.getGroupInstance(groupDN);
@@ -725,7 +699,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -776,9 +750,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -896,15 +868,10 @@


    // Modify the group and make sure the group manager gets updated accordingly
    LinkedList<Modification> mods = new LinkedList<>();
    Attribute a2 = Attributes.create("uniquemember", "uid=user.2,ou=People,o=test");
    Attribute a3 = Attributes.create("uniquemember", "uid=user.3,ou=People,o=test");
    mods.add(new Modification(ModificationType.DELETE, a2));
    mods.add(new Modification(ModificationType.ADD, a3));

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    ModifyOperation modifyOperation = conn.processModify(groupDN, mods);
    final ModifyRequest modifyRequest = newModifyRequest(from(groupDN))
        .addModification(DELETE, "uniquemember", "uid=user.2,ou=People,o=test")
        .addModification(ADD, "uniquemember", "uid=user.3,ou=People,o=test");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    groupInstance = groupManager.getGroupInstance(groupDN);
@@ -916,7 +883,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -967,9 +934,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -1087,15 +1052,10 @@


    // Modify the group and make sure the group manager gets updated accordingly
    LinkedList<Modification> mods = new LinkedList<>();
    Attribute a2 = Attributes.create("member", "uid=user.2,ou=People,o=test");
    Attribute a3 = Attributes.create("member", "uid=user.3,ou=People,o=test");
    mods.add(new Modification(ModificationType.DELETE, a2));
    mods.add(new Modification(ModificationType.ADD, a3));

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    ModifyOperation modifyOperation = conn.processModify(groupDN, mods);
    final ModifyRequest modifyRequest = newModifyRequest(from(groupDN))
        .addModification(DELETE, "member", "uid=user.2,ou=People,o=test")
        .addModification(ADD, "member", "uid=user.3,ou=People,o=test");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    groupInstance = groupManager.getGroupInstance(groupDN);
@@ -1107,7 +1067,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -1158,9 +1118,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -1234,10 +1192,8 @@
    RDN newRDN = RDN.decode("cn=Renamed Group");
    DN  newDN  = DN.valueOf("cn=Renamed Group,ou=Groups,o=test");

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    ModifyDNOperation modifyDNOperation =
         conn.processModifyDN(groupDN, newRDN, true);
 getRootConnection().processModifyDN(groupDN, newRDN, true);
    assertEquals(modifyDNOperation.getResultCode(), ResultCode.SUCCESS);

    groupInstance = groupManager.getGroupInstance(groupDN);
@@ -1250,7 +1206,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    DeleteOperation deleteOperation = conn.processDelete(newDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(newDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(newDN));
  }
@@ -1473,21 +1429,19 @@


    // Delete all of the groups and make sure the group manager gets updated accordingly
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(group1DN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(group1DN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(group1DN));

    deleteOperation = conn.processDelete(group2DN);
    deleteOperation = getRootConnection().processDelete(group2DN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(group2DN));

    deleteOperation = conn.processDelete(group3DN);
    deleteOperation = getRootConnection().processDelete(group3DN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(group3DN));

    deleteOperation = conn.processDelete(group4DN);
    deleteOperation = getRootConnection().processDelete(group4DN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(group3DN));
  }
@@ -1628,9 +1582,7 @@


    // Delete the group and make sure the group manager gets updated accordingly
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -1752,9 +1704,7 @@
    groupInstance.toString(new StringBuilder());


    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -1813,9 +1763,7 @@
    DynamicGroup dynamicGroup = (DynamicGroup) groupInstance;
    assertTrue(dynamicGroup.getMemberURLs().isEmpty());

    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -1912,9 +1860,7 @@
               "Expected member set to be empty but it was not:  " + memberSet);


    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -2012,9 +1958,7 @@
               "Expected member set to be empty but it was not:  " + memberSet);


    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -2113,9 +2057,7 @@
               "Expected member set to be empty but it was not:  " + memberSet);


    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }
@@ -2218,9 +2160,7 @@
               "Expected member set to be empty but it was not:  " + memberSet);


    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    DeleteOperation deleteOperation = conn.processDelete(groupDN);
    DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
    assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
    assertNull(groupManager.getGroupInstance(groupDN));
  }

 opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java

@@ -32,11 +32,9 @@
import org.opends.server.plugins.DisconnectClientPlugin;
import org.opends.server.plugins.ShortCircuitPlugin;
import org.opends.server.plugins.UpdatePreOpPlugin;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPControl;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPModification;
import org.opends.server.protocols.ldap.ModifyRequestProtocolOp;
@@ -57,7 +55,6 @@
import org.opends.server.types.RawModification;
import org.opends.server.types.WritabilityMode;
import org.opends.server.util.Base64;
import org.opends.server.util.ServerConstants;
import org.opends.server.workflowelement.localbackend.LocalBackendModifyOperation;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
@@ -67,12 +64,14 @@

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.controls.GenericControl.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.opends.server.protocols.ldap.LDAPConstants.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

/**
@@ -717,23 +716,9 @@
    retrieveFailedOperationElements(modifyOperation);
  }

  private ModifyOperation processModify(String entryDN, List<RawModification> mods)
  {
    InternalClientConnection conn = getRootConnection();
    return conn.processModify(ByteString.valueOfUtf8(entryDN), mods);
  }

  private ModifyOperation processModify(String entryDN, RawModification... mods)
  {
    InternalClientConnection conn = getRootConnection();
    return conn.processModify(ByteString.valueOfUtf8(entryDN), Arrays.asList(mods));
  }

  private ModifyOperation processModify(String entryDN,
      List<RawModification> mods, List<Control> requestControls)
  {
    InternalClientConnection conn = getRootConnection();
    return conn.processModify(ByteString.valueOfUtf8(entryDN), mods, requestControls);
    return getRootConnection().processModify(ByteString.valueOfUtf8(entryDN), Arrays.asList(mods));
  }

  /**
@@ -1327,7 +1312,7 @@
         "mail: foo");

    String dn = "uid=test.user," + baseDN;
    ModifyOperation modifyOperation = processModify(dn, newRawModifications(REPLACE, "uid", "test.user"));
    ModifyOperation modifyOperation = processModify(dn, newRawModification(REPLACE, "uid", "test.user"));
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    retrieveSuccessfulOperationElements(modifyOperation);

@@ -3000,14 +2985,10 @@
         "displayName: Test User",
         "userPassword: password");

    List<RawModification> mods = newRawModifications(ADD, "givenName", "Test");

    List<Control> requestControls = new ArrayList<>();
    requestControls.add(
        new LDAPControl(ServerConstants.OID_PERMISSIVE_MODIFY_CONTROL, false));

    ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN,
                            mods, requestControls);
    ModifyRequest modifyRequest = Requests.newModifyRequest("uid=test.user," + baseDN)
        .addModification(ADD, "givenName", "Test")
        .addControl(newControl(OID_PERMISSIVE_MODIFY_CONTROL));
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    retrieveSuccessfulOperationElements(modifyOperation);
  }
@@ -3035,14 +3016,10 @@
         "displayName: Test User",
         "userPassword: password");

    List<RawModification> mods = newRawModifications(DELETE, "givenName", "Foo");

    List<Control> requestControls = new ArrayList<>();
    requestControls.add(
        new LDAPControl(ServerConstants.OID_PERMISSIVE_MODIFY_CONTROL, false));

    ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN,
                            mods, requestControls);
    ModifyRequest modifyRequest = Requests.newModifyRequest("uid=test.user," + baseDN)
        .addModification(DELETE, "givenName", "Foo")
        .addControl(newControl(OID_PERMISSIVE_MODIFY_CONTROL));
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    retrieveSuccessfulOperationElements(modifyOperation);
  }
@@ -3070,14 +3047,10 @@
         "displayName: Test User",
         "userPassword: password");

    List<RawModification> mods = newRawModifications(DELETE, "description");

    List<Control> requestControls = new ArrayList<>();
    requestControls.add(
        new LDAPControl(ServerConstants.OID_PERMISSIVE_MODIFY_CONTROL, false));

    ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN,
                            mods, requestControls);
    ModifyRequest modifyRequest = Requests.newModifyRequest("uid=test.user," + baseDN)
        .addModification(DELETE, "description")
        .addControl(newControl(OID_PERMISSIVE_MODIFY_CONTROL));
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    retrieveSuccessfulOperationElements(modifyOperation);
  }
@@ -3463,11 +3436,9 @@
        "objectClass: top", "objectClass: person",
        "objectClass: organizationalPerson", "sn: User", "cn: Test User");

    // First check that adding "dc" fails because it is not allowed by
    // inetOrgPerson.
    List<RawModification> mods = newRawModifications(ADD, "dc", "foo");

    ModifyOperation modifyOperation = processModify("cn=Test User," + baseDN, mods);
    // First check that adding "dc" fails because it is not allowed by inetOrgPerson.
    RawModification mod = newRawModification(ADD, "dc", "foo");
    ModifyOperation modifyOperation = processModify("cn=Test User," + baseDN, mod);
    assertEquals(modifyOperation.getResultCode(), ResultCode.OBJECTCLASS_VIOLATION);

    int res = applyModifications(
@@ -3487,7 +3458,7 @@
    try
    {
      // Modify existing entry.
      modifyOperation = processModify("cn=Test User," + baseDN, mods);
      modifyOperation = processModify("cn=Test User," + baseDN, mod);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

      // Add new entry and modify.
@@ -3495,7 +3466,7 @@
          "objectClass: top", "objectClass: person",
          "objectClass: organizationalPerson", "sn: User2", "cn: Test User2");

      modifyOperation = processModify("cn=Test User2," + baseDN, mods);
      modifyOperation = processModify("cn=Test User2," + baseDN, mod);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    }
    finally
@@ -3520,7 +3491,7 @@
          "objectClass: top", "objectClass: person",
          "objectClass: organizationalPerson", "sn: User3", "cn: Test User3");

      modifyOperation = processModify("cn=Test User3," + baseDN, mods);
      modifyOperation = processModify("cn=Test User3," + baseDN, mod);
      assertEquals(modifyOperation.getResultCode(), ResultCode.OBJECTCLASS_VIOLATION);
    }
  }

 opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java

@@ -12,143 +12,131 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.core;



import java.net.Socket;
import java.util.ArrayList;
import java.util.concurrent.atomic.AtomicInteger;
import java.io.UnsupportedEncodingException;
import java.io.IOException;
import java.util.List;

import org.testng.annotations.Test;
import org.testng.annotations.BeforeClass;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.TestCaseUtils;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.ByteString;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
import org.opends.server.tools.*;
import static org.testng.Assert.*;
import org.opends.server.tools.LDAPAuthenticationHandler;
import org.opends.server.tools.LDAPCompare;
import org.opends.server.tools.LDAPDelete;
import org.opends.server.tools.LDAPModify;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.LDAPException;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.ServerConstants.*;
import com.forgerock.opendj.cli.ClientException;


import static org.testng.Assert.*;

/**
 * A set of testcases for configuration attribute
 * "ds-cfg-reject-unauthenticated-requests".
 */

@SuppressWarnings("javadoc")
public class RejectUnauthReqTests extends CoreTestCase
{
  private class Args
  {
    private final List<String> args = new ArrayList<>();

    public void add(String arg)
    {
      args.add(arg);
    }

    public void add(String arg, Object value)
    {
      args.add(arg);
      args.add(value.toString());
    }

    public String[] toArray()
    {
      return args.toArray(new String[args.size()]);
    }

    @Override
    public String toString()
    {
      return args.toString();
    }
  }

  /**
   * Utility method which is called by the testcase sending an ADD
   * request.
   * Utility method which is called by the testcase sending an ADD request.
   *
   * @param authentication
   * @param authenticate
   *          The flag to set the authentication on and off.
   * @return The error code of operation performed.
   * @throws Exception
   *           If an unexpected problem occurs.
   */
  private int performAddOperation(boolean authentication) throws Exception
  private int performAddOperation(boolean authenticate) throws Exception
  {
    String filePath = TestCaseUtils.createTempFile(
        "dn: o=rejectTestCase,o=test", "objectclass: top",
        "objectclass: organization", "o: rejectTestCase",
        "description: Reject Test Case");
    String[] args = null;
    if (authentication)
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-D",
          "cn=directory manager",
          "-w",
          "password",
          "-a",
          "-f",
          filePath,
      };
    }
    else
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-a",
          "-f",
          filePath,
      };
    }
    return LDAPModify.mainModify(args, false, null, null);
    return LDAPModify.mainModify(addArgs(authenticate, filePath), false, null, null);
  }

  private String[] modifyArgs(boolean authenticate, String filePath)
  {
    return args(authenticate, false, filePath);
  }

  private String[] addArgs(boolean authenticate, String filePath)
  {
    return args(authenticate, true, filePath);
  }

  private String[] args(boolean authenticate, boolean add, String filePath)
  {
    Args args = new Args();
    args.add("--noPropertiesFile");
    args.add("-h", "127.0.0.1");
    args.add("-p", TestCaseUtils.getServerLdapPort());
    if (authenticate)
    {
      args.add("-D", "cn=directory manager");
      args.add("-w", "password");
    }
    if (add)
    {
      args.add("-a");
    }
    args.add("-f", filePath);
    return args.toArray();
  }

  /**
   * Utility method which is called by the testcase sending a MODIFY
   * request.
   * Utility method which is called by the testcase sending a MODIFY request.
   *
   * @param authentication
   * @param authenticate
   *          The flag to set the authentication on and off.
   * @return The error code of operation performed.
   * @throws Exception
   *           If an unexpected problem occurs.
   */
  private int performModifyOperation(boolean authentication) throws Exception
  private int performModifyOperation(boolean authenticate) throws Exception
  {
    String path = TestCaseUtils.createTempFile("dn: o=rejectTestCase,o=test",
        "changetype: modify", "replace: description",
        "description: New Description");
    String[] args = null;
    if (authentication)
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-D",
          "cn=directory manager",
          "-w",
          "password",
          "-f",
          path
      };
    }
    else
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-f",
          path
      };
    }
    return LDAPModify.mainModify(args, false, null, null);
    return LDAPModify.mainModify(modifyArgs(authenticate, path), false, null, null);
  }


@@ -165,42 +153,23 @@
   */
  private int performCompareOperation(boolean authentication) throws Exception
  {
    String[] args = null;
    if (authentication)
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-D",
          "cn=Directory Manager",
          "-w",
          "password",
          "o:test",
          "o=test"
      };
    }
    else
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "o:test",
          "o=test"
      };
    }

    return LDAPCompare.mainCompare(args, false, null, null);
    return LDAPCompare.mainCompare(compareArgs(authentication), false, null, null);
  }


  private String[] compareArgs(boolean authenticate)
  {
    Args args = new Args();
    args.add("--noPropertiesFile");
    args.add("-h", "127.0.0.1");
    args.add("-p", TestCaseUtils.getServerLdapPort());
    if (authenticate)
    {
      args.add("-D", "cn=Directory Manager");
      args.add("-w", "password");
    }
    args.add("o:test", "o=test");
    return args.toArray();
  }

  /**
   * Utility method which is called by the testcase sending a MODRDN
@@ -217,41 +186,23 @@
    String path = TestCaseUtils
        .createTempFile("dn: o=rejectTestCase,o=Test", "changetype: modrdn",
            "newrdn: o=mod_rejectTestCase", "deleteoldrdn: 0");
    String[] args = null;
    if (authentication)
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-D",
          "cn=directory manager",
          "-w",
          "password",
          "-f",
          path
      };
    }
    else
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-f",
          path
      };
    }
    return LDAPModify.mainModify(args, false, null, null);
    return LDAPModify.mainModify(modRdnArgs(authentication, path), false, null, null);
  }


  private String[] modRdnArgs(boolean authenticate, String path)
  {
    Args args = new Args();
    args.add("--noPropertiesFile");
    args.add("-h", "127.0.0.1");
    args.add("-p", TestCaseUtils.getServerLdapPort());
    if (authenticate)
    {
      args.add("-D", "cn=directory manager");
      args.add("-w", "password");
    }
    args.add("-f", path);
    return args.toArray();
  }

  /**
   * Utility method which is called by the testcase sending a DELETE
@@ -265,41 +216,24 @@
   */
  private int performDeleteOperation(boolean authentication) throws Exception
  {
    String[] args = null;
    if (authentication)
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-V",
          "3",
          "-D",
          "cn=Directory Manager",
          "-w",
          "password",
          "o=mod_rejectTestCase,o=test"
      };
    }
    else
    {
      args = new String[]
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "o=mod_rejectTestCase,o=test"
      };
    }
    return LDAPDelete.mainDelete(args, false, null, null);
    return LDAPDelete.mainDelete(deleteArgs(authentication), false, null, null);
  }


  private String[] deleteArgs(boolean authenticate)
  {
    Args args = new Args();
    args.add("--noPropertiesFile");
    args.add("-h", "127.0.0.1");
    args.add("-p", TestCaseUtils.getServerLdapPort());
    if (authenticate)
    {
      args.add("-V", "3");
      args.add("-D", "cn=Directory Manager");
      args.add("-w", "password");
    }
    args.add("o=mod_rejectTestCase,o=test");
    return args.toArray();
  }

  /**
   * Ensures that the Directory Server is running before executing the
@@ -315,70 +249,55 @@
    TestCaseUtils.initializeTestBackend(true);
  }

  private enum Auth
  {
    ANONYMOUS, SIMPLE, START_TLS
  }

  private String[] searchArgs(Auth auth)
  {
    Args args = new Args();
    args.add("--noPropertiesFile");
    args.add("-h", "127.0.0.1");
    args.add("-p", TestCaseUtils.getServerLdapPort());
    if (!Auth.ANONYMOUS.equals(auth))
    {
      args.add("-D", "cn=Directory Manager");
      args.add("-w", "password");
    }
    if (Auth.START_TLS.equals(auth))
    {
      args.add("-q");
      args.add("-X");
    }
    args.add("-b", "");
    args.add("-s", "base");
    args.add("(objectClass=*)");
    return args.toArray();
  }

  /**
   * Tests whether an authenticated SEARCH request will be allowed
   * with the default configuration settings for
   * "ds-cfg-reject-unauthenticated-requests".
   * Tests whether an authenticated SEARCH request will be allowed with the default configuration
   * settings for "ds-cfg-reject-unauthenticated-requests".
   */
  @Test
  public void testAuthSearchDefCfg()
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    String[] args =
    {
        "--noPropertiesFile",
        "-h",
        "127.0.0.1",
        "-p",
        String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-D",
        "cn=Directory Manager",
        "-w",
        "password",
        "-b",
        "",
        "-s",
        "base",
        "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
    assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.SIMPLE), false, null, System.err), 0);
  }



  /**
   * Tests whether an unauthenticated SEARCH request will be allowed
   * with the default configuration settings for
   * "ds-cfg-reject-unauthenticated-requests".
   * Tests whether an unauthenticated SEARCH request will be allowed with the default configuration
   * settings for "ds-cfg-reject-unauthenticated-requests".
   */
  @Test
  public void testUnauthSearchDefCfg()
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    String[] args =
    {
        "--noPropertiesFile",
        "-h",
        "127.0.0.1",
        "-p",
        String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-b",
        "",
        "-s",
        "base",
        "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
    assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.ANONYMOUS), false, null, System.err), 0);
  }



  /**
   * Tests whether an authenticated BIND request will be allowed with
   * the default configuration settings for
@@ -389,8 +308,7 @@
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    InternalClientConnection conn = new InternalClientConnection(
        new AuthenticationInfo());
    InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
    ByteString user = ByteString.valueOfUtf8("cn=Directory Manager");
    ByteString password = ByteString.valueOfUtf8("password");
    BindOperation bindOperation = conn.processSimpleBind(user, password);
@@ -409,8 +327,7 @@
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    InternalClientConnection conn = new InternalClientConnection(
        new AuthenticationInfo());
    InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
    BindOperation bindOperation = conn.processSimpleBind(DN.rootDN(), null);
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
  }
@@ -430,23 +347,16 @@
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
      authHandler.doSimpleBind(3, ByteString.valueOfUtf8("cn=Directory Manager"),
          ByteString.valueOfUtf8("password"), new ArrayList<Control>(),
          new ArrayList<Control>());
      assertNotNull(authHandler.requestAuthorizationIdentity());

    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler = new LDAPAuthenticationHandler(
        reader, writer, "localhost", nextMessageID);
    authHandler.doSimpleBind(3, ByteString.valueOfUtf8("cn=Directory Manager"),
        ByteString.valueOfUtf8("password"), new ArrayList<Control>(),
        new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);

    LDAPMessage unbindMessage = new LDAPMessage(
        nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
      conn.unbind();
    }
  }


@@ -464,20 +374,12 @@
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);

    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler = new LDAPAuthenticationHandler(
        reader, writer, "localhost", nextMessageID);
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNull(authzID);

    LDAPMessage unbindMessage = new LDAPMessage(
        nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
      assertNull(authHandler.requestAuthorizationIdentity());
      conn.unbind();
    }
  }


@@ -494,31 +396,9 @@
  public void testStartTLSUnauthDefCfg() throws Exception
  {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    String[] argSearch =
    {
        "--noPropertiesFile",
        "-h",
        "127.0.0.1",
        "-p",
        String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-D",
        "cn=directory manager",
        "-w",
        "password",
        "-q",
        "-X",
        "-b",
        "",
        "-s",
        "base",
        "(objectClass=*)"
    };
    assertEquals(LDAPSearch.mainSearch(argSearch, false, null, System.err), 0);
    assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.START_TLS), false, null, System.err), 0);
  }



  /**
   * Tests the whether the authenticated ADD,MODIFY,COMPARE,MODRDN and
   * DELETE requests succeed with the default configuration settings.
@@ -532,13 +412,9 @@
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    assertEquals(performAddOperation(true), 0);

    assertEquals(performModifyOperation(true), 0);

    assertEquals(performCompareOperation(true), 0);

    assertEquals(performModRdnOperation(true), 0);

    assertEquals(performDeleteOperation(true), 0);
  }

@@ -558,13 +434,9 @@
  public void testOtherOpsUnauthDefCfg() throws Exception
  {
    assertEquals(performAddOperation(false), 0);

    assertEquals(performModifyOperation(false), 0);

    assertEquals(performCompareOperation(false), 0);

    assertEquals(performModRdnOperation(false), 0);

    assertEquals(performDeleteOperation(false), 0);
  }

@@ -582,40 +454,8 @@
    {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      String[] args =
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-b",
          "",
          "-s",
          "base",
          "(objectClass=*)"
      };

      assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);

      String[] authArgs =
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-D",
          "cn=Directory Manager",
          "-w",
          "password",
          "-b",
          "",
          "-s",
          "base",
          "(objectClass=*)"
      };
      assertEquals(LDAPSearch.mainSearch(authArgs, false, null, System.err), 0);
      assertFalse(LDAPSearch.mainSearch(searchArgs(Auth.ANONYMOUS), false, null, null) == 0);
      assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.START_TLS), false, null, System.err), 0);
    }
    finally
    {
@@ -623,8 +463,6 @@
    }
  }



  /**
   * Tests whether authenticated and unauthenticated BIND requests
   * will be allowed with the new configuration settings for
@@ -637,8 +475,7 @@
    {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      InternalClientConnection conn = new InternalClientConnection(
          new AuthenticationInfo());
      InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
      ByteString user = ByteString.valueOfUtf8("cn=Directory Manager");
      ByteString password = ByteString.valueOfUtf8("password");
      // Unauthenticated BIND request.
@@ -671,26 +508,7 @@
    {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      String[] argSearch =
      {
          "--noPropertiesFile",
          "-h",
          "127.0.0.1",
          "-p",
          String.valueOf(TestCaseUtils.getServerLdapPort()),
          "-D",
          "cn=directory manager",
          "-w",
          "password",
          "-q",
          "-X",
          "-b",
          "",
          "-s",
          "base",
          "(objectClass=*)"
      };
      assertEquals(LDAPSearch.mainSearch(argSearch, false, null, System.err), 0);
      assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.START_TLS), false, null, System.err), 0);
    }
    finally
    {
@@ -715,10 +533,7 @@
    {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      InternalClientConnection conn = InternalClientConnection
          .getRootConnection();
      ExtendedOperation extOp = conn.processExtendedOperation(
          OID_WHO_AM_I_REQUEST, null);
      ExtendedOperation extOp = getRootConnection().processExtendedOperation(OID_WHO_AM_I_REQUEST, null);
      assertEquals(extOp.getResultCode(), ResultCode.SUCCESS);
      assertNotNull(extOp.getResponseValue());
    }
@@ -734,43 +549,26 @@
   * Tests whether the who am I? extended operation with an
   * unauthenticated connection fails with new setting of
   * "ds-cfg-reject-unauthenticated-requests".
   *
   * @throws UnsupportedEncodingException
   *           If an unexpected problem occurs.
   * @throws IOException
   *           If an unexpected problem occurs.
   * @throws ClientException
   *           If an unexpected problem occurs.
   */
  @Test
  public void testUnauthWAINewCfg() throws UnsupportedEncodingException,
      IOException, ClientException
  public void testUnauthWAINewCfg() throws Exception
  {
    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
      LDAPReader reader = new LDAPReader(s);
      LDAPWriter writer = new LDAPWriter(s);
      AtomicInteger nextMessageID = new AtomicInteger(1);
      LDAPAuthenticationHandler authHandler = new LDAPAuthenticationHandler(
          reader, writer, "localhost", nextMessageID);
      ByteString authzID = null;
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
      try
      {
        authzID = authHandler.requestAuthorizationIdentity();
        authHandler.requestAuthorizationIdentity();
        fail();
      }
      catch (LDAPException e)
      catch (LDAPException expected)
      {
        assertNull(authzID);
      }
      finally
      {
        LDAPMessage unbindMessage = new LDAPMessage(nextMessageID
            .getAndIncrement(), new UnbindRequestProtocolOp());
        writer.writeMessage(unbindMessage);
        s.close();
        conn.unbind();
      }
    }
    finally
@@ -796,13 +594,9 @@
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      assertEquals(performAddOperation(true), 0);

      assertEquals(performModifyOperation(true), 0);

      assertEquals(performCompareOperation(true), 0);

      assertEquals(performModRdnOperation(true), 0);

      assertEquals(performDeleteOperation(true), 0);
    }
    finally
@@ -827,15 +621,11 @@
    {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      assertFalse(performAddOperation(false) == 0);

      assertFalse(performModifyOperation(false) == 0);

      assertFalse(performCompareOperation(false) == 0);

      assertFalse(performModRdnOperation(false) == 0);

      assertFalse(performDeleteOperation(false) == 0);
      assertNotEquals(performAddOperation(false), 0);
      assertNotEquals(performModifyOperation(false), 0);
      assertNotEquals(performCompareOperation(false), 0);
      assertNotEquals(performModRdnOperation(false), 0);
      assertNotEquals(performDeleteOperation(false), 0);
    }
    finally
    {

 opendj-server-legacy/src/test/java/org/opends/server/core/SearchOperationTestCase.java

@@ -38,7 +38,6 @@
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.Requests;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPConstants;
import org.opends.server.protocols.ldap.LDAPControl;
@@ -281,9 +280,7 @@
    assertTrue(DirectoryServer.getWorkQueue().waitUntilIdle(10000));

    InvocationCounterPlugin.resetAllCounters();
    LDAPMessage message = conn.bind("cn=Directory Manager", "password");
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
    conn.bind("cn=Directory Manager", "password");
  }

  @Test

 opendj-server-legacy/src/test/java/org/opends/server/extensions/CancelExtendedOperationTestCase.java

@@ -12,27 +12,24 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2012-2015 ForgeRock AS.
 * Portions Copyright 2012-2016 ForgeRock AS.
 */
package org.opends.server.extensions;

import java.net.Socket;
import java.util.ArrayList;
import java.io.IOException;
import java.util.LinkedHashSet;
import java.util.List;

import org.forgerock.opendj.io.ASN1;
import org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.TestCaseUtils;
import org.opends.server.plugins.DelayPreOpPlugin;
import org.opends.server.protocols.ldap.AddRequestProtocolOp;
import org.opends.server.protocols.ldap.AddResponseProtocolOp;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.CompareRequestProtocolOp;
import org.opends.server.protocols.ldap.CompareResponseProtocolOp;
import org.opends.server.protocols.ldap.DeleteRequestProtocolOp;
@@ -50,19 +47,20 @@
import org.opends.server.protocols.ldap.ModifyResponseProtocolOp;
import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
import org.opends.server.protocols.ldap.SearchResultDoneProtocolOp;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.LDAPException;
import org.opends.server.types.RawAttribute;
import org.opends.server.types.RawModification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.protocols.ldap.LDAPConstants.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

/**
 * A set of test cases for the cancel extended operation handler.
 */
/** A set of test cases for the cancel extended operation handler. */
public class CancelExtendedOperationTestCase
       extends ExtensionsTestCase
{
@@ -73,8 +71,7 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @BeforeClass
  public void startServer()
         throws Exception
  public void startServer() throws Exception
  {
    TestCaseUtils.startServer();
  }
@@ -87,84 +84,35 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelAddOperation()
         throws Exception
  public void testCancelAddOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);


    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create an add request and send it to the server.  Make sure to include
    // the delay request control so it won't complete before we can send the
    // cancel request.
    ArrayList<RawAttribute> attributes = new ArrayList<>();
    attributes.add(new LDAPAttribute("objectClass", newArrayList("top", "organizationalUnit")));
    attributes.add(new LDAPAttribute("ou", "People"));

    AddRequestProtocolOp addRequest =
         new AddRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"), attributes);
    message = new LDAPMessage(2, addRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  One should be an add
    // response and the other should be an extended response.
    for (int i=0; i < 2; i++)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      message = r.readMessage();
      switch (message.getProtocolOpType())
      {
        case OP_TYPE_ADD_RESPONSE:
          AddResponseProtocolOp addResponse =
               message.getAddResponseProtocolOp();
          assertEquals(addResponse.getResultCode(), LDAPResultCode.CANCELED);
          break;
        case OP_TYPE_EXTENDED_RESPONSE:
          ExtendedResponseProtocolOp extendedResponse =
               message.getExtendedResponseProtocolOp();
          assertEquals(extendedResponse.getResultCode(),
                       LDAPResultCode.SUCCESS);
          break;
        default:
      }
    }
      conn.bind("cn=Directory Manager", "password");

    socket.close();
      // Create an add request and send it to the server. Make sure to include
      // the delay request control so it won't complete before we can send the
      // cancel request.
      List<RawAttribute> attributes = newArrayList(
          newRawAttribute("objectClass", "top", "organizationalUnit"),
          newRawAttribute("ou", "People"));
      AddRequestProtocolOp addRequest =
          new AddRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"), attributes);
      conn.writeMessage(addRequest, DelayPreOpPlugin.createDelayControlList(5000));

      conn.writeMessage(cancelRequestExtendedOp(2));

      assertEquals(getCancelledResponseMessageType(conn), OP_TYPE_ADD_RESPONSE);
    }
  }


  private RawAttribute newRawAttribute(String attrName, String... attrValues)
  {
    return new LDAPAttribute(attrName, newArrayList(attrValues));
  }

  /**
   * Tests the ability to cancel a compare operation.
@@ -172,79 +120,25 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelCompareOperation()
         throws Exception
  public void testCancelCompareOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);


    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a compare request and send it to the server.  Make sure to include
    // the delay request control so it won't complete before we can send the
    // cancel request.
    CompareRequestProtocolOp compareRequest =
         new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"), "o",
                                      ByteString.valueOfUtf8("test"));
    message = new LDAPMessage(2, compareRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  One should be a compare
    // response and the other should be an extended response.
    for (int i=0; i < 2; i++)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      message = r.readMessage();
      switch (message.getProtocolOpType())
      {
        case OP_TYPE_COMPARE_RESPONSE:
          CompareResponseProtocolOp compareResponse =
               message.getCompareResponseProtocolOp();
          assertEquals(compareResponse.getResultCode(),
                       LDAPResultCode.CANCELED);
          break;
        case OP_TYPE_EXTENDED_RESPONSE:
          ExtendedResponseProtocolOp extendedResponse =
               message.getExtendedResponseProtocolOp();
          assertEquals(extendedResponse.getResultCode(),
                       LDAPResultCode.SUCCESS);
          break;
        default:
      }
    }
      conn.bind("cn=Directory Manager", "password");

    socket.close();
      // Create a compare request and send it to the server. Make sure to include
      // the delay request control so it won't complete before we can send the
      // cancel request.
      CompareRequestProtocolOp compareRequest =
          new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"), "o", ByteString.valueOfUtf8("test"));
      conn.writeMessage(compareRequest, DelayPreOpPlugin.createDelayControlList(5000));

      conn.writeMessage(cancelRequestExtendedOp(2));

      assertEquals(getCancelledResponseMessageType(conn), OP_TYPE_COMPARE_RESPONSE);
    }
  }


@@ -255,8 +149,7 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelDeleteOperation()
         throws Exception
  public void testCancelDeleteOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);
    // Add an entry to the server that we can delete.
@@ -266,72 +159,21 @@
         "objectClass: device",
         "cn: test");

    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a delete request and send it to the server.  Make sure to include
    // the delay request control so it won't complete before we can send the
    // cancel request.
    DeleteRequestProtocolOp deleteRequest =
         new DeleteRequestProtocolOp(ByteString.valueOfUtf8("cn=test,o=test"));
    message = new LDAPMessage(2, deleteRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  One should be a delete
    // response and the other should be an extended response.
    for (int i=0; i < 2; i++)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      message = r.readMessage();
      switch (message.getProtocolOpType())
      {
        case OP_TYPE_DELETE_RESPONSE:
          DeleteResponseProtocolOp deleteResponse =
               message.getDeleteResponseProtocolOp();
          assertEquals(deleteResponse.getResultCode(),
                       LDAPResultCode.CANCELED);
          break;
        case OP_TYPE_EXTENDED_RESPONSE:
          ExtendedResponseProtocolOp extendedResponse =
               message.getExtendedResponseProtocolOp();
          assertEquals(extendedResponse.getResultCode(),
                       LDAPResultCode.SUCCESS);
          break;
        default:
      }
    }
      conn.bind("cn=Directory Manager", "password");

    socket.close();
      // Create a delete request and send it to the server.  Make sure to include
      // the delay request control so it won't complete before we can send the
      // cancel request.
      DeleteRequestProtocolOp deleteRequest =
          new DeleteRequestProtocolOp(ByteString.valueOfUtf8("cn=test,o=test"));
      conn.writeMessage(deleteRequest, DelayPreOpPlugin.createDelayControlList(5000));

      conn.writeMessage(cancelRequestExtendedOp(2));

      assertEquals(getCancelledResponseMessageType(conn), OP_TYPE_DELETE_RESPONSE);
    }
  }


@@ -342,66 +184,32 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelExtendedOperation()
         throws Exception
  public void testCancelExtendedOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);
      // Create a "Who Am I?" extended operation and send it to the server. Make
      // sure to include the delay request control so it won't complete before we
      // can send the cancel request.
      ExtendedRequestProtocolOp whoAmIRequest = new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST, null);
      conn.writeMessage(whoAmIRequest, DelayPreOpPlugin.createDelayControlList(5000));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);
      conn.writeMessage(cancelRequestExtendedOp(2));

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
      // Read two response messages from the server. They should both be extended
      // responses, one with the result code CANCELED and one with SUCCESS.
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.CANCELED);


    // Create a "Who Am I?" extended operation and send it to the server.  Make
    // sure to include the delay request control so it won't complete before we
    // can send the cancel request.
    ExtendedRequestProtocolOp whoAmIRequest =
         new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST, null);
    message = new LDAPMessage(2, whoAmIRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  They should both be extended
    // responses, one with the result code CANCELED and one with SUCCESS.
    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
            message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(), LDAPResultCode.CANCELED);

    message = r.readMessage();
    extendedResponse = message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);

    socket.close();
      message = conn.readMessage();
      extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
    }
  }


@@ -412,82 +220,44 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelModifyOperation()
         throws Exception
  public void testCancelModifyOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);
      // Create a modify request and send it to the server.  Make sure to include
      // the delay request control so it won't complete before we can send the
      // cancel request.
      List<RawModification> mods = newArrayList(
          (RawModification) new LDAPModification(REPLACE, new LDAPAttribute("description", "foo")));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);
      conn.writeMessage(
          new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods),
          DelayPreOpPlugin.createDelayControlList(5000));

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
      // Create a cancel request and send it to the server.
      conn.writeMessage(cancelRequestExtendedOp(2));

      assertEquals(getCancelledResponseMessageType(conn), OP_TYPE_MODIFY_RESPONSE);
    }
  }

    // Create a modify request and send it to the server.  Make sure to include
    // the delay request control so it won't complete before we can send the
    // cancel request.
    ArrayList<RawModification> mods = new ArrayList<>(1);
    mods.add(new LDAPModification(ModificationType.REPLACE,
        new LDAPAttribute("description", "foo")));
  private ExtendedRequestProtocolOp cancelRequestExtendedOp(int messageNb) throws IOException
  {
    return new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST, cancelRequest(messageNb));
  }

    ModifyRequestProtocolOp modifyRequest =
         new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
    message = new LDAPMessage(2, modifyRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
  private ByteString cancelRequest(int messageNb) throws IOException
  {
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeInteger(messageNb);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  One should be a modify
    // response and the other should be an extended response.
    for (int i=0; i < 2; i++)
    {
      message = r.readMessage();
      switch (message.getProtocolOpType())
      {
        case OP_TYPE_MODIFY_RESPONSE:
          ModifyResponseProtocolOp modifyResponse =
               message.getModifyResponseProtocolOp();
          assertEquals(modifyResponse.getResultCode(),
                       LDAPResultCode.CANCELED);
          break;
        case OP_TYPE_EXTENDED_RESPONSE:
          ExtendedResponseProtocolOp extendedResponse =
               message.getExtendedResponseProtocolOp();
          assertEquals(extendedResponse.getResultCode(),
                       LDAPResultCode.SUCCESS);
          break;
        default:
      }
    }

    socket.close();
    return builder.toByteString();
  }


@@ -498,8 +268,7 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelModifyDNOperation()
         throws Exception
  public void testCancelModifyDNOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);
    // Add an entry to the server that we can rename.
@@ -509,160 +278,107 @@
         "objectClass: device",
         "cn: test");

    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a modify DN request and send it to the server.  Make sure to
    // include the delay request control so it won't complete before we can send
    // the cancel request.
    ModifyDNRequestProtocolOp modifyDNRequest =
         new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("cn=test,o=test"),
                                       ByteString.valueOfUtf8("cn=test2"), true);
    message = new LDAPMessage(2, modifyDNRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  One should be a modify DN
    // response and the other should be an extended response.
    for (int i=0; i < 2; i++)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      message = r.readMessage();
      switch (message.getProtocolOpType())
      {
        case OP_TYPE_MODIFY_DN_RESPONSE:
          ModifyDNResponseProtocolOp modifyDNResponse =
               message.getModifyDNResponseProtocolOp();
          assertEquals(modifyDNResponse.getResultCode(),
                       LDAPResultCode.CANCELED);
          break;
        case OP_TYPE_EXTENDED_RESPONSE:
          ExtendedResponseProtocolOp extendedResponse =
               message.getExtendedResponseProtocolOp();
          assertEquals(extendedResponse.getResultCode(),
                       LDAPResultCode.SUCCESS);
          break;
        default:
      }
    }
      conn.bind("cn=Directory Manager", "password");

    socket.close();
      // Create a modify DN request and send it to the server. Make sure to
      // include the delay request control so it won't complete before we can send
      // the cancel request.
      ModifyDNRequestProtocolOp modifyDNRequest = new ModifyDNRequestProtocolOp(
          ByteString.valueOfUtf8("cn=test,o=test"), ByteString.valueOfUtf8("cn=test2"), true);
      conn.writeMessage(modifyDNRequest, DelayPreOpPlugin.createDelayControlList(5000));

      conn.writeMessage(cancelRequestExtendedOp(2));

      assertEquals(getCancelledResponseMessageType(conn), OP_TYPE_MODIFY_DN_RESPONSE);
    }
  }



  private byte getCancelledResponseMessageType(RemoteConnection conn) throws IOException, LDAPException
  {
    boolean cancelSuccessful = false;
    byte cancelledMessageType = 0;

    for (int i = 0; i < 2; i++)
    {
      LDAPMessage message = conn.readMessage();
      switch (message.getProtocolOpType())
      {
      case OP_TYPE_ADD_RESPONSE:
        AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
        assertEquals(addResponse.getResultCode(), LDAPResultCode.CANCELED);
        cancelledMessageType = OP_TYPE_ADD_RESPONSE;
        break;
      case OP_TYPE_MODIFY_RESPONSE:
        ModifyResponseProtocolOp modifyResponse = message.getModifyResponseProtocolOp();
        assertEquals(modifyResponse.getResultCode(), LDAPResultCode.CANCELED);
        cancelledMessageType = OP_TYPE_MODIFY_RESPONSE;
        break;
      case OP_TYPE_MODIFY_DN_RESPONSE:
        ModifyDNResponseProtocolOp modifyDNResponse = message.getModifyDNResponseProtocolOp();
        assertEquals(modifyDNResponse.getResultCode(), LDAPResultCode.CANCELED);
        cancelledMessageType = OP_TYPE_MODIFY_DN_RESPONSE;
        break;
      case OP_TYPE_DELETE_RESPONSE:
        DeleteResponseProtocolOp deleteResponse = message.getDeleteResponseProtocolOp();
        assertEquals(deleteResponse.getResultCode(), LDAPResultCode.CANCELED);
        cancelledMessageType = OP_TYPE_DELETE_RESPONSE;
        break;
      case OP_TYPE_SEARCH_RESULT_DONE:
        SearchResultDoneProtocolOp searchResultDone = message.getSearchResultDoneProtocolOp();
        assertEquals(searchResultDone.getResultCode(), LDAPResultCode.CANCELED);
        cancelledMessageType = OP_TYPE_SEARCH_RESULT_DONE;
        break;
      case OP_TYPE_COMPARE_RESPONSE:
        CompareResponseProtocolOp compareResponse = message.getCompareResponseProtocolOp();
        assertEquals(compareResponse.getResultCode(), LDAPResultCode.CANCELED);
        cancelledMessageType = OP_TYPE_COMPARE_RESPONSE;
        break;

      case OP_TYPE_EXTENDED_RESPONSE:
        ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
        assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
        cancelSuccessful = true;
        break;
      default:
      }
    }

    assertTrue(cancelSuccessful);
    return cancelledMessageType;
  }

  /**
   * Tests the ability to cancel a search operation.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelSearchOperation()
         throws Exception
  public void testCancelSearchOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);


    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a search request and send it to the server.  Make sure to include
    // the delay request control so it won't complete before we can send the
    // cancel request.
    SearchRequestProtocolOp searchRequest =
         new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
                                     SearchScope.BASE_OBJECT,
                                     DereferenceAliasesPolicy.NEVER, 0,
                                     0, false,
                                     LDAPFilter.decode("(match=false)"),
                                     new LinkedHashSet<String>());
    message = new LDAPMessage(2, searchRequest,
        DelayPreOpPlugin.createDelayControlList(5000));
    w.writeMessage(message);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read two response messages from the server.  One should be a search
    // result done and the other should be an extended response.
    for (int i=0; i < 2; i++)
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      message = r.readMessage();
      switch (message.getProtocolOpType())
      {
        case OP_TYPE_SEARCH_RESULT_DONE:
          SearchResultDoneProtocolOp searchResultDone =
               message.getSearchResultDoneProtocolOp();
          assertEquals(searchResultDone.getResultCode(),
                       LDAPResultCode.CANCELED);
          break;
        case OP_TYPE_EXTENDED_RESPONSE:
          ExtendedResponseProtocolOp extendedResponse =
               message.getExtendedResponseProtocolOp();
          assertEquals(extendedResponse.getResultCode(),
                       LDAPResultCode.SUCCESS);
          break;
        default:
      }
    }
      conn.bind("cn=Directory Manager", "password");

    socket.close();
      // Create a search request and send it to the server.  Make sure to include
      // the delay request control so it won't complete before we can send the
      // cancel request.
      SearchRequestProtocolOp searchRequest =
          new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
              SearchScope.BASE_OBJECT,
              DereferenceAliasesPolicy.NEVER, 0,
              0, false,
              LDAPFilter.decode("(match=false)"),
              new LinkedHashSet<String>());
      conn.writeMessage(searchRequest, DelayPreOpPlugin.createDelayControlList(5000));
      conn.writeMessage(cancelRequestExtendedOp(2));
      assertEquals(getCancelledResponseMessageType(conn), OP_TYPE_SEARCH_RESULT_DONE);
    }
  }


@@ -673,53 +389,23 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelNoSuchOperation()
         throws Exception
  public void testCancelNoSuchOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);
      ExtendedRequestProtocolOp extendedRequest = cancelRequestExtendedOp(2);
      conn.getLdapWriter().writeMessage(new LDAPMessage(3, extendedRequest));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a cancel request and send it to the server.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read the response message from the server.  It should be an extended
    // response with a result code of "no such operation".
    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(),
                 LDAPResultCode.NO_SUCH_OPERATION);

    socket.close();
      // Read the response message from the server. It should be an extended
      // response with a result code of "no such operation".
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.NO_SUCH_OPERATION);
    }
  }


@@ -730,47 +416,25 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelNoValue()
         throws Exception
  public void testCancelNoValue() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);


    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);
      // Create a cancel request and send it to the server.
      ExtendedRequestProtocolOp extendedRequest = new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST, null);
      conn.writeMessage(extendedRequest);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a cancel request and send it to the server.
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST, null);
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read the response message from the server.  It should be an extended
    // response with a result code of "no such operation".
    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(),
                 LDAPResultCode.PROTOCOL_ERROR);

    socket.close();
      // Read the response message from the server. It should be an extended
      // response with a result code of "no such operation".
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
  }


@@ -781,48 +445,26 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelMalformedValue()
         throws Exception
  public void testCancelMalformedValue() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);


    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);
      // Create a cancel request and send it to the server.
      ExtendedRequestProtocolOp extendedRequest =
          new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST, ByteString.valueOfUtf8("malformed"));
      conn.writeMessage(extendedRequest);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a cancel request and send it to the server.
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
                                       ByteString.valueOfUtf8("malformed"));
    message = new LDAPMessage(3, extendedRequest);
    w.writeMessage(message);


    // Read the response message from the server.  It should be an extended
    // response with a result code of "no such operation".
    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(),
                 LDAPResultCode.PROTOCOL_ERROR);

    socket.close();
      // Read the response message from the server. It should be an extended
      // response with a result code of "no such operation".
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
  }

  /**
@@ -831,53 +473,19 @@
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test
  public void testCancelCancelExtendedOperation()
         throws Exception
  public void testCancelCancelExtendedOperation() throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    // Create a new connection to the Directory Server and authenticate as
    // the Directory Manager.
    Socket socket = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(socket);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(socket);
      conn.writeMessage(cancelRequestExtendedOp(2));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);


    // Create a self cancelling request and send it to the server. Make sure
    // to include the delay request control so it won't complete before we
    // can send the cancel request.
    ByteStringBuilder builder = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(builder);
    writer.writeStartSequence();
    writer.writeInteger(2);
    writer.writeEndSequence();
    ExtendedRequestProtocolOp extendedRequest =
        new ExtendedRequestProtocolOp(OID_CANCEL_REQUEST,
             builder.toByteString());
    message = new LDAPMessage(2, extendedRequest);
    w.writeMessage(message);

    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
        message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(),
        LDAPResultCode.CANNOT_CANCEL);

    socket.close();
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.CANNOT_CANCEL);
    }
  }

}


 opendj-server-legacy/src/test/java/org/opends/server/extensions/EntityTagVirtualAttributeProviderTestCase.java

@@ -17,16 +17,20 @@

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.Filter;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.controls.AssertionRequestControl;
import org.forgerock.opendj.ldap.controls.PostReadRequestControl;
import org.forgerock.opendj.ldap.controls.PreReadRequestControl;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.mockito.ArgumentCaptor;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.ConfigurationChangeListener;
@@ -36,10 +40,7 @@
import org.opends.server.admin.std.meta.VirtualAttributeCfgDefn.Scope;
import org.opends.server.admin.std.server.EntityTagVirtualAttributeCfg;
import org.opends.server.admin.std.server.VirtualAttributeCfg;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.LDAPPostReadRequestControl;
import org.opends.server.controls.LDAPPostReadResponseControl;
import org.opends.server.controls.LDAPPreReadRequestControl;
import org.opends.server.controls.LDAPPreReadResponseControl;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
@@ -48,26 +49,22 @@
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.Requests;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.protocols.ldap.LDAPFilter;
import org.opends.server.types.Attribute;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.types.Attributes;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.VirtualAttributeRule;
import org.opends.server.util.StaticUtils;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static java.util.Collections.*;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.mockito.Mockito.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

/**
@@ -501,13 +498,13 @@
    Entry e1 = readEntry(userDN);
    String etag1 = e1.parseAttribute(ETAG).asString();
    assertNotNull(etag1);
    AssertionRequestControl ctrl = AssertionRequestControl.newControl(true, Filter.equality(ETAG, etag1));

    // Apply a change using the assertion control for optimistic concurrency.
    Attribute attr = Attributes.create(DESCRIPTION, "first modify");
    List<Modification> mods = newArrayList(new Modification(ModificationType.REPLACE, attr));
    Control c = new LDAPAssertionRequestControl(true, LDAPFilter.createEqualityFilter(ETAG, ByteString.valueOfUtf8(etag1)));
    List<Control> ctrls = Collections.singletonList(c);
    ModifyOperation modifyOperation = conn.processModify(userDN, mods, ctrls);
    ModifyRequest modifyRequest = newModifyRequest(from(userDN))
        .addModification(REPLACE, DESCRIPTION, "first modify")
        .addControl(ctrl);
    ModifyOperation modifyOperation = conn.processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    // Reread the entry and check that the description has been added and that
@@ -518,14 +515,13 @@
    assertNotNull(etag2);
    assertFalse(etag1.equals(etag2));

    String description2 = e2.parseAttribute(DESCRIPTION).asString();
    assertNotNull(description2);
    assertEquals(description2, "first modify");
    String description2 = assertDescriptionValue(e2, "first modify");

    // Simulate a concurrent update: perform another update using the old etag.
    Attribute attr2 = Attributes.create(DESCRIPTION, "second modify");
    mods = newArrayList(new Modification(ModificationType.REPLACE, attr2));
    modifyOperation = conn.processModify(userDN, mods, ctrls);
    modifyRequest = newModifyRequest(from(userDN))
        .addModification(REPLACE, DESCRIPTION, "second modify")
        .addControl(ctrl);
    modifyOperation = conn.processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.ASSERTION_FAILED);

    // Reread the entry and check that the description and etag have not changed
@@ -535,9 +531,7 @@
    assertNotNull(etag3);
    assertEquals(etag2, etag3);

    String description3 = e3.parseAttribute(DESCRIPTION).asString();
    assertNotNull(description3);
    assertEquals(description3, description2);
    assertDescriptionValue(e3, description2);
  }

  /**
@@ -582,10 +576,10 @@
    assertNotNull(etag1);

    // Apply a change using the pre and post read controls.
    Attribute attr = Attributes.create(DESCRIPTION, "modified value");
    List<Modification> mods = newArrayList(new Modification(ModificationType.REPLACE, attr));
    List<Control> ctrls = singletonList((Control) new LDAPPreReadRequestControl(true, singleton(ETAG)));
    ModifyOperation modifyOperation = conn.processModify(userDN, mods, ctrls);
    ModifyRequest modifyRequest = newModifyRequest(from(userDN))
        .addModification(REPLACE, DESCRIPTION, "modified value")
        .addControl(PreReadRequestControl.newControl(true, ETAG));
    ModifyOperation modifyOperation = conn.processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    // Reread the entry and check that the description has been added and that
@@ -596,9 +590,7 @@
    assertNotNull(etag2);
    assertFalse(etag1.equals(etag2));

    String description2 = e2.parseAttribute(DESCRIPTION).asString();
    assertNotNull(description2);
    assertEquals(description2, "modified value");
    assertDescriptionValue(e2, "modified value");

    // Now check that the pre-read is the same as the initial etag.
    LDAPPreReadResponseControl preReadControl = getLDAPPreReadResponseControl(modifyOperation);
@@ -606,6 +598,14 @@
    assertEquals(etagPreRead, etag1);
  }

  private String assertDescriptionValue(Entry entry, String expected)
  {
    String description = entry.parseAttribute(DESCRIPTION).asString();
    assertNotNull(description);
    assertEquals(description, expected);
    return description;
  }

  /**
   * Tests that the etag returned with a post-read control after a modify
   * operation is correct. See OPENDJ-861.
@@ -648,10 +648,10 @@
    assertNotNull(etag1);

    // Apply a change using the pre and post read controls.
    Attribute attr = Attributes.create(DESCRIPTION, "modified value");
    List<Modification> mods = newArrayList(new Modification(ModificationType.REPLACE, attr));
    List<Control> ctrls = singletonList((Control) new LDAPPostReadRequestControl(true, singleton(ETAG)));
    ModifyOperation modifyOperation = conn.processModify(userDN, mods, ctrls);
    ModifyRequest modifyRequest = newModifyRequest(from(userDN))
        .addModification(REPLACE, DESCRIPTION, "modified value")
        .addControl(PostReadRequestControl.newControl(true, ETAG));
    ModifyOperation modifyOperation = conn.processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    // Reread the entry and check that the description has been added and that
@@ -662,9 +662,7 @@
    assertNotNull(etag2);
    assertFalse(etag1.equals(etag2));

    String description2 = e2.parseAttribute(DESCRIPTION).asString();
    assertNotNull(description2);
    assertEquals(description2, "modified value");
    assertDescriptionValue(e2, "modified value");

    // Now check that the post-read is the same as the initial etag.
    LDAPPostReadResponseControl postReadControl = getLDAPPostReadResponseControl(modifyOperation);

 opendj-server-legacy/src/test/java/org/opends/server/extensions/ExactMatchIdentityMapperTestCase.java

@@ -21,8 +21,9 @@

import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.AdminTestCaseUtils;
import org.opends.server.admin.std.meta.ExactMatchIdentityMapperCfgDefn;
@@ -30,25 +31,26 @@
import org.opends.server.api.IdentityMapper;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPModification;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.types.*;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

/**
 * A set of test cases for the exact match identity mapper.
 */
/** A set of test cases for the exact match identity mapper. */
public class ExactMatchIdentityMapperTestCase
       extends ExtensionsTestCase
{
  private static final String MAPPER_DN = "cn=Exact Match,cn=Identity Mappers,cn=config";

  /**
   * Ensures that the Directory Server is running.
   *
@@ -266,7 +268,7 @@
  public void testMapperEnabled()
         throws Exception
  {
    DN mapperDN = DN.valueOf("cn=Exact Match,cn=Identity Mappers,cn=config");
    DN mapperDN = DN.valueOf(MAPPER_DN);
    IdentityMapper mapper = DirectoryServer.getIdentityMapper(mapperDN);
    assertNotNull(mapper);
    assertTrue(mapper instanceof ExactMatchIdentityMapper);
@@ -762,8 +764,7 @@
  public void testChangingMapAttribute()
         throws Exception
  {
    String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
    DN mapperDN = DN.valueOf(mapperDNString);
    DN mapperDN = DN.valueOf(MAPPER_DN);
    IdentityMapper mapper = DirectoryServer.getIdentityMapper(mapperDN);
    assertNotNull(mapper);
    assertTrue(mapper instanceof ExactMatchIdentityMapper);
@@ -794,18 +795,11 @@
    assertNull(mappedEntry);


    InternalClientConnection conn = getRootConnection();
    // Create a modification to change the map attribute from uid to cn.
    ArrayList<ByteString> values = newArrayList(ByteString.valueOfUtf8("cn"));

    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE,
                                  new LDAPAttribute("ds-cfg-match-attribute",
                                                    values)));
    ModifyOperation modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-attribute", "cn");
    processModifyIsSuccessful(modifyRequest);

    // Verify that "test" no longer works but "test user" does.
    mappedEntry = mapper.getEntryForID("test");
@@ -817,10 +811,9 @@


    // Change the configuration back to the way it was.
    values.set(0, ByteString.valueOfUtf8("uid"));
    modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    ModifyRequest modifyRequest2 = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-attribute", "uid");
    processModifyIsSuccessful(modifyRequest2);


    // Verify that the original matching pattern is back.
@@ -844,8 +837,7 @@
  public void testChangingMapBaseDN()
         throws Exception
  {
    String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
    DN mapperDN = DN.valueOf(mapperDNString);
    DN mapperDN = DN.valueOf(MAPPER_DN);
    IdentityMapper mapper = DirectoryServer.getIdentityMapper(mapperDN);
    assertNotNull(mapper);
    assertTrue(mapper instanceof ExactMatchIdentityMapper);
@@ -872,17 +864,10 @@
    assertEquals(mappedEntry.getName(), DN.valueOf("uid=test,o=test"));


    InternalClientConnection conn = getRootConnection();
    // Create a modification to set the map base DN to "dc=example,dc=com".
    ArrayList<ByteString> values = newArrayList(ByteString.valueOfUtf8("dc=example,dc=com"));

    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE,
                                  new LDAPAttribute("ds-cfg-match-base-dn",
                                                    values)));
    ModifyOperation modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-base-dn", "dc=example,dc=com");
    processModifyIsSuccessful(modifyRequest);


    // Verify that we can't find the user anymore.
@@ -891,10 +876,9 @@


    // Change the base DN to "o=test".
    values.set(0, ByteString.valueOfUtf8("o=test"));
    modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-base-dn", "o=test");
    processModifyIsSuccessful(modifyRequest);


    // Verify that we can retrieve the user again.
@@ -904,10 +888,9 @@


    // Change the configuration back to its original setting.
    values.clear();
    modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-base-dn");
    processModifyIsSuccessful(modifyRequest);


    // Verify that we can still retrieve the user.
@@ -916,8 +899,6 @@
    assertEquals(mappedEntry.getName(), DN.valueOf("uid=test,o=test"));
  }



  /**
   * Tests that an internal modification to remove the match attribute will be
   * rejected.
@@ -929,15 +910,9 @@
         throws Exception
  {
    // Create a modification to remove the match attribute.
    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE,
                                  new LDAPAttribute("ds-cfg-match-attribute")));
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
    ModifyOperation modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-attribute");
    processModifyIsNotSuccessful(modifyRequest);
  }


@@ -953,15 +928,9 @@
         throws Exception
  {
    // Create a modification to remove the match attribute.
    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE,
        new LDAPAttribute("ds-cfg-match-attribute", "undefinedAttribute")));
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
    ModifyOperation modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-attribute", "undefinedAttribute");
    processModifyIsNotSuccessful(modifyRequest);
  }


@@ -977,14 +946,20 @@
         throws Exception
  {
    // Create a modification to remove the match attribute.
    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE,
        new LDAPAttribute("ds-cfg-match-base-dn", "invalidDN")));
    InternalClientConnection conn =
         InternalClientConnection.getRootConnection();
    String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
    ModifyOperation modifyOperation =
         conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-match-base-dn", "invalidDN");
    processModifyIsNotSuccessful(modifyRequest);
  }

  private void processModifyIsSuccessful(ModifyRequest modifyRequest)
  {
    ModifyOperation op = getRootConnection().processModify(modifyRequest);
    assertEquals(op.getResultCode(), ResultCode.SUCCESS);
  }

  private void processModifyIsNotSuccessful(ModifyRequest modifyRequest)
  {
    ModifyOperation op = getRootConnection().processModify(modifyRequest);
    assertNotSame(op.getResultCode(), ResultCode.SUCCESS);
  }
}

 opendj-server-legacy/src/test/java/org/opends/server/extensions/ExternalSASLMechanismHandlerTestCase.java

@@ -12,13 +12,12 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2012-2015 ForgeRock AS.
 * Portions Copyright 2012-2016 ForgeRock AS.
 */
package org.opends.server.extensions;

import java.io.File;
import java.io.FileInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
@@ -37,9 +36,8 @@
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
@@ -279,20 +277,14 @@
  {
    TestCaseUtils.initializeTestBackend(true);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.writeMessage(new BindRequestProtocolOp(ByteString.empty(), "EXTERNAL", null));

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.empty(), "EXTERNAL", null);
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);

    message = reader.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertFalse(bindResponse.getResultCode() == 0);

    s.close();
      LDAPMessage message = conn.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertFalse(bindResponse.getResultCode() == 0);
    }
 }



 opendj-server-legacy/src/test/java/org/opends/server/extensions/FingerprintCertificateMapperTestCase.java

@@ -17,16 +17,16 @@
package org.opends.server.extensions;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

import java.io.File;
import java.util.ArrayList;
import java.util.List;

import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.AdminTestCaseUtils;
import org.opends.server.admin.std.meta.FingerprintCertificateMapperCfgDefn;
@@ -34,12 +34,9 @@
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.types.Attribute;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
@@ -50,6 +47,8 @@
public class FingerprintCertificateMapperTestCase
       extends ExtensionsTestCase
{
  private static final String FINGERPRINT_MAPPER_DN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

  /**
   * Ensures that the Directory Server is running.
   *
@@ -431,18 +430,9 @@
  @Test
  public void testRemoveFingerprintAttribute() throws Exception
  {
    String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

    Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-fingerprint-attribute"));

    ArrayList<Modification> mods = newArrayList(new Modification(DELETE, a));
    ModifyOperation modifyOperation =
         getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    delete(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-attribute");
  }



  /**
   * Tests to ensure that an attempt to remove the fingerprint algorithm will fail.
   *
@@ -451,18 +441,9 @@
  @Test
  public void testRemoveFingerprintAlgorithm() throws Exception
  {
    String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

    Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-fingerprint-algorithm"));

    ArrayList<Modification> mods = newArrayList(new Modification(DELETE, a));
    ModifyOperation modifyOperation =
        getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    delete(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-algorithm");
  }



  /**
   * Tests to ensure that an attmept to set an undefined fingerprint attribute
   * will fail.
@@ -494,15 +475,17 @@


  /**
   * Tests to ensure that an attmept to set an invalid base DN will fail.
   * Tests to ensure that an attempt to set an invalid base DN will fail.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test(expectedExceptions = { AssertionError.class })
  public void testSetInvalidBaseDN()
         throws Exception
  @Test
  public void testSetInvalidBaseDN() throws Exception
  {
    setBaseDNs(new String[] { "invalid" });
    ModifyRequest modifyRequest = newModifyRequest(FINGERPRINT_MAPPER_DN)
        .addModification(REPLACE, "ds-cfg-user-base-dn", "invalid");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.INVALID_ATTRIBUTE_SYNTAX);
  }


@@ -513,17 +496,9 @@
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void enableMapper()
          throws Exception
  private void enableMapper() throws Exception
  {
    String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
    String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

    ArrayList<Modification> mods = newArrayList(
        new Modification(REPLACE, Attributes.create("ds-cfg-certificate-mapper", mapperDN)));
    ModifyOperation modifyOperation =
         getRootConnection().processModify(DN.valueOf(externalDN), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    replace("cn=EXTERNAL,cn=SASL Mechanisms,cn=config", "ds-cfg-certificate-mapper", FINGERPRINT_MAPPER_DN);
  }


@@ -534,17 +509,11 @@
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void disableMapper()
          throws Exception
  private void disableMapper() throws Exception
  {
    String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
    String mapperDN = "cn=Subject Equals DN,cn=Certificate Mappers,cn=config";

    ArrayList<Modification> mods = newArrayList(
        new Modification(REPLACE, Attributes.create("ds-cfg-certificate-mapper", mapperDN)));
    ModifyOperation modifyOperation =
         getRootConnection().processModify(DN.valueOf(externalDN), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    replace("cn=EXTERNAL,cn=SASL Mechanisms,cn=config", "ds-cfg-certificate-mapper", mapperDN);
  }


@@ -558,19 +527,24 @@
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void setFingerprintAttribute(String attrName)
          throws Exception
  private void setFingerprintAttribute(String attrName) throws Exception
  {
    String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";
    replace(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-attribute", attrName);
  }

    ArrayList<Modification> mods = newArrayList(
        new Modification(REPLACE, Attributes.create("ds-cfg-fingerprint-attribute", attrName)));
    ModifyOperation modifyOperation =
         getRootConnection().processModify(DN.valueOf(mapperDN), mods);
  private void replace(String mapperDN, String attrName, String attrValues) throws DirectoryException
  {
    ModifyRequest modifyRequest = newModifyRequest(mapperDN).addModification(REPLACE, attrName, attrValues);
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }


  private void delete(String mapperDN, String attrName) throws DirectoryException
  {
    ModifyRequest modifyRequest = newModifyRequest(mapperDN).addModification(DELETE, attrName);
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

  /**
   * Alters the configuration of the fingerprint certificate mapper so that it
@@ -583,37 +557,7 @@
  private void setFingerprintAlgorithm(String algorithm)
          throws Exception
  {
    String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

    ArrayList<Modification> mods = newArrayList(
        new Modification(REPLACE, Attributes.create("ds-cfg-fingerprint-algorithm", algorithm)));
    ModifyOperation modifyOperation =
         getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }



  /**
   * Alters the configuration of the Subject DN to User Attribute certificate
   * mapper so that it will look for the subject DN below the specified set of
   * base DNs.
   *
   * @param  baseDNs  The set of base DNs to use when mapping certificates to
   *                  users.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void setBaseDNs(String[] baseDNs)
          throws Exception
  {
    String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

    ArrayList<Modification> mods = newArrayList(
        new Modification(REPLACE, Attributes.create("ds-cfg-user-base-dn", baseDNs)));
    ModifyOperation modifyOperation =
         getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    replace(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-algorithm", algorithm);
  }

  /**

 opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java

@@ -23,8 +23,9 @@
import org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.AdminTestCaseUtils;
@@ -36,21 +37,19 @@
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.tools.LDAPPasswordModify;
import org.opends.server.types.Attributes;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.extensions.ExtensionsConstants.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

@@ -1419,7 +1418,7 @@

    String dnStr = "cn=Default Password Policy,cn=Password Policies,cn=config";
    String attr = "ds-cfg-password-generator";
    applyPwdPolicyMods(dnStr, attr, null);
    applyPwdPolicyMods(dnStr, attr);


    String[] args =
@@ -1454,7 +1453,7 @@

    String dnStr = "cn=Default Password Policy,cn=Password Policies,cn=config";
    String attr = "ds-cfg-password-generator";
    applyPwdPolicyMods(dnStr, attr, null);
    applyPwdPolicyMods(dnStr, attr);

    String[] args =
    {
@@ -1506,7 +1505,7 @@
      assertFalse(0 == LDAPPasswordModify.mainPasswordModify(args, false, null, null));
    }
    finally {
      applyPwdPolicyMods(dnStr, attr, null);
      applyPwdPolicyMods(dnStr, attr);
    }
  }

@@ -1543,7 +1542,7 @@
      assertFalse(0 == LDAPPasswordModify.mainPasswordModify(args, false, null, null));
    }
    finally {
      applyPwdPolicyMods(dnStr, attr, null);
      applyPwdPolicyMods(dnStr, attr);
    }
  }

@@ -1835,23 +1834,19 @@
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
  }

  private void applyPwdPolicyMods(String pwPolDN, String attr, String value)
  private void applyPwdPolicyMods(String pwpDN, String attrName, Object... attrValues)
      throws DirectoryException
  {
    List<Modification> mods = newModifications(REPLACE, attr, value);
    ModifyOperation op = getRootConnection().processModify(DN.valueOf(pwPolDN), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(pwpDN)
.addModification(REPLACE, attrName, attrValues);
    ModifyOperation op = getRootConnection().processModify(modifyRequest);
    assertEquals(op.getResultCode(), ResultCode.SUCCESS);
  }

  private void setPasswordChangedTime(Entry userEntry) {
    List<Modification> mods = newModifications(REPLACE, "pwdchangedtime", "20050101000000.000Z");
    ModifyOperation op = getRootConnection().processModify(userEntry.getName(), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(from(userEntry.getName()))
        .addModification(REPLACE, "pwdchangedtime", "20050101000000.000Z");
    ModifyOperation op = getRootConnection().processModify(modifyRequest);
    assertEquals(op.getResultCode(), ResultCode.SUCCESS);
  }

  private List<Modification> newModifications(ModificationType modType, String attrName, String attrValue)
  {
    return newArrayList(new Modification(modType,
        attrValue == null ? Attributes.empty(attrName) : Attributes.create(attrName, attrValue)));
  }
}

 opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java

@@ -12,33 +12,31 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2010-2015 ForgeRock AS.
 * Portions Copyright 2010-2016 ForgeRock AS.
 */
package org.opends.server.extensions;

import java.util.ArrayList;

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.config.ConfigEntry;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.PasswordPolicy;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.schema.AuthPasswordSyntax;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.testng.Assert.*;

/** A set of generic test cases for password storage schemes. */
@@ -299,33 +297,25 @@
  {
    // This code was borrowed from
    // PasswordPolicyTestCase.testAllowPreEncodedPasswordsAuth
    boolean previousValue = false;
    try {
      DN dn = DN.valueOf("cn=Default Password Policy,cn=Password Policies,cn=config");
      PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
      previousValue = p.isAllowPreEncodedPasswords();
      final boolean previousValue = p.isAllowPreEncodedPasswords();

      String attr  = "ds-cfg-allow-pre-encoded-passwords";

      ArrayList<Modification> mods = new ArrayList<>();
      mods.add(new Modification(ModificationType.REPLACE,
          Attributes.create(attr, String.valueOf(allowPreencoded))));

      InternalClientConnection conn =
           InternalClientConnection.getRootConnection();
      ModifyOperation modifyOperation = conn.processModify(dn, mods);
      ModifyRequest modifyRequest = Requests.newModifyRequest("cn=Default Password Policy,cn=Password Policies,cn=config")
          .addModification(REPLACE, "ds-cfg-allow-pre-encoded-passwords", allowPreencoded);
      ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

      p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
      assertEquals(p.isAllowPreEncodedPasswords(), allowPreencoded);
      return previousValue;
    } catch (Exception e) {
      System.err.println("Failed to set ds-cfg-allow-pre-encoded-passwords " +
                         " to " + allowPreencoded);
      e.printStackTrace();
      throw e;
    }

    return previousValue;
  }

  protected static void testAuthPasswords(final String upperName,

 opendj-server-legacy/src/test/java/org/opends/server/extensions/SubjectAttributeToUserAttributeCertificateMapperTestCase.java

@@ -18,19 +18,16 @@
package org.opends.server.extensions;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.AdminTestCaseUtils;
import org.opends.server.admin.std.meta.SubjectAttributeToUserAttributeCertificateMapperCfgDefn;
@@ -38,14 +35,9 @@
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeBuilder;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
@@ -658,12 +650,9 @@
  {
    String mapperDN = "cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config";

    Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-subject-attribute-mapping"));

    ArrayList<Modification> mods = newArrayList(
        new Modification(ModificationType.DELETE, a));

    ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    ModifyRequest modifyRequest =
        newModifyRequest(mapperDN).addModification(DELETE, "ds-cfg-subject-attribute-mapping");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

@@ -778,8 +767,7 @@
    String mapperDN = "cn=Subject Attribute to User Attribute," +
                      "cn=Certificate Mappers,cn=config";

    Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
    assertModifyReplaceIsSuccess(externalDN, attr);
    assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
  }

  /**
@@ -794,8 +782,7 @@
    String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
    String mapperDN = "cn=Subject Equals DN,cn=Certificate Mappers,cn=config";

    Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
    assertModifyReplaceIsSuccess(externalDN, attr);
    assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
  }

  /**
@@ -806,13 +793,12 @@
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void setAttributeMappings(String... mappings) throws Exception
  private void setAttributeMappings(Object... mappings) throws Exception
  {
    String mapperDN = "cn=Subject Attribute to User Attribute," +
                      "cn=Certificate Mappers,cn=config";

    Attribute attr = Attributes.create("ds-cfg-subject-attribute-mapping", mappings);
    assertModifyReplaceIsSuccess(mapperDN, attr);
    assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-subject-attribute-mapping", mappings);
  }


@@ -827,18 +813,11 @@
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void setBaseDNs(String... baseDNs) throws Exception
  private void setBaseDNs(Object... baseDNs) throws Exception
  {
    String mapperDN = "cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config";

    AttributeType attrType = DirectoryServer.getAttributeType("ds-cfg-user-base-dn");
    AttributeBuilder builder = new AttributeBuilder(attrType);
    if (baseDNs != null)
    {
      builder.addAllStrings(Arrays.asList(baseDNs));
    }

    assertModifyReplaceIsSuccess(mapperDN, builder.toAttribute());
    assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-user-base-dn", baseDNs);
  }

  /**
@@ -893,10 +872,18 @@
    }
  }

  private void assertModifyReplaceIsSuccess(String dn, Attribute replaceAttr) throws DirectoryException
  private void assertModifyReplaceIsSuccess(String dn, String attrName, Object... attrValues) throws DirectoryException
  {
    ArrayList<Modification> mods = newArrayList(new Modification(REPLACE, replaceAttr));
    ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(dn), mods);
    ModifyRequest modifyRequest = newModifyRequest(dn);
    if (attrValues != null)
    {
      modifyRequest.addModification(REPLACE, attrName, attrValues);
    }
    else
    {
      modifyRequest.addModification(REPLACE, attrName);
    }
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }
}

 opendj-server-legacy/src/test/java/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapperTestCase.java

@@ -17,18 +17,16 @@
package org.opends.server.extensions;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.AdminTestCaseUtils;
import org.opends.server.admin.std.meta.SubjectDNToUserAttributeCertificateMapperCfgDefn;
@@ -36,15 +34,9 @@
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeBuilder;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
@@ -532,11 +524,10 @@
         throws Exception
  {
    String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";
    Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-subject-attribute"));

    ArrayList<Modification> mods = newArrayList(new Modification(ModificationType.DELETE, a));
    ModifyOperation modifyOperation =
        getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    ModifyRequest modifyRequest = newModifyRequest(mapperDN)
        .addModification(DELETE, "ds-cfg-subject-attribute");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

@@ -580,11 +571,9 @@
          throws Exception
  {
    String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
    String mapperDN =
         "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";
    String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";

    Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
    assertModifyReplaceIsSuccess(externalDN, attr);
    assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
  }


@@ -601,8 +590,7 @@
    String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
    String mapperDN = "cn=Subject Equals DN,cn=Certificate Mappers,cn=config";

    Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
    assertModifyReplaceIsSuccess(externalDN, attr);
    assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
  }


@@ -619,11 +607,9 @@
  private void setSubjectAttribute(String attrName)
          throws Exception
  {
    String mapperDN =
         "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";
    String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";

    Attribute attr = Attributes.create("ds-cfg-subject-attribute", attrName);
    assertModifyReplaceIsSuccess(mapperDN, attr);
    assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-subject-attribute", attrName);
  }


@@ -638,18 +624,11 @@
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  private void setBaseDNs(String[] baseDNs) throws Exception
  private void setBaseDNs(Object[] baseDNs) throws Exception
  {
    String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";

    AttributeType attrType = DirectoryServer.getAttributeType("ds-cfg-user-base-dn");
    AttributeBuilder builder = new AttributeBuilder(attrType);
    if (baseDNs != null)
    {
      builder.addAllStrings(Arrays.asList(baseDNs));
    }

    assertModifyReplaceIsSuccess(mapperDN, builder.toAttribute());
    assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-user-base-dn", baseDNs);
  }

  /**
@@ -711,10 +690,19 @@
    }
  }

  private void assertModifyReplaceIsSuccess(String mapperDN, Attribute attr) throws DirectoryException
  private void assertModifyReplaceIsSuccess(String mapperDN, String attrName, Object... attrValues)
      throws DirectoryException
  {
    ArrayList<Modification> mods = newArrayList(new Modification(REPLACE, attr));
    ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(mapperDN), mods);
    ModifyRequest modifyRequest = newModifyRequest(mapperDN);
    if (attrValues != null)
    {
      modifyRequest.addModification(REPLACE, attrName, attrValues);
    }
    else
    {
      modifyRequest.addModification(REPLACE, attrName);
    }
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }
}

 opendj-server-legacy/src/test/java/org/opends/server/extensions/WhoAmIExtendedOperationTestCase.java

@@ -12,15 +12,13 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.extensions;

import java.net.Socket;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
@@ -32,17 +30,18 @@
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPResultCode;
import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
import org.opends.server.tools.LDAPAuthenticationHandler;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPException;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import com.forgerock.opendj.cli.ClientException;

import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;
@@ -146,29 +145,16 @@
  public void testAsLDAPRootUser()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
      doSimpleBind(authHandler, "cn=Directory Manager", "password");
      assertNotNull(authHandler.requestAuthorizationIdentity());

    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
         new LDAPAuthenticationHandler(reader, writer, "localhost",
                                       nextMessageID);
    authHandler.doSimpleBind(3, ByteString.valueOfUtf8("cn=Directory Manager"),
                             ByteString.valueOfUtf8("password"),
                             new ArrayList<Control>(),
                             new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);

    LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
                                                new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
      conn.unbind();
    }
  }



  /**
   * Tests the use of the Who Am I? extended operation with an unauthenticated
   * LDAP connection.
@@ -179,21 +165,12 @@
  public void testAsLDAPAnonymous()
         throws Exception
  {
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);

    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
         new LDAPAuthenticationHandler(reader, writer, "localhost",
                                       nextMessageID);
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNull(authzID);

    LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
                                                new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
      assertNull(authHandler.requestAuthorizationIdentity());
      conn.unbind();
    }
  }


@@ -222,25 +199,15 @@
         "userPassword: password");


    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
         new LDAPAuthenticationHandler(reader, writer, "localhost",
                                       nextMessageID);
    authHandler.doSimpleBind(3, ByteString.valueOfUtf8("uid=test.user,o=test"),
                             ByteString.valueOfUtf8("password"),
                             new ArrayList<Control>(),
                             new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);
      doSimpleBind(authHandler, "uid=test.user,o=test", "password");
      assertNotNull(authHandler.requestAuthorizationIdentity());

    LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
                                                new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
      conn.unbind();
    }
  }


@@ -283,37 +250,24 @@
         "ds-privilege-name: bypass-acl",
         "ds-privilege-name: proxied-auth");

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
      // Bind as the proxy user with an alternate authorization identity, and use
      // the "Who Am I?" operation.
      HashMap<String,List<String>> saslProperties = new HashMap<>(2);
      saslProperties.put("authID", newArrayList("dn:uid=proxy.user,o=test"));
      saslProperties.put("authzID", newArrayList("dn:uid=test.user,o=test"));

      authHandler.doSASLPlain(ByteString.empty(),
          ByteString.valueOfUtf8("password"), saslProperties,
          new ArrayList<Control>(),
          new ArrayList<Control>());
      assertAuthzID(authHandler.requestAuthorizationIdentity(), "dn:uid=test.user,o=test");

    // Bind as the proxy user with an alternate authorization identity, and use
    // the "Who Am I?" operation.
    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
         new LDAPAuthenticationHandler(reader, writer, "localhost",
                                       nextMessageID);

    HashMap<String,List<String>> saslProperties = new HashMap<>(2);
    saslProperties.put("authID", newArrayList("dn:uid=proxy.user,o=test"));
    saslProperties.put("authzID", newArrayList("dn:uid=test.user,o=test"));

    authHandler.doSASLPlain(ByteString.empty(),
                            ByteString.valueOfUtf8("password"), saslProperties,
                            new ArrayList<Control>(),
                            new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);
    assertEquals(authzID.toString(), "dn:uid=test.user,o=test");


    // Close the connection to the server.
    LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
                                                new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
      conn.unbind();
    }
  }


@@ -355,54 +309,34 @@
         "ds-privilege-name: bypass-acl",
         "ds-privilege-name: proxied-auth");

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
      // Bind as the proxy user and use the "Who Am I?" operation, but without the
      // proxied auth control.
      doSimpleBind(authHandler, "uid=proxy.user,o=test", "password");
      assertAuthzID(authHandler.requestAuthorizationIdentity(), "dn:uid=proxy.user,o=test");

      // Use the "Who Am I?" operation again, this time with the proxy control.
      conn.writeMessage(
          new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST),
          new ProxiedAuthV2Control(ByteString.valueOfUtf8("dn:uid=test.user,o=test")));

    // Bind as the proxy user and use the "Who Am I?" operation, but without the
    // proxied auth control.
    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
         new LDAPAuthenticationHandler(reader, writer, "localhost",
                                       nextMessageID);
    authHandler.doSimpleBind(3, ByteString.valueOfUtf8("uid=proxy.user,o=test"),
                             ByteString.valueOfUtf8("password"),
                             new ArrayList<Control>(),
                             new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);
    assertEquals(authzID.toString(), "dn:uid=proxy.user,o=test");
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
      assertAuthzID(extendedResponse.getValue(), "dn:uid=test.user,o=test");


    // Use the "Who Am I?" operation again, this time with the proxy control.
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
    ArrayList<Control> requestControls = new ArrayList<>(1);
    requestControls.add(new ProxiedAuthV2Control(
         ByteString.valueOfUtf8("dn:uid=test.user,o=test")));
    LDAPMessage message = new LDAPMessage(nextMessageID.getAndIncrement(),
                                          extendedRequest, requestControls);
    writer.writeMessage(message);

    message = reader.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
    authzID = extendedResponse.getValue();
    assertNotNull(authzID);
    assertEquals(authzID.toString(), "dn:uid=test.user,o=test");


    // Close the connection to the server.
    message = new LDAPMessage(nextMessageID.getAndIncrement(),
                              new UnbindRequestProtocolOp());
    writer.writeMessage(message);
    s.close();
      conn.unbind();
    }
  }


  private void assertAuthzID(ByteString authzID, String expected)
  {
    assertNotNull(authzID);
    assertEquals(authzID.toString(), expected);
  }

  /**
   * Tests the use of the Who Am I? extended operation in conjunction with the
@@ -441,51 +375,33 @@
         "userPassword: password",
         "ds-privilege-name: bypass-acl");

    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);
      // Bind as the proxy user and use the "Who Am I?" operation, but without the
      // proxied auth control.
      doSimpleBind(authHandler, "uid=cantproxy.user,o=test", "password");
      assertAuthzID(authHandler.requestAuthorizationIdentity(), "dn:uid=cantproxy.user,o=test");

      // Use the "Who Am I?" operation again, this time with the proxy control.
      conn.writeMessage(
          new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST),
          new ProxiedAuthV2Control(ByteString.valueOfUtf8("dn:uid=test.user,o=test")));

    // Bind as the proxy user and use the "Who Am I?" operation, but without the
    // proxied auth control.
    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
         new LDAPAuthenticationHandler(reader, writer, "localhost",
                                       nextMessageID);
    authHandler.doSimpleBind(3,
                             ByteString.valueOfUtf8("uid=cantproxy.user,o=test"),
                             ByteString.valueOfUtf8("password"),
                             new ArrayList<Control>(),
                             new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);
    assertEquals(authzID.toString(), "dn:uid=cantproxy.user,o=test");
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.AUTHORIZATION_DENIED);
      assertNull(extendedResponse.getValue());

      conn.unbind();
    }
  }

    // Use the "Who Am I?" operation again, this time with the proxy control.
    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
    ArrayList<Control> requestControls = new ArrayList<>(1);
    requestControls.add(new ProxiedAuthV2Control(
         ByteString.valueOfUtf8("dn:uid=test.user,o=test")));
    LDAPMessage message = new LDAPMessage(nextMessageID.getAndIncrement(),
                                          extendedRequest, requestControls);
    writer.writeMessage(message);

    message = reader.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(),
                 LDAPResultCode.AUTHORIZATION_DENIED);
    assertNull(extendedResponse.getValue());


    // Close the connection to the server.
    message = new LDAPMessage(nextMessageID.getAndIncrement(),
                              new UnbindRequestProtocolOp());
    writer.writeMessage(message);
    s.close();
  private void doSimpleBind(LDAPAuthenticationHandler authHandler, String bindDn, String bindPwd)
      throws ClientException, LDAPException
  {
    authHandler.doSimpleBind(3, ByteString.valueOfUtf8(bindDn), ByteString.valueOfUtf8(bindPwd),
        new ArrayList<Control>(), new ArrayList<Control>());
  }
}


 opendj-server-legacy/src/test/java/org/opends/server/plugins/AttributeCleanupPluginTestCase.java

@@ -12,11 +12,12 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2011 profiq s.r.o.
 * Portions Copyright 2013-2015 ForgeRock AS.
 * Portions Copyright 2013-2016 ForgeRock AS.
 */
package org.opends.server.plugins;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Set;

@@ -32,18 +33,21 @@
import org.opends.server.api.plugin.PluginType;
import org.opends.server.core.AddOperationBasis;
import org.opends.server.core.ModifyOperationBasis;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.*;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.RawAttribute;
import org.opends.server.types.RawModification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

/**
 * Tests for the attribute cleanup plugin.
 */
/** Tests for the attribute cleanup plugin. */
@SuppressWarnings("javadoc")
public class AttributeCleanupPluginTestCase extends PluginTestCase
{
@@ -242,30 +246,15 @@
     * cn: Name Surname
     * sn: Surname
     */
    ArrayList<ByteString> values = new ArrayList<>();
    values.add(ByteString.valueOfUtf8("top"));
    values.add(ByteString.valueOfUtf8("person"));
    values.add(ByteString.valueOfUtf8("organizationalperson"));
    values.add(ByteString.valueOfUtf8("inetorgperson"));
    AddOperationBasis addOperation = add("dn: uid=test,dc=example,dc=com",
        RawAttribute.create("objectClass", toByteStrings("top", "person", "organizationalperson", "inetorgperson")),
        RawAttribute.create("uid", "test"),
        RawAttribute.create("cn", "Name Surname"),
        RawAttribute.create("sn", "Surname"));

    List<RawAttribute> rawAttributes = new ArrayList<>();
    rawAttributes.add(RawAttribute.create("objectClass", values));
    rawAttributes.add(RawAttribute.create("uid", "test"));
    rawAttributes.add(RawAttribute.create("cn", "Name Surname"));
    rawAttributes.add(RawAttribute.create("sn", "Surname"));

    AddOperationBasis addOperation =
      new AddOperationBasis(InternalClientConnection.getRootConnection(),
                            1,
                            1,
                            null,
                            ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
                            rawAttributes);

    /* Process the operation. The processing should continue. */

    PluginResult.PreParse res = plugin.doPreParse(addOperation);

    assertTrue(res.continueProcessing());

    /* Verify that the 'cn' attribute has been renamed to 'description'
@@ -289,7 +278,22 @@
    }

    fail();
  }

  private ArrayList<ByteString> toByteStrings(String... strings)
  {
    ArrayList<ByteString> results = new ArrayList<>(strings.length);
    for (String s : strings)
    {
      results.add(ByteString.valueOfUtf8(s));
    }
    return results;
  }

  private AddOperationBasis add(String entryDN, RawAttribute... rawAttributes)
  {
    return new AddOperationBasis(getRootConnection(), 1, 1, null,
        ByteString.valueOfUtf8(entryDN), Arrays.asList(rawAttributes));
  }

  /**
@@ -339,29 +343,14 @@
     * modifyTimeStamp: 2011091212400000Z
     * createTimeStamp: 2011091212400000Z
     */
    AddOperationBasis addOperation = add("dn: uid=test,dc=example,dc=com",
        RawAttribute.create("objectClass", toByteStrings("top", "person", "organizationalperson", "inetorgperson")),
        RawAttribute.create("uid", "test"),
        RawAttribute.create("cn", "Name Surname"),
        RawAttribute.create("sn", "Surname"),
        RawAttribute.create("modifyTimeStamp", "2011091212400000Z"),
        RawAttribute.create("createTimeStamp", "2011091212400000Z"));

    ArrayList<ByteString> values = new ArrayList<>();
    values.add(ByteString.valueOfUtf8("top"));
    values.add(ByteString.valueOfUtf8("person"));
    values.add(ByteString.valueOfUtf8("organizationalperson"));
    values.add(ByteString.valueOfUtf8("inetorgperson"));

    List<RawAttribute> rawAttributes = new ArrayList<>();

    rawAttributes.add(RawAttribute.create("objectClass", values));
    rawAttributes.add(RawAttribute.create("uid", "test"));
    rawAttributes.add(RawAttribute.create("cn", "Name Surname"));
    rawAttributes.add(RawAttribute.create("sn", "Surname"));
    rawAttributes.add(RawAttribute.create("modifyTimeStamp", "2011091212400000Z"));
    rawAttributes.add(RawAttribute.create("createTimeStamp", "2011091212400000Z"));

    AddOperationBasis addOperation =
      new AddOperationBasis(InternalClientConnection.getRootConnection(),
                            1,
                            1,
                            null,
                            ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
                            rawAttributes);

    /* Process the operation and expect the server to continue
     * processing the operation.
@@ -436,23 +425,9 @@
     * createTimeStamp: 2011091212400000Z
     * -
     */

    List<RawModification> rawMods= new ArrayList<>();

    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "modifyTimeStamp",
                                       "2011091212400000Z"));
    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "createTimeStamp",
                                       "2011091212400000Z"));

    ModifyOperationBasis modifyOperation =
      new ModifyOperationBasis(InternalClientConnection.getRootConnection(),
                               1,
                               1,
                               null,
                               ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
                               rawMods);
    ModifyOperationBasis modifyOperation = modify("dn: uid=test,dc=example,dc=com",
        newRawModification(REPLACE, "modifyTimeStamp", "2011091212400000Z"),
        newRawModification(REPLACE, "createTimeStamp", "2011091212400000Z"));

    /* Process the request. The result should be SUCCESS and the server
     * should stop the processing.
@@ -465,6 +440,11 @@

  }

  private ModifyOperationBasis modify(String entryDN, RawModification... rawMods)
  {
    return new ModifyOperationBasis(getRootConnection(), 1, 1, null, ByteString.valueOfUtf8(entryDN), newArrayList(rawMods));
  }

  /**
   * Verify the attribute renaming for a MODIFY operation.
   * @throws Exception in case of a bug.
@@ -516,29 +496,11 @@
     * createTimeStamp: 2011091212400000Z
     * -
     */

    List<RawModification> rawMods= new ArrayList<>();

    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "cn",
                                       "Test User"));
    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "sn",
                                       "User"));
    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "modifyTimeStamp",
                                       "2011091212400000Z"));
    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "createTimeStamp",
                                       "2011091212400000Z"));

    ModifyOperationBasis modifyOperation =
      new ModifyOperationBasis(InternalClientConnection.getRootConnection(),
                               1,
                               1,
                               null,
                               ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
                               rawMods);
    ModifyOperationBasis modifyOperation = modify("dn: uid=test,dc=example,dc=com",
        newRawModification(REPLACE, "cn", "Test User"),
        newRawModification(REPLACE, "sn", "User"),
        newRawModification(REPLACE, "modifyTimeStamp", "2011091212400000Z"),
        newRawModification(REPLACE, "createTimeStamp", "2011091212400000Z"));

    /* Process the MODIFY operation making sure the remaining number of
     * modifications is 2 and that the '*TimeStamp' modifications are
@@ -548,7 +510,7 @@

    assertEquals(modifyOperation.getRawModifications().size(), 2);

    rawMods = modifyOperation.getRawModifications();
    List<RawModification> rawMods = modifyOperation.getRawModifications();
    assertNotNull(rawMods);

    for(RawModification rawMod : rawMods )
@@ -566,6 +528,11 @@

  }

  private RawModification newRawModification(ModificationType modType, String attrName, String attrValue)
  {
    return RawModification.create(modType, attrName, attrValue);
  }


  /**
   * Verify the attribute renaming for the MODIFY operation.
@@ -611,40 +578,21 @@
     * replace: modifyTimeStamp
     * modifyTimeStamp: 2011091212400000Z
     */
    List<RawModification> rawMods= new ArrayList<>();

    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "cn",
                                       "Test User"));
    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "sn",
                                       "User"));
    rawMods.add(RawModification.create(ModificationType.REPLACE,
                                       "modifyTimeStamp",
                                       "2011091212400000Z"));

    ModifyOperationBasis modifyOperation =
      new ModifyOperationBasis(InternalClientConnection.getRootConnection(),
                               1,
                               1,
                               null,
                               ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
                               rawMods);
    ModifyOperationBasis modifyOperation = modify("dn: uid=test,dc=example,dc=com",
        newRawModification(REPLACE, "cn", "Test User"),
        newRawModification(REPLACE, "sn", "User"),
        newRawModification(REPLACE, "modifyTimeStamp", "2011091212400000Z"));

    /* Process the MODIFY operation. */

    PluginResult.PreParse res = plugin.doPreParse(modifyOperation);

    assertTrue(res.continueProcessing());

    /* Verify that the attribute has been properly renamed by comparing
     * the value of the attribute 'description' with the original value
     * of the 'modifyTimeStamp' attribute.
     */
    rawMods = modifyOperation.getRawModifications();

    List<RawModification> rawMods = modifyOperation.getRawModifications();
    assertNotNull(rawMods);

    for(RawModification rawMod : rawMods )
    {
      RawAttribute modAttr = rawMod.getAttribute();

 opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java

@@ -18,14 +18,14 @@
package org.opends.server.plugins;

import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;

import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.server.AdminTestCaseUtils;
@@ -43,11 +43,9 @@
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.types.Attributes;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.types.RDN;
import org.opends.server.types.SearchResultEntry;
import org.testng.annotations.AfterClass;
@@ -56,6 +54,7 @@
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.core.DirectoryServer.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
@@ -1024,10 +1023,10 @@
   * @param attrValStrings The values to add to the entry.
   */
  private ModifyOperation
  addAttrEntry(DN dn, String attrName, String... attrValStrings) {
    LinkedList<Modification> mods = newLinkedList(
        new Modification(ADD, Attributes.create(attrName, attrValStrings)));
    return getRootConnection().processModify(dn, mods);
  addAttrEntry(DN dn, String attrName, Object... attrValStrings) {
    ModifyRequest modifyRequest = Requests.newModifyRequest(from(dn))
        .addModification(ADD, attrName, attrValStrings);
    return getRootConnection().processModify(modifyRequest);
  }

  /**
@@ -1037,10 +1036,10 @@
   * @param attrName The attribute type to replace the values in.
   * @param attrValStrings The values to replace in the the entry.
   */
  private ModifyOperation  replaceAttrEntry(DN dn, String attrName, String... attrValStrings) {
    LinkedList<Modification> mods = newLinkedList(
        new Modification(REPLACE, Attributes.create(attrName, attrValStrings)));
    return getRootConnection().processModify(dn, mods);
  private ModifyOperation  replaceAttrEntry(DN dn, String attrName, Object... attrValStrings) {
    ModifyRequest modifyRequest = Requests.newModifyRequest(from(dn))
        .addModification(REPLACE, attrName, attrValStrings);
    return getRootConnection().processModify(modifyRequest);
  }

  /**
@@ -1053,13 +1052,11 @@
   */
  private void
  deleteAttrsEntry(DN dn, String... attrTypeStrings) throws Exception {
    LinkedList<Modification> mods = new LinkedList<>();
    ModifyRequest modifyRequest = Requests.newModifyRequest(from(dn));
    for(String attrTypeString : attrTypeStrings) {
      AttributeType attrType = getAttributeType(attrTypeString);
      mods.add(new Modification(ModificationType.DELETE,
          Attributes.empty(attrType)));
      modifyRequest.addModification(DELETE, attrTypeString);
    }
    getRootConnection().processModify(dn, mods);
    getRootConnection().processModify(modifyRequest);
  }

  private void deleteEntries(String... dns) throws Exception{

 opendj-server-legacy/src/test/java/org/opends/server/plugins/SambaPasswordPluginTestCase.java

@@ -17,6 +17,8 @@
package org.opends.server.plugins;

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.StaticUtils.*;
@@ -30,6 +32,8 @@
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperation;
@@ -141,13 +145,12 @@
     * Samba administrative user needs a permission to manipulate user accounts.
     * Hence, we add a very permissive ACI.
     */
    LinkedList<Modification> mods =
        newLinkedList(new Modification(ModificationType.ADD, Attributes.create("aci",
        "(target=\"ldap:///uid=*,o=test\")(targetattr=\"*\")"
            + "(version 3.0; acl \"Samba admin\"; allow (all) "
            + "userdn=\"ldap:///cn=samba admin,o=test\";)")));

    ModifyOperation modOp = getRootConnection().processModify(DN.valueOf("o=test"), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest("o=test")
        .addModification(ADD, "aci",
            "(target=\"ldap:///uid=*,o=test\")(targetattr=\"*\")"
                + "(version 3.0; acl \"Samba admin\"; allow (all) "
                + "userdn=\"ldap:///cn=samba admin,o=test\";)");
    ModifyOperation modOp = getRootConnection().processModify(modifyRequest);
    assertEquals(modOp.getResultCode(), ResultCode.SUCCESS);
  }

@@ -219,10 +222,9 @@
    TestCaseUtils.addEntry(testEntry);

    // Perform the modify operation
    LinkedList<Modification> mods = newLinkedList(
        new Modification(ModificationType.REPLACE, Attributes.create("userPassword", "password")));

    ModifyOperation modOp = getRootConnection().processModify(testEntry.getName(), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(from(testEntry.getName()))
        .addModification(REPLACE, "userPassword", "password");
    ModifyOperation modOp = getRootConnection().processModify(modifyRequest);
    assertEquals(modOp.getResultCode(), ResultCode.SUCCESS);

    // Verification of the change

 opendj-server-legacy/src/test/java/org/opends/server/protocols/internal/InternalClientConnectionTestCase.java

@@ -17,10 +17,10 @@
package org.opends.server.protocols.internal;

import java.util.ArrayList;
import java.util.List;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.TestCaseUtils;
@@ -33,7 +33,6 @@
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.ldap.LDAPAttribute;
import org.opends.server.protocols.ldap.LDAPModification;
import org.opends.server.types.Attributes;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.CancelRequest;
@@ -50,6 +49,7 @@
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.opends.server.util.CollectionUtils.*;
@@ -507,9 +507,7 @@
                                      "objectClass: device",
                                      "cn: test");

    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE,
        new LDAPAttribute("description", "This is a test")));
    List<RawModification> mods = newArrayList(RawModification.create(REPLACE, "description", "This is a test"));

    InternalClientConnection conn = getRootConnection();
    ModifyOperation modifyOperation =
@@ -535,9 +533,8 @@
                                      "objectClass: device",
                                      "cn: test");

    ArrayList<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.REPLACE,
        Attributes.create("description", "This is a test")));
    List<Modification> mods = newArrayList(
        new Modification(REPLACE, Attributes.create("description", "This is a test")));

    InternalClientConnection conn = getRootConnection();
    ModifyOperation modifyOperation =

 opendj-server-legacy/src/test/java/org/opends/server/protocols/internal/InternalLDAPSocketTestCase.java

@@ -12,13 +12,13 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.protocols.internal;

import java.util.ArrayList;
import java.util.Hashtable;
import java.util.LinkedHashSet;
import java.util.List;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
@@ -33,11 +33,21 @@

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.ldap.*;
import org.opends.server.protocols.ldap.AddRequestProtocolOp;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.CompareRequestProtocolOp;
import org.opends.server.protocols.ldap.DeleteRequestProtocolOp;
import org.opends.server.protocols.ldap.ExtendedRequestProtocolOp;
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPFilter;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPResultCode;
import org.opends.server.protocols.ldap.ModifyDNRequestProtocolOp;
import org.opends.server.protocols.ldap.ModifyRequestProtocolOp;
import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.types.DN;
@@ -46,13 +56,12 @@
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

/**
 * This class provides a number of tests to cover the internal LDAP socket
 * implementation.
 */
/** This class provides a number of tests to cover the internal LDAP socket implementation. */
public class InternalLDAPSocketTestCase extends InternalTestCase
{
  /**
@@ -80,38 +89,28 @@
    TestCaseUtils.initializeTestBackend(false);
    assertFalse(DirectoryServer.entryExists(DN.valueOf("o=test")));

    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      writer.writeMessage(bindRequestMessage());

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);
      LDAPMessage message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
      List<RawAttribute> attrList = newArrayList(
          RawAttribute.create("objectClass", "organization"),
          RawAttribute.create("o", "test"));

      AddRequestProtocolOp addRequest = new AddRequestProtocolOp(ByteString.valueOfUtf8("o=test"), attrList);
      writer.writeMessage(new LDAPMessage(2, addRequest));

    ArrayList<RawAttribute> attrList = new ArrayList<>();
    attrList.add(RawAttribute.create("objectClass", "organization"));
    attrList.add(RawAttribute.create("o", "test"));

    AddRequestProtocolOp addRequest =
         new AddRequestProtocolOp(ByteString.valueOfUtf8("o=test"), attrList);
    writer.writeMessage(new LDAPMessage(2, addRequest));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getAddResponseProtocolOp().getResultCode(),
                 LDAPResultCode.SUCCESS);
    assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

    reader.close();
    writer.close();
    socket.close();
      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getAddResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
      assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));
    }
  }


@@ -173,34 +172,24 @@
    TestCaseUtils.initializeTestBackend(true);
    assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      writer.writeMessage(bindRequestMessage());

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);
      LDAPMessage message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
      CompareRequestProtocolOp compareRequest =
          new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"), "o", ByteString.valueOfUtf8("test"));
      writer.writeMessage(new LDAPMessage(2, compareRequest));


    CompareRequestProtocolOp compareRequest =
         new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"), "o",
                                      ByteString.valueOfUtf8("test"));
    writer.writeMessage(new LDAPMessage(2, compareRequest));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getCompareResponseProtocolOp().getResultCode(),
                 LDAPResultCode.COMPARE_TRUE);

    reader.close();
    writer.close();
    socket.close();
      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getCompareResponseProtocolOp().getResultCode(), LDAPResultCode.COMPARE_TRUE);
    }
  }


@@ -257,34 +246,24 @@
    TestCaseUtils.initializeTestBackend(true);
    assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      writer.writeMessage(bindRequestMessage());

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);
      LDAPMessage message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
      DeleteRequestProtocolOp deleteRequest = new DeleteRequestProtocolOp(ByteString.valueOfUtf8("o=test"));
      writer.writeMessage(new LDAPMessage(2, deleteRequest));


    DeleteRequestProtocolOp deleteRequest =
         new DeleteRequestProtocolOp(ByteString.valueOfUtf8("o=test"));
    writer.writeMessage(new LDAPMessage(2, deleteRequest));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getDeleteResponseProtocolOp().getResultCode(),
                 LDAPResultCode.SUCCESS);
    assertFalse(DirectoryServer.entryExists(DN.valueOf("o=test")));

    reader.close();
    writer.close();
    socket.close();
      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getDeleteResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
      assertFalse(DirectoryServer.entryExists(DN.valueOf("o=test")));
    }
  }


@@ -331,37 +310,27 @@
  @Test
  public void testExtendedOperation() throws Exception
  {
    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      writer.writeMessage(bindRequestMessage());

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);
      LDAPMessage message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
      ExtendedRequestProtocolOp extendedRequest = new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
      writer.writeMessage(new LDAPMessage(2, extendedRequest));

      message = reader.readMessage();
      assertNotNull(message);

    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
    writer.writeMessage(new LDAPMessage(2, extendedRequest));

    message = reader.readMessage();
    assertNotNull(message);

    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
    assertTrue(extendedResponse.getValue().toString().equalsIgnoreCase(
                    "dn:cn=Directory Manager,cn=Root DNs,cn=config"));

    reader.close();
    writer.close();
    socket.close();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
      assertTrue(extendedResponse.getValue().toString().equalsIgnoreCase(
          "dn:cn=Directory Manager,cn=Root DNs,cn=config"));
    }
  }


@@ -378,36 +347,38 @@
    TestCaseUtils.initializeTestBackend(true);
    assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      writer.writeMessage(bindRequestMessage());

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
      LDAPMessage message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

      List<RawModification> mods = newArrayList(
          RawModification.create(REPLACE, "description", "foo"));

      ModifyRequestProtocolOp modifyRequest = new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
      writer.writeMessage(new LDAPMessage(2, modifyRequest));

      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getModifyResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
    }
  }



  /**
   * @return
   */
  private LDAPMessage bindRequestMessage()
  {
    BindRequestProtocolOp bindRequest = bindRequest();
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);


    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(RawModification.create(ModificationType.REPLACE, "description", "foo"));

    ModifyRequestProtocolOp modifyRequest =
         new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
    writer.writeMessage(new LDAPMessage(2, modifyRequest));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getModifyResponseProtocolOp().getResultCode(),
                 LDAPResultCode.SUCCESS);

    reader.close();
    writer.close();
    socket.close();
    return message;
  }


@@ -467,37 +438,42 @@
    assertTrue(DirectoryServer.entryExists(DN.valueOf("ou=People,o=test")));
    assertFalse(DirectoryServer.entryExists(DN.valueOf("ou=Users,o=test")));

    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      LDAPMessage message = bindRequestMessage();
      writer.writeMessage(message);

      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

      ModifyDNRequestProtocolOp modifyDNRequest =
          new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"), ByteString.valueOfUtf8("ou=Users"),
              true);
      writer.writeMessage(new LDAPMessage(2, modifyDNRequest));

      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getModifyDNResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);

      assertFalse(DirectoryServer.entryExists(DN.valueOf("ou=People,o=test")));
      assertTrue(DirectoryServer.entryExists(DN.valueOf("ou=Users,o=test")));
    }
  }



  /**
   * @return
   */
  private BindRequestProtocolOp bindRequest()
  {
    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);


    ModifyDNRequestProtocolOp modifyDNRequest =
         new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"),
                                       ByteString.valueOfUtf8("ou=Users"), true);
    writer.writeMessage(new LDAPMessage(2, modifyDNRequest));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getModifyDNResponseProtocolOp().getResultCode(),
                 LDAPResultCode.SUCCESS);

    assertFalse(DirectoryServer.entryExists(DN.valueOf("ou=People,o=test")));
    assertTrue(DirectoryServer.entryExists(DN.valueOf("ou=Users,o=test")));

    reader.close();
    writer.close();
    socket.close();
        new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"), 3, ByteString
            .valueOfUtf8("password"));
    return bindRequest;
  }


@@ -556,43 +532,29 @@
    TestCaseUtils.initializeTestBackend(true);
    assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

    InternalLDAPSocket socket = new InternalLDAPSocket();
    LDAPReader reader = new LDAPReader(socket);
    LDAPWriter writer = new LDAPWriter(socket);
    try (InternalLDAPSocket socket = new InternalLDAPSocket();
        LDAPReader reader = new LDAPReader(socket);
        LDAPWriter writer = new LDAPWriter(socket))
    {
      writer.writeMessage(bindRequestMessage());

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    writer.writeMessage(message);
      LDAPMessage message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
      SearchRequestProtocolOp searchRequest =
          new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"), SearchScope.BASE_OBJECT,
              DereferenceAliasesPolicy.NEVER, 0, 0, false, LDAPFilter.objectClassPresent(), new LinkedHashSet<String>());
      writer.writeMessage(new LDAPMessage(2, searchRequest));

      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getSearchResultEntryProtocolOp().getDN(), DN.valueOf("o=test"));

    SearchRequestProtocolOp searchRequest =
         new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
                                     SearchScope.BASE_OBJECT,
                                     DereferenceAliasesPolicy.NEVER,
                                     0, 0, false,
                                     LDAPFilter.objectClassPresent(),
                                     new LinkedHashSet<String>());
    writer.writeMessage(new LDAPMessage(2, searchRequest));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getSearchResultEntryProtocolOp().getDN(),
                 DN.valueOf("o=test"));

    message = reader.readMessage();
    assertNotNull(message);
    assertEquals(message.getSearchResultDoneProtocolOp().getResultCode(),
                 LDAPResultCode.SUCCESS);

    reader.close();
    writer.close();
    socket.close();
      message = reader.readMessage();
      assertNotNull(message);
      assertEquals(message.getSearchResultDoneProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
    }
  }


@@ -634,4 +596,3 @@
    context.close();
  }
}


 opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/JmxPrivilegeTestCase.java

@@ -28,6 +28,7 @@
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.TestCaseUtils;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
@@ -42,12 +43,22 @@
import org.opends.server.core.SchemaConfigManager;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.types.*;
import org.opends.server.types.Attributes;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.types.Operation;
import org.opends.server.types.Privilege;
import org.opends.server.types.RDN;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.messages.ProtocolMessages.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
@@ -820,8 +831,8 @@

  private void processModify(DN dn, ModificationType modType, String attrName, String attrValue)
  {
    ArrayList<Modification> mods = newModifications(modType, attrName, attrValue);
    ModifyOperation modifyOp = getRootConnection().processModify(dn, mods);
    ModifyOperation modifyOp = getRootConnection().processModify(
        Requests.newModifyRequest(from(dn)).addModification(modType, attrName, attrValue));
    assertEquals(modifyOp.getResultCode(), ResultCode.SUCCESS);
  }


 opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/LDAPBinaryOptionTestCase.java

@@ -17,6 +17,7 @@
package org.opends.server.protocols.ldap;

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.ldap.SearchScope.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.testng.Assert.*;
@@ -24,15 +25,14 @@
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.net.Socket;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.io.IOException;
import java.util.List;

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.AddRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.Backend;
import org.opends.server.core.DirectoryServer;
@@ -40,11 +40,12 @@
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.tools.LDAPModify;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.Attribute;
import org.opends.server.types.ExistingFileBehavior;
import org.opends.server.types.LDAPException;
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.RawAttribute;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.util.Base64;
import org.testng.annotations.BeforeClass;
@@ -232,76 +233,30 @@
  public void binaryOptionUsingV2() throws Exception
  {
    //Construct a V2 connection.
    try (Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
        org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
        org.opends.server.tools.LDAPWriter w = new org.opends.server.tools.LDAPWriter(s))
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);
      ArrayList<RawAttribute> addAttrs = new ArrayList<>();
      addAttrs.add(RawAttribute.create("objectClass", "inetOrgPerson"));
      addAttrs.add(RawAttribute.create("uid", "user.7"));
      addAttrs.add(RawAttribute.create("cn", "user 7"));
      addAttrs.add(RawAttribute.create("sn", "sn#1"));
      addAttrs.add(RawAttribute.create("sn;x-foo", "sn#2"));
      addAttrs.add(RawAttribute.create("sn;lang-fr", "sn#3"));
      addAttrs.add(RawAttribute.create("userCertificate;binary",
                                       ByteString.wrap(Base64.decode(CERT))));

      AddRequestProtocolOp addRequest =
           new AddRequestProtocolOp(ByteString.valueOfUtf8("uid=user.7,o=test"),
                                    addAttrs);
      message = new LDAPMessage(2, addRequest);
      w.writeMessage(message);

      message = r.readMessage();
      AddRequest addRequest = Requests.newAddRequest("uid=user.7,o=test")
          .addAttribute("objectClass", "inetOrgPerson")
          .addAttribute("uid", "user.7")
          .addAttribute("cn", "user 7")
          .addAttribute("sn", "sn#1")
          .addAttribute("sn;x-foo", "sn#2")
          .addAttribute("sn;lang-fr", "sn#3")
          .addAttribute("userCertificate;binary", ByteString.wrap(Base64.decode(CERT)));
      LDAPMessage message = conn.add(addRequest);
      AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
      assertEquals(addResponse.getResultCode(),0);

      //Create a SEARCH request to search for this added entry.
      LinkedHashSet<String> attrs = new LinkedHashSet<>();
      //Request only the interesting attributes.
      attrs.add("sn");
      attrs.add("userCertificate;binary");
      SearchRequestProtocolOp searchRequest =
         new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
                                     SearchScope.WHOLE_SUBTREE,
                                     DereferenceAliasesPolicy.NEVER, 0,
                                     0, false,
                                     LDAPFilter.decode("(uid=user.7)"),
                                     attrs);
      message = new LDAPMessage(2, searchRequest);
      w.writeMessage(message);

      SearchResultEntryProtocolOp searchResultEntry = null;
      SearchResultDoneProtocolOp searchResultDone = null;
      while (searchResultDone == null)
      {
        message = r.readMessage();
        switch (message.getProtocolOpType())
        {
          case LDAPConstants.OP_TYPE_SEARCH_RESULT_ENTRY:
            searchResultEntry = message.getSearchResultEntryProtocolOp();
            break;
          case LDAPConstants.OP_TYPE_SEARCH_RESULT_DONE:
            searchResultDone = message.getSearchResultDoneProtocolOp();
            assertEquals(searchResultDone.getResultCode(),
                         LDAPResultCode.SUCCESS);
            break;
        }
      }
      assertNotNull(searchResultEntry);
      conn.search(Requests.newSearchRequest("o=test", WHOLE_SUBTREE, "(uid=user.7)", "sn", "userCertificate;binary"));
      List<SearchResultEntryProtocolOp> entries = conn.readEntries();
      assertThat(entries).hasSize(1);
      boolean certWithNoOption = false;
      boolean snWithMultiVal = false;
      for(LDAPAttribute a:searchResultEntry.getAttributes())
      for (LDAPAttribute a : entries.get(0).getAttributes())
      {
        //Shouldn't be userCertificate;binary.
        if ("userCertificate".equalsIgnoreCase(a.getAttributeType()))
@@ -321,7 +276,14 @@
    }
  }

  private void bindLdapV2(RemoteConnection conn, String bindDN, String bindPwd) throws IOException, LDAPException
  {
    conn.writeMessage(new BindRequestProtocolOp(ByteString.valueOfUtf8(bindDN), 2, ByteString.valueOfUtf8(bindPwd)));

    LDAPMessage message = conn.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
  }

  /**
   * Test to verify that the DB stores the binary option by

 opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/LDAPv2TestCase.java

@@ -12,29 +12,37 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2010-2015 ForgeRock AS.
 * Portions Copyright 2010-2016 ForgeRock AS.
 */
package org.opends.server.protocols.ldap ;

import java.net.Socket;
import java.util.ArrayList;

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.TestCaseUtils;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.types.Control;
import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
import org.opends.server.types.RawAttribute;
import org.opends.server.types.RawModification;
import org.opends.server.util.StaticUtils;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.SearchScope.*;
import static org.forgerock.opendj.ldap.controls.GenericControl.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

import java.io.IOException;
import java.util.Arrays;

import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.Filter;
import org.forgerock.opendj.ldap.requests.AddRequest;
import org.forgerock.opendj.ldap.requests.CompareRequest;
import org.forgerock.opendj.ldap.requests.DeleteRequest;
import org.forgerock.opendj.ldap.requests.ModifyDNRequest;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.requests.SearchRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.Control;
import org.opends.server.types.LDAPException;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/**
 * This class provides a number of tests to ensure that the server interacts
 * with LDAPv2 clients as expected.
@@ -73,23 +81,9 @@
      "replace: ds-cfg-allow-ldap-v2",
      "ds-cfg-allow-ldap-v2: false");

    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(),
                   LDAPResultCode.PROTOCOL_ERROR);
      bindLdapV2(conn, "cn=Directory Manager", "password", LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
@@ -98,9 +92,6 @@
        "changetype: modify",
        "replace: ds-cfg-allow-ldap-v2",
        "ds-cfg-allow-ldap-v2: true");

      StaticUtils.close(r, w);
      StaticUtils.close(s);
    }
  }

@@ -116,34 +107,11 @@
  public void testRejectExtendedRequest()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);

      ExtendedRequestProtocolOp extendedRequest =
           new ExtendedRequestProtocolOp(OID_START_TLS_REQUEST);
      message = new LDAPMessage(2, extendedRequest);
      w.writeMessage(message);

      assertNull(r.readMessage());
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
      bindLdapV2(conn, "cn=Directory Manager", "password");
      conn.writeMessage(new ExtendedRequestProtocolOp(OID_START_TLS_REQUEST));
      assertNull(conn.readMessage());
    }
  }

@@ -159,46 +127,36 @@
  public void testRejectAddControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);
      AddRequest addRequest = Requests.newAddRequest("ou=People,o=test")
          .addAttribute("objectClass", "organizationalUnit")
          .addAttribute("ou", "People")
          .addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));

      ArrayList<RawAttribute> addAttrs = new ArrayList<>();
      addAttrs.add(RawAttribute.create("objectClass", "organizationalUnit"));
      addAttrs.add(RawAttribute.create("ou", "People"));

      AddRequestProtocolOp addRequest =
           new AddRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"), addAttrs);
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      message = new LDAPMessage(2, addRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      LDAPMessage message = conn.add(addRequest, false);
      AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
      assertEquals(addResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
    }
  }

  private void bindLdapV2(RemoteConnection conn, String bindDN, String bindPwd) throws IOException, LDAPException
  {
    bindLdapV2(conn, bindDN, bindPwd, LDAPResultCode.SUCCESS);
  }

  private void bindLdapV2(RemoteConnection conn, String bindDN, String bindPwd, int expectedRC, Control... controls)
      throws IOException, LDAPException
  {
    conn.writeMessage(new BindRequestProtocolOp(ByteString.valueOfUtf8(bindDN), 2, ByteString.valueOfUtf8(bindPwd)),
        Arrays.asList(controls));

    LDAPMessage message = conn.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), expectedRC);
  }

  /**
   * Tests to ensure that the server will reject an LDAPv2 bind request if it
@@ -210,34 +168,13 @@
  public void testRejectBindControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      LDAPMessage message = new LDAPMessage(1, bindRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
      bindLdapV2(conn, "cn=Directory Manager", "password",
          LDAPResultCode.PROTOCOL_ERROR, new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
    }
  }



  /**
   * Tests to ensure that the server will reject an LDAPv2 compare request if it
   * contains any controls.
@@ -248,41 +185,15 @@
  public void testRejectCompareControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);

      CompareRequestProtocolOp compareRequest =
           new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
                                        "o", ByteString.valueOfUtf8("test"));
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      message = new LDAPMessage(2, compareRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      CompareResponseProtocolOp compareResponse =
           message.getCompareResponseProtocolOp();
      assertEquals(compareResponse.getResultCode(),
                   LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
      CompareRequest compareRequest = newCompareRequest("o=test", "o", "test")
          .addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
      LDAPMessage message = conn.compare(compareRequest, false);
      CompareResponseProtocolOp compareResponse = message.getCompareResponseProtocolOp();
      assertEquals(compareResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
  }

@@ -298,40 +209,15 @@
  public void testRejectDeleteControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);

      DeleteRequestProtocolOp deleteRequest =
           new DeleteRequestProtocolOp(ByteString.valueOfUtf8("o=test"));
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      message = new LDAPMessage(2, deleteRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      DeleteResponseProtocolOp deleteResponse =
           message.getDeleteResponseProtocolOp();
      assertEquals(deleteResponse.getResultCode(),
                   LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
      DeleteRequest deleteRequest = newDeleteRequest("o=test")
          .addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
      LDAPMessage message = conn.delete(deleteRequest, false);
      DeleteResponseProtocolOp deleteResponse = message.getDeleteResponseProtocolOp();
      assertEquals(deleteResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
  }

@@ -347,43 +233,16 @@
  public void testRejectModifyControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);

      ArrayList<RawModification> mods = new ArrayList<>();
      mods.add(RawModification.create(ModificationType.REPLACE, "description", "foo"));

      ModifyRequestProtocolOp modifyRequest =
           new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      message = new LDAPMessage(2, modifyRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      ModifyResponseProtocolOp modifyResponse =
           message.getModifyResponseProtocolOp();
      assertEquals(modifyResponse.getResultCode(),
                   LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
      ModifyRequest modifyRequest = newModifyRequest("o=test")
          .addModification(REPLACE, "description", "foo")
          .addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
      LDAPMessage message = conn.modify(modifyRequest, false);
      ModifyResponseProtocolOp modifyResponse = message.getModifyResponseProtocolOp();
      assertEquals(modifyResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
  }

@@ -399,41 +258,15 @@
  public void testRejectModifyDNControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);

      ModifyDNRequestProtocolOp modifyDNRequest =
           new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
                                         ByteString.valueOfUtf8("cn=test"), false);
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      message = new LDAPMessage(2, modifyDNRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      ModifyDNResponseProtocolOp modifyDNResponse =
           message.getModifyDNResponseProtocolOp();
      assertEquals(modifyDNResponse.getResultCode(),
                   LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
      ModifyDNRequest modifyDNRequest = newModifyDNRequest("o=test", "cn=test")
          .addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
      LDAPMessage message = conn.modifyDN(modifyDNRequest, false);
      ModifyDNResponseProtocolOp modifyDNResponse = message.getModifyDNResponseProtocolOp();
      assertEquals(modifyDNResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
  }

@@ -449,43 +282,16 @@
  public void testRejectSearchControls()
         throws Exception
  {
    Socket     s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
    LDAPWriter w = new LDAPWriter(s);

    try
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      BindRequestProtocolOp bindRequest =
           new BindRequestProtocolOp(
                    ByteString.valueOfUtf8("cn=Directory Manager"), 2,
                    ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);
      bindLdapV2(conn, "cn=Directory Manager", "password");

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);

      SearchRequestProtocolOp searchRequest =
           new SearchRequestProtocolOp(ByteString.empty(),
                    SearchScope.BASE_OBJECT,
                    DereferenceAliasesPolicy.NEVER, 0, 0, false,
                    LDAPFilter.objectClassPresent(), null);
      ArrayList<Control> controls = new ArrayList<>(1);
      controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
      message = new LDAPMessage(2, searchRequest, controls);
      w.writeMessage(message);

      message = r.readMessage();
      SearchResultDoneProtocolOp searchDone =
           message.getSearchResultDoneProtocolOp();
      SearchRequest searchRequest = newSearchRequest(DN.rootDN(), BASE_OBJECT, Filter.objectClassPresent())
          .addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
      conn.search(searchRequest);
      LDAPMessage message = conn.readMessage();
      SearchResultDoneProtocolOp searchDone = message.getSearchResultDoneProtocolOp();
      assertEquals(searchDone.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
    }
    finally
    {
      StaticUtils.close(r, w);
      StaticUtils.close(s);
    }
  }
}


 opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/TestModifyRequestProtocolOp.java

@@ -12,7 +12,7 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2013-2015 ForgeRock AS.
 * Portions Copyright 2013-2016 ForgeRock AS.
 */
package org.opends.server.protocols.ldap;

@@ -27,8 +27,9 @@
import org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.opends.server.types.LDAPException;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.util.Utils;
import org.opends.server.types.LDAPException;
import org.opends.server.types.RawModification;
import org.testng.annotations.Test;

@@ -70,38 +71,37 @@
   *
   * @param numAttributes Number of attributes to generate. 0 will return
   *                      a empty list.
   * @param prefix        String to prefix the attribute values
   * @return              The generate attributes.
   *
   */
  private List<RawModification> generateModifications(int numAttributes,
                                                           String prefix)
  private List<RawModification> generateModifications(int numAttributes)
  {
    List<RawModification> modifies = new ArrayList<>();
    ModificationType modificationType;

    for(int i = 0; i < numAttributes; i++)
    {
      LDAPAttribute attribute = new LDAPAttribute("testAttribute" + i);
      switch(i % 4)
      {
        case 0 : modificationType = ModificationType.ADD;
          break;
        case 1 : modificationType = ModificationType.DELETE;
          break;
        case 2 : modificationType = ModificationType.REPLACE;
          break;
        case 3 : modificationType = ModificationType.INCREMENT;
          break;
        default : modificationType = ModificationType.ADD;
      }

      modifies.add(new LDAPModification(modificationType, attribute));
      modifies.add(new LDAPModification(toModificationType(i), attribute));
    }

    return modifies;
  }

  private ModificationType toModificationType(int i)
  {
    switch(i % 4)
    {
    case 0:
      return ModificationType.ADD;
    case 1:
      return ModificationType.DELETE;
    case 2:
      return ModificationType.REPLACE;
    case 3:
      return ModificationType.INCREMENT;
    default:
      return ModificationType.ADD;
    }
  }

  private Boolean modificationsEquals(List<RawModification> modifies1,
                                      List<RawModification> modifies2)
  {
@@ -174,7 +174,7 @@
    assertEquals(modifyRequest.getModifications().size(), 0);

    //Test to make sure the constructor with dn and attribute params works.
    modifications = generateModifications(10, "test");
    modifications = generateModifications(10);
    modifyRequest = new ModifyRequestProtocolOp(dn, modifications);
    assertEquals(modifyRequest.getDN(), dn);
    assertEquals(modifyRequest.getModifications(), modifications);
@@ -290,7 +290,7 @@


    //Test case for a full encode decode operation with normal params.
    modifies = generateModifications(10,"test");
    modifies = generateModifications(10);
    modifyEncoded = new ModifyRequestProtocolOp(dn, modifies);
    modifyEncoded.write(writer);
    ASN1Reader reader = ASN1.getReader(builder.toByteString());
@@ -302,7 +302,7 @@
                                   modifyDecoded.getModifications()));

    //Test case for a full encode decode operation with large modifications.
    modifies = generateModifications(100,"test");
    modifies = generateModifications(100);
    modifyEncoded = new ModifyRequestProtocolOp(dn, modifies);
    builder.clear();
    modifyEncoded.write(writer);
@@ -335,22 +335,12 @@
  {
    StringBuilder buffer = new StringBuilder();
    StringBuilder key = new StringBuilder();
    int numModifications = 10;
    List<RawModification> modifications =
        generateModifications(numModifications, "test");
    ModifyRequestProtocolOp modifyRequest =
        new ModifyRequestProtocolOp(dn, modifications);
    List<RawModification> modifications = generateModifications(10);
    ModifyRequestProtocolOp modifyRequest = new ModifyRequestProtocolOp(dn, modifications);
    modifyRequest.toString(buffer);

    key.append("ModifyRequest(dn=").append(dn).append(", mods={");
    for (int i = 0; i < numModifications; i++)
    {
      modifications.get(i).toString(key);
      if(i < numModifications - 1)
      {
        key.append(", ");
      }
    }
    Utils.joinAsString(key, ", ", modifications);
    key.append("})");

    assertEquals(buffer.toString(), key.toString());
@@ -369,8 +359,7 @@

    int numModifications = 10;
    int indent = 5;
    List<RawModification> modifications =
        generateModifications(numModifications, "test");
    List<RawModification> modifications = generateModifications(numModifications);
    ModifyRequestProtocolOp modifyRequest =
        new ModifyRequestProtocolOp(dn, modifications);
    modifyRequest.toString(buffer, indent);

 opendj-server-legacy/src/test/java/org/opends/server/replication/ReplicationTestCase.java

@@ -12,7 +12,7 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2010 Sun Microsystems, Inc.
 * Portions Copyright 2011-2015 ForgeRock AS.
 * Portions Copyright 2011-2016 ForgeRock AS.
 */
package org.opends.server.replication;

@@ -30,8 +30,11 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.std.server.ReplicationDomainCfg;
@@ -67,6 +70,7 @@

import static java.util.concurrent.TimeUnit.*;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.ResultCode.*;
import static org.forgerock.opendj.ldap.SearchScope.*;
@@ -600,6 +604,11 @@
    return newArrayList(new Modification(REPLACE, attr));
  }

  protected static ModifyRequest modifyRequest(DN entryDN, ModificationType modType, String attrName, String attrValue)
  {
    return Requests.newModifyRequest(from(entryDN)).addModification(modType, attrName, attrValue);
  }

  /** Utility method to create, run a task and check its result. */
  protected void task(String task) throws Exception
  {

 opendj-server-legacy/src/test/java/org/opends/server/replication/UpdateOperationTest.java

@@ -18,7 +18,6 @@

import java.net.SocketTimeoutException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Callable;

@@ -27,6 +26,8 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.AddOperation;
import org.opends.server.core.DeleteOperation;
@@ -36,10 +37,23 @@
import org.opends.server.plugins.ShortCircuitPlugin;
import org.opends.server.replication.common.CSN;
import org.opends.server.replication.common.CSNGenerator;
import org.opends.server.replication.protocol.*;
import org.opends.server.replication.protocol.AddMsg;
import org.opends.server.replication.protocol.DeleteMsg;
import org.opends.server.replication.protocol.HeartbeatThread;
import org.opends.server.replication.protocol.LDAPUpdateMsg;
import org.opends.server.replication.protocol.ModifyDNMsg;
import org.opends.server.replication.protocol.ModifyMsg;
import org.opends.server.replication.protocol.OperationContext;
import org.opends.server.replication.protocol.ReplicationMsg;
import org.opends.server.replication.service.ReplicationBroker;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.types.*;
import org.opends.server.types.Attribute;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.types.Operation;
import org.opends.server.types.OperationType;
import org.opends.server.types.RDN;
import org.opends.server.util.TestTimer;
import org.opends.server.util.TimeThread;
import org.testng.annotations.BeforeClass;
@@ -48,6 +62,7 @@

import static java.util.concurrent.TimeUnit.*;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.replication.plugin.LDAPReplicationDomain.*;
@@ -1116,8 +1131,7 @@
      assertClientReceivesExpectedMsg(broker, AddMsg.class, personEntry.getName());

      // Modify the entry
      List<Modification> mods = generatemods("telephonenumber", "01 02 45");
      connection.processModify(personEntry.getName(), mods);
      connection.processModify(modifyRequest(personEntry.getName(), REPLACE, "telephonenumber", "01 02 45"));
      assertClientReceivesExpectedMsg(broker, ModifyMsg.class, personEntry.getName());

      // Modify the entry DN
@@ -1157,7 +1171,7 @@
       * Test the reception of Modify Msg
       */
      ModifyMsg modMsg = new ModifyMsg(gen.newCSN(), personWithUUIDEntry.getName(),
          mods, user1entryUUID);
          generatemods("telephonenumber", "01 02 45"), user1entryUUID);
      modMsg.setAssured(assured);
      broker.publish(modMsg);

@@ -1340,9 +1354,9 @@
   */
  private static void setReceiveStatus(DN syncConfigDN, boolean enable)
  {
    Attribute attr = Attributes.create("ds-cfg-receive-status", enable ? "TRUE" : "FALSE");
    ModifyOperation modOp = getRootConnection().processModify(syncConfigDN,
        Arrays.asList(new Modification(ModificationType.REPLACE, attr)));
    String attrValue = enable ? "TRUE" : "FALSE";
    ModifyRequest request = modifyRequest(syncConfigDN, REPLACE, "ds-cfg-receive-status", attrValue);
    ModifyOperation modOp = getRootConnection().processModify(request);
    assertEquals(modOp.getResultCode(), ResultCode.SUCCESS, "Cannot set receive status");
  }

@@ -1382,8 +1396,7 @@
          "The entry has not been created");

      // Modify the entry
      List<Modification> mods = generatemods("telephonenumber", "01 02 45");
      connection.processModify(user3Entry.getName(), mods);
      connection.processModify(modifyRequest(user3Entry.getName(), REPLACE, "telephonenumber", "01 02 45"));

      // See if the client has received the msg
      ReplicationMsg msg = broker.receive();

 opendj-server-legacy/src/test/java/org/opends/server/replication/plugin/IsolationTest.java

@@ -12,23 +12,24 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2008-2009 Sun Microsystems, Inc.
 * Portions Copyright 2011-2015 ForgeRock AS.
 * Portions Copyright 2011-2016 ForgeRock AS.
 */
package org.opends.server.replication.plugin;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.testng.Assert.*;

import java.util.SortedSet;
import java.util.TreeSet;

import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.std.meta.ReplicationDomainCfgDefn.IsolationPolicy;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.replication.ReplicationTestCase;
import org.opends.server.types.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.testng.annotations.Test;

/**
@@ -66,13 +67,8 @@
      domain.start();

      // check that the updates fail with the unwilling to perform error.
      InternalClientConnection conn =
        InternalClientConnection.getRootConnection();
      ModifyOperation op =
        conn.processModify(baseDn, generatemods("description", "test"));

      // check that the update failed.
      assertEquals(ResultCode.UNWILLING_TO_PERFORM, op.getResultCode());
      ModifyOperation op = modify(baseDn, "description", "test");
      assertEquals(op.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);

      // now configure the domain to accept changes even though it is not
      // connected to any replication server.
@@ -80,7 +76,7 @@
      domain.applyConfigurationChange(domainConf);

      // try a new modify operation on the base entry.
      op = conn.processModify(baseDn, generatemods("description", "test"));
      op = modify(baseDn, "description", "test");

      // check that the operation was successful.
      assertEquals(op.getResultCode(), ResultCode.SUCCESS,
@@ -94,4 +90,9 @@
      }
    }
  }

  private ModifyOperation modify(DN baseDn, String attrName, String attrValue)
  {
    return getRootConnection().processModify(modifyRequest(baseDn, REPLACE, attrName, attrValue));
  }
}

 opendj-server-legacy/src/test/java/org/opends/server/tasks/DisconnectClientTaskTestCase.java

@@ -12,25 +12,30 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.tasks;

import java.net.Socket;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.ldap.ByteString;
import org.opends.server.TestCaseUtils;
import org.opends.server.extensions.GetConnectionIDExtendedOperation;
import org.opends.server.protocols.ldap.*;
import org.opends.server.types.DN;
import org.opends.server.util.StaticUtils;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.opends.server.util.ServerConstants.*;
import static org.testng.Assert.*;

import java.io.IOException;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.LdapException;
import org.opends.server.TestCaseUtils;
import org.opends.server.extensions.GetConnectionIDExtendedOperation;
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPConstants;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.LDAPResultCode;
import org.opends.server.tools.RemoteConnection;
import org.opends.server.types.DN;
import org.opends.server.types.LDAPException;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/** Tests the disconnect client task. */
public class DisconnectClientTaskTestCase
       extends TasksTestCase
@@ -60,64 +65,36 @@
         throws Exception
  {
    // Establish a connection to the server, bind, and get the connection ID.
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(s);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);
      long connectionID = getConnectionID(conn);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
      // Invoke the disconnect client task.
      String taskID = "Disconnect Client " + connectionID;
      LocalizableMessage disconnectMessage = LocalizableMessage.raw("testDisconnectWithNotification");
      DN taskDN = DN.valueOf("ds-task-id=" + taskID + ",cn=Scheduled Tasks,cn=Tasks");
      TestCaseUtils.addEntry(
          "dn: " + taskDN,
          "objectClass: top",
          "objectClass: ds-task",
          "objectClass: ds-task-disconnect",
          "ds-task-id: " + taskID,
          "ds-task-class-name: org.opends.server.tasks.DisconnectClientTask",
          "ds-task-disconnect-connection-id: " + connectionID,
          "ds-task-disconnect-notify-client: true",
          "ds-task-disconnect-message: " + disconnectMessage);

      waitTaskCompletedSuccessfully(taskDN);


    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_GET_CONNECTION_ID_EXTOP);
    message = new LDAPMessage(2, extendedRequest);
    w.writeMessage(message);

    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
    assertEquals(extendedResponse.getOID(), OID_GET_CONNECTION_ID_EXTOP);
    long connectionID = GetConnectionIDExtendedOperation.decodeResponseValue(
                             extendedResponse.getValue());


    // Invoke the disconnect client task.
    String taskID = "Disconnect Client " + connectionID;
    LocalizableMessage disconnectMessage = LocalizableMessage.raw("testDisconnectWithNotification");
    DN taskDN = DN.valueOf("ds-task-id=" + taskID +
                          ",cn=Scheduled Tasks,cn=Tasks");
    TestCaseUtils.addEntry(
      "dn: " + taskDN,
      "objectClass: top",
      "objectClass: ds-task",
      "objectClass: ds-task-disconnect",
      "ds-task-id: " + taskID,
      "ds-task-class-name: org.opends.server.tasks.DisconnectClientTask",
      "ds-task-disconnect-connection-id: " + connectionID,
      "ds-task-disconnect-notify-client: true",
      "ds-task-disconnect-message: " + disconnectMessage);

    waitTaskCompletedSuccessfully(taskDN);


    // Make sure that we get a notice of disconnection on the initial connection.
    message = r.readMessage();
    extendedResponse = message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getOID(),
                 LDAPConstants.OID_NOTICE_OF_DISCONNECTION);
    assertEquals(extendedResponse.getErrorMessage(), disconnectMessage);

    StaticUtils.close(s);
      // Make sure that we get a notice of disconnection on the initial connection.
      LDAPMessage message = conn.readMessage();
      ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
      assertEquals(extendedResponse.getOID(), LDAPConstants.OID_NOTICE_OF_DISCONNECTION);
      assertEquals(extendedResponse.getErrorMessage(), disconnectMessage);
    }
  }


@@ -133,57 +110,41 @@
         throws Exception
  {
    // Establish a connection to the server, bind, and get the connection ID.
    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    org.opends.server.tools.LDAPReader r =
        new org.opends.server.tools.LDAPReader(s);
    org.opends.server.tools.LDAPWriter w =
        new org.opends.server.tools.LDAPWriter(s);
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      conn.bind("cn=Directory Manager", "password");

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
                                   3, ByteString.valueOfUtf8("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeMessage(message);

    message = r.readMessage();
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
      long connectionID = getConnectionID(conn);


    ExtendedRequestProtocolOp extendedRequest =
         new ExtendedRequestProtocolOp(OID_GET_CONNECTION_ID_EXTOP);
    message = new LDAPMessage(2, extendedRequest);
    w.writeMessage(message);
      // Invoke the disconnect client task.
      String taskID = "Disconnect Client " + connectionID;
      DN taskDN = DN.valueOf("ds-task-id=" + taskID + ",cn=Scheduled Tasks,cn=Tasks");
      TestCaseUtils.addEntry(
          "dn: " + taskDN,
          "objectClass: top",
          "objectClass: ds-task",
          "objectClass: ds-task-disconnect",
          "ds-task-id: " + taskID,
          "ds-task-class-name: org.opends.server.tasks.DisconnectClientTask",
          "ds-task-disconnect-connection-id: " + connectionID,
          "ds-task-disconnect-notify-client: false");

    message = r.readMessage();
    ExtendedResponseProtocolOp extendedResponse =
         message.getExtendedResponseProtocolOp();
      waitTaskCompletedSuccessfully(taskDN);


      // Make sure that the client connection has been closed with no notice of disconnection.
      assertNull(conn.readMessage());
    }
  }

  private long getConnectionID(RemoteConnection conn) throws IOException, LDAPException, LdapException, DecodeException
  {
    LDAPMessage message = conn.extendedRequest(OID_GET_CONNECTION_ID_EXTOP);

    ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
    assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
    assertEquals(extendedResponse.getOID(), OID_GET_CONNECTION_ID_EXTOP);
    long connectionID = GetConnectionIDExtendedOperation.decodeResponseValue(
                             extendedResponse.getValue());


    // Invoke the disconnect client task.
    String taskID = "Disconnect Client " + connectionID;
    DN taskDN = DN.valueOf("ds-task-id=" + taskID +
                          ",cn=Scheduled Tasks,cn=Tasks");
    TestCaseUtils.addEntry(
      "dn: " + taskDN,
      "objectClass: top",
      "objectClass: ds-task",
      "objectClass: ds-task-disconnect",
      "ds-task-id: " + taskID,
      "ds-task-class-name: org.opends.server.tasks.DisconnectClientTask",
      "ds-task-disconnect-connection-id: " + connectionID,
      "ds-task-disconnect-notify-client: false");

    waitTaskCompletedSuccessfully(taskDN);


    // Make sure that the client connection has been closed with no notice of disconnection.
    assertNull(r.readMessage());

    StaticUtils.close(s);
    return GetConnectionIDExtendedOperation.decodeResponseValue(extendedResponse.getValue());
  }
}

 opendj-server-legacy/src/test/java/org/opends/server/tools/RebuildIndexTestCase.java

@@ -12,34 +12,26 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2013-2015 ForgeRock AS.
 * Portions Copyright 2013-2016 ForgeRock AS.
 */
package org.opends.server.tools;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.testng.Assert.*;

import java.util.ArrayList;

import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.Modification;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.testng.Assert.*;




/**
 * A set of test cases for the rebuild-index tool (see issue #1897).
 */
/** A set of test cases for the rebuild-index tool (see issue #1897). */
@SuppressWarnings("javadoc")
public class RebuildIndexTestCase
       extends ToolsTestCase
{
@@ -63,45 +55,26 @@
    configFilePath = DirectoryServer.getConfigFile();

    // Add the airius.com suffix to userRoot
    final InternalClientConnection rootConnection =
      InternalClientConnection.getRootConnection();
    final ArrayList<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.ADD,
        Attributes.create("ds-cfg-base-dn", baseDN)));
    // Backend should be disabled.
    mods.add(new Modification(ModificationType.REPLACE,
        Attributes.create("ds-cfg-enabled", "false")));
    final ModifyOperation modifyOperation =
         rootConnection.processModify(DN.valueOf(userRootDN), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(userRootDN)
        .addModification(ADD, "ds-cfg-base-dn", baseDN)
        .addModification(REPLACE, "ds-cfg-enabled", "false");
    final ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }


  /**
   * Performs necessary cleanup.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @AfterClass
  public void cleanup()
         throws Exception
  public void cleanup() throws Exception
  {
    // remove the airius.com suffix to userRoot
    final InternalClientConnection rootConnection =
      InternalClientConnection.getRootConnection();
    final ArrayList<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.DELETE,
        Attributes.create("ds-cfg-base-dn", baseDN)));
    mods.add(new Modification(ModificationType.REPLACE,
        Attributes.create("ds-cfg-enabled", "true")));
    final ModifyOperation modifyOperation =
         rootConnection.processModify(DN.valueOf(userRootDN), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(userRootDN)
        .addModification(DELETE, "ds-cfg-base-dn", baseDN)
        .addModification(REPLACE, "ds-cfg-enabled", "true");
    final ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

  /**
   * Tries to rebuild an index but the index doesn't exist in the base DN.
   */
  /** Tries to rebuild an index but the index doesn't exist in the base DN. */
  @Test
  public void testRebuildIndexOnNonExistentShouldFail()
  {
@@ -137,5 +110,5 @@
    };
    assertEquals(RebuildIndex.mainRebuildIndex(args, false, null, null), 0);
  }

}


 opendj-server-legacy/src/test/java/org/opends/server/tools/RemoteConnection.java

@@ -26,6 +26,7 @@
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
@@ -54,6 +55,7 @@
import org.opends.server.protocols.ldap.CompareResponseProtocolOp;
import org.opends.server.protocols.ldap.DeleteRequestProtocolOp;
import org.opends.server.protocols.ldap.DeleteResponseProtocolOp;
import org.opends.server.protocols.ldap.ExtendedRequestProtocolOp;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.ModifyDNRequestProtocolOp;
import org.opends.server.protocols.ldap.ModifyDNResponseProtocolOp;
@@ -63,16 +65,18 @@
import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
import org.opends.server.protocols.ldap.SearchResultDoneProtocolOp;
import org.opends.server.protocols.ldap.SearchResultEntryProtocolOp;
import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
import org.opends.server.types.LDAPException;

/** Modeled like an SDK Connection, but implemented using the servers' ProtocolOp classes */
@SuppressWarnings("javadoc")
public final class RemoteConnection implements Closeable
{
  private final String host;
  private final Socket socket;
  private LDAPReader r;
  private LDAPWriter w;
  private int messageID;
  private AtomicInteger messageID = new AtomicInteger(1);

  public RemoteConnection(String host, int port) throws Exception
  {
@@ -81,6 +85,7 @@

  public RemoteConnection(String host, int port, boolean secure) throws Exception
  {
    this.host = host;
    socket = secure ? getSslSocket(host, port) : new Socket(host, port);
    r = new LDAPReader(socket);
    w = new LDAPWriter(socket);
@@ -108,10 +113,10 @@
        .getControls());
  }

  public LDAPMessage bind(String bindDN, String bindPassword, Control... controls)
  public void bind(String bindDN, String bindPassword, Control... controls)
      throws IOException, LDAPException, LdapException
  {
    return bind(bindDN, bindPassword.getBytes(), true, Arrays.asList(controls));
    bind(bindDN, bindPassword.getBytes(), true, Arrays.asList(controls));
  }

  private LDAPMessage bind(String bindDN, byte[] bindPassword, boolean throwOnExceptionalResultCode,
@@ -127,6 +132,11 @@
    return message;
  }

  public void unbind() throws IOException, LDAPException, LdapException
  {
    writeMessage(new UnbindRequestProtocolOp());
  }

  public LDAPMessage add(AddRequest addRequest) throws IOException, LDAPException, LdapException
  {
    return add(addRequest, true);
@@ -268,8 +278,8 @@
    return delete(deleteRequest, true);
  }

  public LDAPMessage delete(DeleteRequest deleteRequest, boolean throwOnExceptionalResultCode) throws IOException,
      LDAPException, LdapException
  public LDAPMessage delete(DeleteRequest deleteRequest, boolean throwOnExceptionalResultCode)
      throws IOException, LDAPException, LdapException
  {
    writeMessage(new DeleteRequestProtocolOp(bs(deleteRequest.getName())), to(deleteRequest.getControls()));
    LDAPMessage message = r.readMessage();
@@ -281,6 +291,18 @@
    return message;
  }

  public LDAPMessage extendedRequest(String oid) throws IOException, LDAPException, LdapException
  {
    return extendedRequest(oid, null);
  }

  public LDAPMessage extendedRequest(String oid, ByteString requestValue)
      throws IOException, LDAPException, LdapException
  {
    writeMessage(new ExtendedRequestProtocolOp(oid, requestValue));
    return r.readMessage();
  }

  private ByteString bs(Object o)
  {
    return o != null ? ByteString.valueOfObject(o) : null;
@@ -288,12 +310,17 @@

  public void writeMessage(ProtocolOp protocolOp) throws IOException
  {
    writeMessage(protocolOp, null);
    writeMessage(protocolOp, (List<org.opends.server.types.Control>) null);
  }

  public void writeMessage(ProtocolOp protocolOp, List<org.opends.server.types.Control> controls) throws IOException
  {
    w.writeMessage(new LDAPMessage(++messageID, protocolOp, controls));
    w.writeMessage(new LDAPMessage(messageID.getAndIncrement(), protocolOp, controls));
  }

  public void writeMessage(ProtocolOp protocolOp, org.opends.server.types.Control control) throws IOException
  {
    w.writeMessage(new LDAPMessage(messageID.getAndIncrement(), protocolOp, Arrays.asList(control)));
  }

  public LDAPMessage readMessage() throws IOException, LDAPException
@@ -312,6 +339,16 @@
    return message;
  }

  public LDAPWriter getLdapWriter()
  {
    return this.w;
  }

  public LDAPAuthenticationHandler newLDAPAuthenticationHandler()
  {
    return new LDAPAuthenticationHandler(r, w, host, messageID);
  }

  @Override
  public void close() throws IOException
  {

 opendj-server-legacy/src/test/java/org/opends/server/tools/VerifyIndexTestCase.java

@@ -12,62 +12,44 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2008 Sun Microsystems, Inc.
 * Portions Copyright 2014-2015 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */
package org.opends.server.tools;


import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.testng.Assert.*;

import java.util.ArrayList;

import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyOperation;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.Modification;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;




/**
 * A set of test cases for the verify-index tool (see issue #1897).
 */
/** A set of test cases for the verify-index tool (see issue #1897). */
@SuppressWarnings("javadoc")
public class VerifyIndexTestCase
       extends ToolsTestCase
{

  private String configFilePath ;

  /**
   * Ensures that the Directory Server is running and performs other necessary
   * setup.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  /** Ensures that the Directory Server is running and performs other necessary setup. */
  @BeforeClass
  public void setup()
         throws Exception
  public void setup() throws Exception
  {
    TestCaseUtils.startServer();
    configFilePath = DirectoryServer.getConfigFile();

    // Add the airius.com suffix to userRoot
    InternalClientConnection rootConnection =
      InternalClientConnection.getRootConnection();
    ArrayList<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.ADD,
        Attributes.create("ds-cfg-base-dn", "o=airius.com")));
    String userRootDN  = "ds-cfg-backend-id=userRoot,cn=Backends,cn=config";
    ModifyOperation modifyOperation =
         rootConnection.processModify(DN.valueOf(userRootDN), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(userRootDN)
        .addModification(ADD, "ds-cfg-base-dn", "o=airius.com");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }

@@ -82,14 +64,10 @@
         throws Exception
  {
    // remove the airius.com suffix to userRoot
    InternalClientConnection rootConnection =
      InternalClientConnection.getRootConnection();
    ArrayList<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.DELETE,
        Attributes.create("ds-cfg-base-dn", "o=airius.com")));
    String userRootDN  = "ds-cfg-backend-id=userRoot,cn=Backends,cn=config";
    ModifyOperation modifyOperation =
         rootConnection.processModify(DN.valueOf(userRootDN), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(userRootDN)
        .addModification(DELETE, "ds-cfg-base-dn", "o=airius.com");
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }


 opendj-server-legacy/src/test/java/org/opends/server/types/PrivilegeTestCase.java

@@ -19,7 +19,6 @@
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.net.Socket;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -34,6 +33,7 @@
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege;
import org.opends.server.admin.std.meta.RootDNCfgDefn;
@@ -59,23 +59,22 @@
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.Requests;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
import org.opends.server.protocols.ldap.BindResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.tools.LDAPModify;
import org.opends.server.tools.LDAPPasswordModify;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.LDAPSearch;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.tools.RemoteConnection;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.forgerock.opendj.ldap.ResultCode.*;
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.opends.server.TestCaseUtils.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.testng.Assert.*;

/**
@@ -513,21 +512,16 @@
  {
    assertEquals(conn.hasPrivilege(Privilege.CONFIG_WRITE, null), hasPrivilege);

    List<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.REPLACE,
                              Attributes.create("ds-cfg-size-limit", "2000")));

    ModifyOperation modifyOperation =
         conn.processModify(DN.valueOf("cn=config"), mods);
    ModifyRequest modifyRequest = newModifyRequest("cn=config")
        .addModification(REPLACE, "ds-cfg-size-limit", "2000");
    ModifyOperation modifyOperation = conn.processModify(modifyRequest);
    assertPrivilege(modifyOperation.getResultCode(), hasPrivilege);

    if (hasPrivilege)
    {
      mods.clear();
      mods.add(new Modification(ModificationType.REPLACE,
          Attributes.create("ds-cfg-size-limit", "1000")));

      modifyOperation = conn.processModify(DN.valueOf("cn=config"), mods);
      modifyRequest = newModifyRequest("cn=config")
          .addModification(REPLACE, "ds-cfg-size-limit", "1000");
      modifyOperation = conn.processModify(modifyRequest);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    }
  }
@@ -637,23 +631,16 @@
    assertEquals(conn.hasPrivilege(Privilege.SUBENTRY_WRITE, null),
            hasPrivilege);

    List<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.REPLACE,
                              Attributes.create("subtreeSpecification",
                              "{base \"ou=doesnotexist\"}")));

    ModifyOperation modifyOperation =
         conn.processModify(DN.valueOf("cn=Subentry Target,o=test"), mods);
    ModifyRequest modifyRequest = newModifyRequest("cn=Subentry Target,o=test")
        .addModification(REPLACE, "subtreeSpecification", "{base \"ou=doesnotexist\"}");
    ModifyOperation modifyOperation = conn.processModify(modifyRequest);
    assertPrivilege(modifyOperation.getResultCode(), hasPrivilege);

    if (hasPrivilege)
    {
      mods.clear();
      mods.add(new Modification(ModificationType.REPLACE,
          Attributes.create("subtreeSpecification", "{}")));

      modifyOperation = conn.processModify(
              DN.valueOf("cn=Subentry Target,o=test"), mods);
      modifyRequest = newModifyRequest("cn=Subentry Target,o=test")
          .addModification(REPLACE, "subtreeSpecification", "{}");
      modifyOperation = conn.processModify(modifyRequest);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    }
  }
@@ -876,21 +863,16 @@
         "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE " +
         "X-ORIGIN 'PrivilegeTestCase' )";

    List<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.ADD,
        Attributes.create("attributetypes", attrDefinition)));

    ModifyOperation modifyOperation =
         conn.processModify(DN.valueOf("cn=schema"), mods);
    ModifyRequest modifyRequest = newModifyRequest("cn=schema")
        .addModification(ADD, "attributetypes", attrDefinition);
    ModifyOperation modifyOperation = conn.processModify(modifyRequest);
    assertPrivilege(modifyOperation.getResultCode(), hasPrivilege);

    if (hasPrivilege)
    {
      mods.clear();
      mods.add(new Modification(ModificationType.DELETE,
          Attributes.create("attributetypes", attrDefinition)));

      modifyOperation = conn.processModify(DN.valueOf("cn=schema"), mods);
      modifyRequest = newModifyRequest("cn=schema")
          .addModification(DELETE, "attributetypes", attrDefinition);
      modifyOperation = conn.processModify(modifyRequest);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
    }
  }
@@ -1203,13 +1185,8 @@


    // Try to modify the entry to add a description.
    List<Modification> mods = new ArrayList<>(1);
    mods.add(new Modification(ModificationType.REPLACE,
        Attributes.create("description", "foo")));

    ModifyOperation modifyOperation = new ModifyOperationBasis(conn, nextOperationID(), nextMessageID(),
                             controls, e.getName(), mods);
    modifyOperation.run();
    List<Modification> mods = newModifications(REPLACE, "description", "foo");
    ModifyOperation modifyOperation = runModifyOperation(conn, e, controls, mods);
    assertProxyPrivilege(modifyOperation.getResultCode(), hasProxyPrivilege);


@@ -1241,7 +1218,10 @@
    }
  }


  private List<Modification> newModifications(ModificationType modType, String attrName, String attrValue)
  {
    return newArrayList(new Modification(modType, Attributes.create(attrName, attrValue)));
  }

  /**
   * Tests to ensure that the use of the Directory Server will properly respect
@@ -1347,15 +1327,8 @@
    }


    // Try to modify the entry to add a description.
    List<Modification> mods = new ArrayList<>(1);
    mods.add(new Modification(ModificationType.REPLACE,
        Attributes.create("description", "foo")));

    ModifyOperation modifyOperation =
         new ModifyOperationBasis(conn, nextOperationID(), nextMessageID(),
                             controls, e.getName(), mods);
    modifyOperation.run();
    List<Modification> mods = newModifications(REPLACE, "description", "foo");
    ModifyOperation modifyOperation = runModifyOperation(conn, e, controls, mods);
    assertProxyPrivilege(modifyOperation.getResultCode(), hasProxyPrivilege);


@@ -1387,6 +1360,15 @@
    }
  }

  private ModifyOperation runModifyOperation(InternalClientConnection conn, Entry e, List<Control> controls,
      List<Modification> mods)
  {
    ModifyOperation op =
        new ModifyOperationBasis(conn, nextOperationID(), nextMessageID(), controls, e.getName(), mods);
    op.run();
    return op;
  }



  /**
@@ -2268,21 +2250,9 @@

    // We won't use an internal connection here because these are not notified
    // of dynamic changes to authentication info.
    try (Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort()))
    try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
    {
      TestCaseUtils.configureSocket(s);
      LDAPReader r = new LDAPReader(s);
      LDAPWriter w = new LDAPWriter(s);

      BindRequestProtocolOp bindRequest = new BindRequestProtocolOp(
          ByteString.valueOfUtf8("cn=Test User,o=test"), 3,
          ByteString.valueOfUtf8("password"));
      LDAPMessage message = new LDAPMessage(1, bindRequest);
      w.writeMessage(message);

      message = r.readMessage();
      BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
      assertEquals(bindResponse.getResultCode(), 0);
      conn.bind("cn=Test User,o=test", "password");

      CopyOnWriteArraySet<ClientConnection> connections = DirectoryServer
          .getAuthenticatedUsers().get(DN.valueOf("cn=Test User,o=test"));
@@ -2299,21 +2269,17 @@

      // Modify the user entry to add the CONFIG_READ privilege and verify that
      // the client connection reflects that.
      List<Modification> mods = new ArrayList<>();
      mods.add(new Modification(ModificationType.ADD, Attributes.create(
          "ds-privilege-name", "config-read")));
      ModifyOperation modifyOperation = rootConnection.processModify(
          DN.valueOf("cn=Test User,o=test"), mods);
      ModifyRequest modifyRequest = newModifyRequest("cn=Test User,o=test")
          .addModification(ADD, "ds-privilege-name", "config-read");
      ModifyOperation modifyOperation = rootConnection.processModify(modifyRequest);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
      assertTrue(testConnection.hasPrivilege(Privilege.CONFIG_READ, null));

      // Take the privilege away from the user and verify that it is recognized
      // immediately.
      mods.clear();
      mods.add(new Modification(ModificationType.DELETE, Attributes.create(
          "ds-privilege-name", "config-read")));
      modifyOperation = rootConnection.processModify(
          DN.valueOf("cn=Test User,o=test"), mods);
      modifyRequest = newModifyRequest("cn=Test User,o=test")
          .addModification(DELETE, "ds-privilege-name", "config-read");
      modifyOperation = rootConnection.processModify(modifyRequest);
      assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
      assertFalse(testConnection.hasPrivilege(Privilege.CONFIG_READ, null));

@@ -2346,11 +2312,9 @@
    // Update the set of root privileges to include proxied auth.
    InternalClientConnection internalRootConn = getRootConnection();

    List<Modification> mods = new ArrayList<>();
    mods.add(new Modification(ModificationType.ADD,
        Attributes.create("ds-cfg-default-root-privilege-name",
                                    "proxied-auth")));
    ModifyOperation modifyOperation = internalRootConn.processModify(DN.valueOf("cn=Root DNs,cn=config"), mods);
    ModifyRequest modifyRequest = newModifyRequest("cn=Root DNs,cn=config")
        .addModification(ADD, "ds-cfg-default-root-privilege-name", "proxied-auth");
    ModifyOperation modifyOperation = internalRootConn.processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);


@@ -2362,11 +2326,9 @@


    // Update the set of root privileges to revoke proxied auth.
    mods.clear();
    mods.add(new Modification(ModificationType.DELETE,
        Attributes.create("ds-cfg-default-root-privilege-name",
                                    "proxied-auth")));
    modifyOperation = internalRootConn.processModify(DN.valueOf("cn=Root DNs,cn=config"), mods);
    modifyRequest = newModifyRequest("cn=Root DNs,cn=config")
        .addModification(DELETE, "ds-cfg-default-root-privilege-name", "proxied-auth");
    modifyOperation = internalRootConn.processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);



 opendj-server-legacy/src/test/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElementTest.java

@@ -12,36 +12,32 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2006-2010 Sun Microsystems, Inc.
 * Portions Copyright 2011-2015 ForgeRock AS.
 * Portions Copyright 2011-2016 ForgeRock AS.
 */
package org.opends.server.workflowelement.localbackend;

import java.util.ArrayList;

import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.SearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.types.Attribute;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Modification;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.testng.Assert.*;

/**
 * This set of tests test the LocalBackendWorkflowElement.
 */
/** This set of tests test the LocalBackendWorkflowElement. */
@SuppressWarnings("javadoc")
public class LocalBackendWorkflowElementTest extends DirectoryServerTestCase
{
@@ -80,7 +76,7 @@

    // Add a new suffix in the backend and create a base entry for the new suffix
    String backendConfigDN = "ds-cfg-backend-id=userRoot," + DN_BACKEND_BASE;
    modifyAttribute(backendConfigDN, ModificationType.ADD, backendBaseDNName, suffix2);
    modifyAttribute(backendConfigDN, ADD, backendBaseDNName, suffix2);
    addBaseEntry(suffix2, "workflow suffix");

    // Both old and new suffix should be accessible.
@@ -88,14 +84,14 @@
    searchEntry(suffix2, ResultCode.SUCCESS);

    // Remove the new suffix...
    modifyAttribute(backendConfigDN, ModificationType.DELETE, backendBaseDNName, suffix2);
    modifyAttribute(backendConfigDN, DELETE, backendBaseDNName, suffix2);

    // ...and check that the removed suffix is no more accessible.
    searchEntry(suffix, ResultCode.SUCCESS);
    searchEntry(suffix2, ResultCode.NO_SUCH_OBJECT);

    // Replace the suffix with suffix2 in the backend
    modifyAttribute(backendConfigDN, ModificationType.REPLACE, backendBaseDNName, suffix2);
    modifyAttribute(backendConfigDN, REPLACE, backendBaseDNName, suffix2);

    // Now none of the suffixes are accessible: this means the entries
    // under the old suffix are not moved to the new suffix.
@@ -110,7 +106,7 @@
    searchEntry(suffix2, ResultCode.SUCCESS);

    // Reset the configuration with previous suffix
    modifyAttribute(backendConfigDN, ModificationType.REPLACE, backendBaseDNName, suffix);
    modifyAttribute(backendConfigDN, REPLACE, backendBaseDNName, suffix);
  }

  /**
@@ -256,16 +252,15 @@
   *
   * @param baseDN          the request base DN string
   * @param modType         the modification type (add/delete/replace)
   * @param attributeName   the name  of the attribute to add/delete/replace
   * @param attributeValue  the value of the attribute to add/delete/replace
   * @param attrName   the name  of the attribute to add/delete/replace
   * @param attrValue  the value of the attribute to add/delete/replace
   */
  private void modifyAttribute(String baseDN, ModificationType modType, String attributeName, String attributeValue)
  private void modifyAttribute(String baseDN, ModificationType modType, String attrName, String attrValue)
      throws Exception
  {
    ArrayList<Modification> mods = new ArrayList<>();
    Attribute attributeToModify = Attributes.create(attributeName, attributeValue);
    mods.add(new Modification(modType, attributeToModify));
    ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(baseDN), mods);
    ModifyRequest modifyRequest = Requests.newModifyRequest(baseDN)
        .addModification(modType, attrName, attrValue);
    ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
  }
}

			@@ -11,7 +11,7 @@
			* Header, with the fields enclosed by brackets [] replaced by your own identifying
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2013-2015 ForgeRock AS.
			* Copyright 2013-2016 ForgeRock AS.
			*/
			package org.forgerock.opendj.adapter.server3x;

			@@ -57,7 +57,6 @@
			import org.opends.server.core.DeleteOperation;
			import org.opends.server.core.ExtendedOperation;
			import org.opends.server.core.ModifyDNOperation;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.internal.InternalSearchListener;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			@@ -238,10 +237,7 @@

			@Override
			public Result modify(final ModifyRequest request) throws LdapException {
			final ModifyOperation modifyOperation =
			icc.processModify(valueOfObject(request.getName()), toRawModifications(request
			.getModifications()), to(request.getControls()));
			return getResponseResult(modifyOperation);
			return getResponseResult(icc.processModify(request));
			}

			@Override

			@@ -51,7 +51,6 @@
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.core.ServerContext;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.ldap.*;
			import org.opends.server.schema.SchemaConstants;
			import org.opends.server.schema.UserPasswordSyntax;
			@@ -72,6 +71,7 @@

			import static org.opends.messages.ExtensionMessages.*;
			import static org.opends.server.config.ConfigConstants.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.protocols.ldap.LDAPConstants.*;
			import static org.opends.server.util.StaticUtils.*;

			@@ -1531,10 +1531,8 @@
			OP_ATTR_PTAPOLICY_CACHED_PASSWORD_TIME,
			provider.getCurrentTime()));

			InternalClientConnection conn = InternalClientConnection
			.getRootConnection();
			ModifyOperation internalModify = conn.processModify(userEntry
			.getName().toString(), modifications);
			ModifyOperation internalModify = getRootConnection().processModify(
			ByteString.valueOfObject(userEntry.getName()), modifications);

			ResultCode resultCode = internalModify.getResultCode();
			if (resultCode != ResultCode.SUCCESS)

			@@ -31,6 +31,7 @@
			import org.forgerock.opendj.ldap.AttributeDescription;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.api.ClientConnection;
			import org.opends.server.api.ConnectionHandler;
			@@ -76,6 +77,7 @@
			import org.opends.server.util.ModifyChangeRecordEntry;
			import org.opends.server.util.ModifyDNChangeRecordEntry;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.opends.messages.ProtocolMessages.*;
			import static org.opends.server.config.ConfigConstants.*;
			import static org.opends.server.util.CollectionUtils.*;
			@@ -1427,55 +1429,6 @@
			return extendedOperation;
			}



			/**
			* Processes an internal modify operation with the provided
			* information.
			*
			* @param rawEntryDN The raw entry DN for this modify
			* operation.
			* @param rawModifications The set of modifications for this
			* modify operation.
			*
			* @return A reference to the modify operation that was processed
			* and contains information about the result of the
			* processing.
			*/
			public ModifyOperation processModify(String rawEntryDN,
			List<RawModification> rawModifications)
			{
			return processModify(ByteString.valueOfUtf8(rawEntryDN),
			rawModifications, null);
			}



			/**
			* Processes an internal modify operation with the provided
			* information.
			*
			* @param rawEntryDN The raw entry DN for this modify
			* operation.
			* @param rawModifications The set of modifications for this
			* modify operation.
			* @param controls The set of controls to include in the
			* request.
			*
			* @return A reference to the modify operation that was processed
			* and contains information about the result of the
			* processing.
			*/
			public ModifyOperation processModify(String rawEntryDN,
			List<RawModification> rawModifications,
			List<Control> controls)
			{
			return processModify(ByteString.valueOfUtf8(rawEntryDN),
			rawModifications, controls);
			}



			/**
			* Processes an internal modify operation with the provided
			* information.
			@@ -1497,22 +1450,7 @@



			/**
			* Processes an internal modify operation with the provided
			* information.
			*
			* @param rawEntryDN The raw entry DN for this modify
			* operation.
			* @param rawModifications The set of modifications for this
			* modify operation.
			* @param controls The set of controls to include in the
			* request.
			*
			* @return A reference to the modify operation that was processed
			* and contains information about the result of the
			* processing.
			*/
			public ModifyOperation processModify(ByteString rawEntryDN,
			private ModifyOperation processModify(ByteString rawEntryDN,
			List<RawModification> rawModifications,
			List<Control> controls)
			{
			@@ -1587,13 +1525,25 @@
			* and contains information about the result of the
			* processing.
			*/
			public ModifyOperation processModify(
			ModifyChangeRecordEntry modifyRecord)
			public ModifyOperation processModify(ModifyChangeRecordEntry modifyRecord)
			{
			return processModify(modifyRecord.getDN().toString(),
			modifyRecord.getModifications());
			return processModify(ByteString.valueOfObject(modifyRecord.getDN()),
			modifyRecord.getModifications(), null);
			}

			/**
			* Processes an internal modify operation with the provided information.
			*
			* @param modifyRequest
			* The modify request with information about the changes to perform.
			* @return A reference to the modify operation that was processed and contains information about
			* the result of the processing.
			*/
			public ModifyOperation processModify(ModifyRequest modifyRequest)
			{
			return processModify(ByteString.valueOfObject(modifyRequest.getName()),
			toRawModifications(modifyRequest.getModifications()), to(modifyRequest.getControls()));
			}


			/**

			@@ -12,7 +12,7 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2006-2008 Sun Microsystems, Inc.
			* Portions Copyright 2014-2015 ForgeRock AS.
			* Portions Copyright 2014-2016 ForgeRock AS.
			*/
			package org.opends.server.tasks;

			@@ -25,9 +25,8 @@
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.messages.TaskMessages;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.opends.server.admin.server.ServerManagementContext;
			import org.opends.server.admin.std.server.BackendCfg;
			import org.opends.server.admin.std.server.RootCfg;
			@@ -36,19 +35,19 @@
			import org.opends.server.config.StringConfigAttribute;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPModification;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.RawModification;
			import org.opends.server.util.CollectionUtils;
			import org.opends.server.util.ServerConstants;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.messages.ConfigMessages.*;
			import static org.opends.messages.TaskMessages.*;
			import static org.opends.messages.ToolMessages.*;
			import static org.opends.server.config.ConfigConstants.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.ServerConstants.*;
			import static org.opends.server.util.StaticUtils.*;

			/**
			@@ -222,20 +221,14 @@
			e.getMessageObject(), e);
			}

			LDAPAttribute a = new LDAPAttribute(ATTR_BACKEND_ENABLED, ServerConstants.TRUE_VALUE);
			LDAPModification m = new LDAPModification(ModificationType.REPLACE, a);

			ArrayList<RawModification> modList = CollectionUtils.<RawModification> newArrayList(m);

			String backendDNString = configEntryDN.toString();
			ByteString rawEntryDN = ByteString.valueOfUtf8(backendDNString);
			ModifyOperation internalModify = getRootConnection().processModify(rawEntryDN, modList);
			ModifyRequest modifyRequest = newModifyRequest(from(configEntryDN))
			.addModification(REPLACE, ATTR_BACKEND_ENABLED, TRUE_VALUE);
			ModifyOperation internalModify = getRootConnection().processModify(modifyRequest);

			ResultCode resultCode = internalModify.getResultCode();
			if (resultCode != ResultCode.SUCCESS)
			{
			LocalizableMessage message =
			TaskMessages.ERR_TASK_CANNOT_ENABLE_BACKEND.get(backendDNString);
			LocalizableMessage message = ERR_TASK_CANNOT_ENABLE_BACKEND.get(configEntryDN);
			throw new DirectoryException(resultCode, message);
			}
			}
			@@ -264,20 +257,14 @@
			e.getMessageObject(), e);
			}

			LDAPAttribute a = new LDAPAttribute(ATTR_BACKEND_ENABLED, ServerConstants.FALSE_VALUE);
			LDAPModification m = new LDAPModification(ModificationType.REPLACE, a);

			ArrayList<RawModification> modList = CollectionUtils.<RawModification> newArrayList(m);

			String backendDNString = configEntryDN.toString();
			ByteString rawEntryDN = ByteString.valueOfUtf8(backendDNString);
			ModifyOperation internalModify = getRootConnection().processModify(rawEntryDN, modList);
			ModifyRequest modifyRequest = newModifyRequest(from(configEntryDN))
			.addModification(REPLACE, ATTR_BACKEND_ENABLED, FALSE_VALUE);
			ModifyOperation internalModify = getRootConnection().processModify(modifyRequest);

			ResultCode resultCode = internalModify.getResultCode();
			if (resultCode != ResultCode.SUCCESS)
			{
			LocalizableMessage message =
			TaskMessages.ERR_TASK_CANNOT_DISABLE_BACKEND.get(backendDNString);
			LocalizableMessage message = ERR_TASK_CANNOT_DISABLE_BACKEND.get(configEntryDN);
			throw new DirectoryException(resultCode, message);
			}
			}

			@@ -21,26 +21,16 @@
			import static org.opends.server.TestCaseUtils.*;
			import static org.testng.Assert.*;

			import java.net.Socket;
			import java.util.ArrayList;
			import java.util.Set;

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.extensions.TestPasswordValidator;
			import org.opends.server.protocols.ldap.BindRequestProtocolOp;
			import org.opends.server.protocols.ldap.BindResponseProtocolOp;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPMessage;
			import org.opends.server.protocols.ldap.LDAPModification;
			import org.opends.server.protocols.ldap.ModifyRequestProtocolOp;
			import org.opends.server.protocols.ldap.ModifyResponseProtocolOp;
			import org.opends.server.tools.LDAPPasswordModify;
			import org.opends.server.tools.LDAPWriter;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.RawModification;
			import org.testng.annotations.AfterClass;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;
			@@ -417,41 +407,15 @@
			"ds-privilege-name: bypass-acl",
			"userPassword: password");

			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			conn.bind("uid=test.user,o=test", "password");
			conn.modify(newModifyRequest("uid=test.user,o=test")
			.addModification(REPLACE, "userPassword", "newPassword"));

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);
			TestCaseUtils.configureSocket(s);

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("uid=test.user,o=test"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			LDAPAttribute attr = new LDAPAttribute("userPassword", "newPassword");
			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE, attr));

			ModifyRequestProtocolOp modifyRequest =
			new ModifyRequestProtocolOp(
			ByteString.valueOfUtf8("uid=test.user,o=test"), mods);
			message = new LDAPMessage(2, modifyRequest);
			w.writeMessage(message);

			message = r.readMessage();
			ModifyResponseProtocolOp modifyResponse =
			message.getModifyResponseProtocolOp();
			assertEquals(modifyResponse.getResultCode(), 0);

			assertEquals(TestPasswordValidator.getLastNewPassword(),
			ByteString.valueOfUtf8("newPassword"));
			assertTrue(TestPasswordValidator.getLastCurrentPasswords().isEmpty());
			assertEquals(TestPasswordValidator.getLastNewPassword(), ByteString.valueOfUtf8("newPassword"));
			assertTrue(TestPasswordValidator.getLastCurrentPasswords().isEmpty());
			}
			}

			@@ -11,14 +11,17 @@
			* Header, with the fields enclosed by brackets [] replaced by your own identifying
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2014-2015 ForgeRock AS.
			* Copyright 2014-2016 ForgeRock AS.
			*/
			package org.opends.server.backends;

			import static java.util.concurrent.TimeUnit.*;

			import static org.assertj.core.api.Assertions.*;
			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.ResultCode.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.messages.ReplicationMessages.*;
			import static org.opends.server.TestCaseUtils.*;
			import static org.opends.server.replication.protocol.OperationContext.*;
			@@ -45,7 +48,6 @@
			import org.assertj.core.api.SoftAssertions;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.admin.std.server.ExternalChangelogDomainCfg;
			@@ -688,12 +690,15 @@
			"telephonenumber: 131313");

			// mod 'sn' of fiona with 'sn' configured as ecl-incl-att
			final ModifyOperation modOp1 = connection.processModify(uentry1.getName(), createAttributeModif("sn", "newsn"));
			final ModifyOperation modOp1 = connection.processModify(
			newModifyRequest(from(uentry1.getName()))
			.addModification(REPLACE, "sn", "newsn"));
			waitForSearchOpResult(modOp1, ResultCode.SUCCESS);

			// mod 'telephonenumber' of robert
			final ModifyOperation modOp2 = connection.processModify(uentry2.getName(),
			createAttributeModif("telephonenumber", "555555"));
			final ModifyOperation modOp2 = connection.processModify(
			newModifyRequest(from(uentry2.getName()))
			.addModification(REPLACE, "telephonenumber", "555555"));
			waitForSearchOpResult(modOp2, ResultCode.SUCCESS);

			// moddn robert to robert2
			@@ -1204,16 +1209,10 @@
			{
			assertSameServerId(replicaId, csn);
			DN baseDN = DN.valueOf("uid=" + testName + "3," + replicaId.getBaseDN());
			List<Modification> mods = createAttributeModif("description", "new value");
			List<Modification> mods = newArrayList(new Modification(REPLACE, Attributes.create("description", "new value")));
			return new ModifyMsg(csn, baseDN, mods, testName + "uuid3");
			}

			private List<Modification> createAttributeModif(String attributeName, String valueString)
			{
			Attribute attr = Attributes.create(attributeName, valueString);
			return newArrayList(new Modification(ModificationType.REPLACE, attr));
			}

			private UpdateMsg generateModDNMsg(ReplicaId replicaId, CSN csn, String testName) throws Exception
			{
			assertSameServerId(replicaId, csn);

			@@ -103,16 +103,18 @@
			"userPassword: password",
			"ds-privilege-name: bypass-acl");

			try (RemoteConnection c = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPMessage bindMessage = c.bind("uid=test.user,o=test", "password", newPasswordPolicyControl());
			SimpleBindRequest bindRequest = newSimpleBindRequest("uid=test.user,o=test", "password".toCharArray())
			.addControl(newPasswordPolicyControl());
			LDAPMessage bindMessage = conn.bind(bindRequest, false);
			assertTrue(passwordPolicyControlExists(bindMessage.getControls(), PasswordPolicyErrorType.CHANGE_AFTER_RESET));

			AddRequest addRequest = newAddRequest("ou=People,o=test")
			.addAttribute("objectClass", "organizationalUnit")
			.addAttribute("ou", "People")
			.addControl(newPasswordPolicyControl());
			LDAPMessage message = c.add(addRequest, false);
			LDAPMessage message = conn.add(addRequest, false);

			AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
			assertNotEquals(addResponse.getResultCode(), LDAPResultCode.SUCCESS);

			@@ -12,11 +12,12 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2006-2010 Sun Microsystems, Inc.
			* Portions Copyright 2014-2015 ForgeRock AS.
			* Portions Copyright 2014-2016 ForgeRock AS.
			*/
			package org.opends.server.controls;

			import static org.assertj.core.api.Assertions.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.TestCaseUtils.*;
			import static org.opends.server.controls.PersistentSearchChangeType.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			@@ -24,7 +25,11 @@
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;

			import java.util.*;
			import java.util.EnumSet;
			import java.util.HashMap;
			import java.util.HashSet;
			import java.util.Map;
			import java.util.Set;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.opendj.io.ASN1;
			@@ -34,18 +39,19 @@
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.util.Utils;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPControl;
			import org.opends.server.protocols.ldap.LDAPModification;
			import org.opends.server.protocols.ldap.LDAPReader;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.types.*;
			import org.opends.server.types.CancelRequest;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.LDAPException;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			@@ -507,15 +513,9 @@
			{
			TestCaseUtils.initializeTestBackend(true);
			//Modify the configuration to allow only 1 concurrent persistent search.
			InternalClientConnection conn = getRootConnection();

			LDAPAttribute attr = new LDAPAttribute("ds-cfg-max-psearches", "1");

			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE, attr));

			ModifyOperation modifyOperation =
			conn.processModify(ByteString.valueOfUtf8("cn=config"), mods);
			ModifyRequest modifyRequest = newModifyRequest("cn=config")
			.addModification(ModificationType.REPLACE, "ds-cfg-max-psearches", "1");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			//Create a persistent search request.
			@@ -524,7 +524,7 @@
			.setTypesOnly(true)
			.addAttribute("cn")
			.addControl(new PersistentSearchControl(changeTypes, true, true));
			final InternalSearchOperation search = conn.processSearch(request);
			final InternalSearchOperation search = getRootConnection().processSearch(request);

			Thread t = new Thread(new Runnable() {
			@Override

			@@ -20,7 +20,6 @@
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;

			import java.net.Socket;
			import java.util.ArrayList;
			import java.util.LinkedHashSet;

			@@ -54,14 +53,12 @@
			import org.opends.server.protocols.ldap.ModifyResponseProtocolOp;
			import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
			import org.opends.server.protocols.ldap.SearchResultDoneProtocolOp;
			import org.opends.server.tools.LDAPWriter;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.CancelRequest;
			import org.opends.server.types.Control;
			import org.opends.server.types.Operation;
			import org.opends.server.types.RawAttribute;
			import org.opends.server.types.RawModification;
			import org.opends.server.util.StaticUtils;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			@@ -202,20 +199,14 @@
			{
			// Establish a connection to the server. It can be unauthenticated for the
			// purpose of this test.
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPWriter w = new LDAPWriter(s);
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			// Send the abandon request to the server and wait a few seconds to ensure
			// it has completed before closing the connection.
			conn.writeMessage(new AbandonRequestProtocolOp(1), DisconnectClientPlugin.createDisconnectControlList("PreParse"));


			// Send the abandon request to the server and wait a few seconds to ensure
			// it has completed before closing the connection.
			AbandonRequestProtocolOp abandonRequest = new AbandonRequestProtocolOp(1);
			LDAPMessage message = new LDAPMessage(2, abandonRequest,
			DisconnectClientPlugin.createDisconnectControlList("PreParse"));
			w.writeMessage(message);

			Thread.sleep(3000);

			StaticUtils.close(s);
			Thread.sleep(3000);
			}

			// NOTE: We can't check to see if pre-parse plugins were called yet
			// because there's no plugin ordering. It's possible that the
			@@ -237,18 +228,14 @@
			{
			// Establish a connection to the server. It can be unauthenticated for the
			// purpose of this test.
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPWriter w = new LDAPWriter(s);
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			// Send the abandon request to the server and wait a few seconds to ensure
			// it has completed before closing the connection.
			conn.writeMessage(new AbandonRequestProtocolOp(1));


			// Send the abandon request to the server and wait a few seconds to ensure
			// it has completed before closing the connection.
			AbandonRequestProtocolOp abandonRequest = new AbandonRequestProtocolOp(1);
			w.writeMessage(new LDAPMessage(2, abandonRequest));

			Thread.sleep(3000);

			s.close();
			Thread.sleep(3000);
			}
			}

			@@ -12,18 +12,17 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2008-2010 Sun Microsystems, Inc.
			* Portions Copyright 2011-2015 ForgeRock AS.
			* Portions Copyright 2011-2016 ForgeRock AS.
			*/
			package org.opends.server.core;

			import java.util.LinkedHashSet;
			import java.util.LinkedList;
			import java.util.List;
			import java.util.Set;

			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.std.server.GroupImplementationCfg;
			import org.opends.server.api.Group;
			@@ -35,20 +34,20 @@
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.tools.LDAPDelete;
			import org.opends.server.tools.LDAPModify;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.MemberList;
			import org.opends.server.types.MembershipException;
			import org.opends.server.types.Modification;
			import org.opends.server.types.RDN;
			import org.opends.server.types.SearchFilter;
			import org.testng.annotations.AfterClass;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.protocols.internal.Requests.*;
			import static org.opends.server.util.ServerConstants.*;
			@@ -236,34 +235,23 @@
			//Add even numbered members.
			group1Instance.addMember(user2Entry);
			group1Instance.addMember(user4Entry);

			//Switch things around, change groups and members to odd numbered nested
			//groups and odd numbered members via ldap modify.
			LinkedList<Modification> mods = new LinkedList<>();
			Attribute g1 = Attributes.create("member", "cn=group 1,ou=Groups,o=test");
			Attribute g2 = Attributes.create("member", "cn=group 2,ou=Groups,o=test");
			Attribute g3 = Attributes.create("member", "cn=group 3,ou=Groups,o=test");
			Attribute g4 = Attributes.create("member", "cn=group 4,ou=Groups,o=test");
			Attribute u1 = Attributes.create("member", "uid=user.1,ou=People,o=test");
			Attribute u2 = Attributes.create("member", "uid=user.2,ou=People,o=test");
			Attribute u3 = Attributes.create("member", "uid=user.3,ou=People,o=test");
			Attribute u4 = Attributes.create("member", "uid=user.4,ou=People,o=test");
			Attribute u5 = Attributes.create("member", "uid=user.5,ou=People,o=test");
			//Delete even groups and users.
			mods.add(new Modification(ModificationType.DELETE, g2));
			mods.add(new Modification(ModificationType.DELETE, g4));
			mods.add(new Modification(ModificationType.DELETE, u2));
			mods.add(new Modification(ModificationType.DELETE, u4));
			final ModifyRequest modifyRequest = newModifyRequest(from(group1Instance.getGroupDN()));
			modifyRequest.addModification(DELETE, "member", "cn=group 2,ou=Groups,o=test");
			modifyRequest.addModification(DELETE, "member", "cn=group 4,ou=Groups,o=test");
			modifyRequest.addModification(DELETE, "member", "uid=user.2,ou=People,o=test");
			modifyRequest.addModification(DELETE, "member", "uid=user.4,ou=People,o=test");
			//Add odd groups and users.
			mods.add(new Modification(ModificationType.ADD, g1));
			mods.add(new Modification(ModificationType.ADD, g3));
			mods.add(new Modification(ModificationType.ADD, u1));
			mods.add(new Modification(ModificationType.ADD, u3));
			mods.add(new Modification(ModificationType.ADD, u5));
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyOperation modifyOperation =
			conn.processModify(group1Instance.getGroupDN(), mods);
			modifyRequest.addModification(ADD, "member", "cn=group 1,ou=Groups,o=test");
			modifyRequest.addModification(ADD, "member", "cn=group 3,ou=Groups,o=test");
			modifyRequest.addModification(ADD, "member", "uid=user.1,ou=People,o=test");
			modifyRequest.addModification(ADD, "member", "uid=user.3,ou=People,o=test");
			modifyRequest.addModification(ADD, "member", "uid=user.5,ou=People,o=test");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			//Check that the user membership changes were picked up.
			assertFalse(group1Instance.isMember(user2Entry));
			assertFalse(group1Instance.isMember(user4Entry));
			@@ -316,10 +304,8 @@
			//Add some nested groups and members.
			group1Instance.addNestedGroup(group2DN);
			group1Instance.addMember(user1Entry);
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			//Delete the group.
			DeleteOperation deleteOperation = conn.processDelete(group1DN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(group1DN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(group1DN));
			//Membership check should throw an exception.
			@@ -447,15 +433,10 @@
			"it didn't");
			} catch (DirectoryException ex) {}
			//Modify list via ldap modify.
			LinkedList<Modification> mods = new LinkedList<>();
			Attribute a2 = Attributes.create("member", "cn=group 2,ou=Groups,o=test");
			Attribute a3 = Attributes.create("member", "cn=group 1,ou=Groups,o=test");
			mods.add(new Modification(ModificationType.DELETE, a2));
			mods.add(new Modification(ModificationType.ADD, a3));
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyOperation modifyOperation =
			conn.processModify(group1Instance.getGroupDN(), mods);
			final ModifyRequest modifyRequest = newModifyRequest(from(group1Instance.getGroupDN()))
			.addModification(DELETE, "member", "cn=group 2,ou=Groups,o=test")
			.addModification(ADD, "member", "cn=group 1,ou=Groups,o=test");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			//Check removing a group already removed via ldap modify fails.
			try
			@@ -585,9 +566,7 @@
			groupInstance.toString(new StringBuilder());


			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -705,15 +684,10 @@


			// Modify the group and make sure the group manager gets updated accordingly
			LinkedList<Modification> mods = new LinkedList<>();
			Attribute a2 = Attributes.create("member", "uid=user.2,ou=People,o=test");
			Attribute a3 = Attributes.create("member", "uid=user.3,ou=People,o=test");
			mods.add(new Modification(ModificationType.DELETE, a2));
			mods.add(new Modification(ModificationType.ADD, a3));

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyOperation modifyOperation = conn.processModify(groupDN, mods);
			final ModifyRequest modifyRequest = newModifyRequest(from(groupDN))
			.addModification(DELETE, "member", "uid=user.2,ou=People,o=test")
			.addModification(ADD, "member", "uid=user.3,ou=People,o=test");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			groupInstance = groupManager.getGroupInstance(groupDN);
			@@ -725,7 +699,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -776,9 +750,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -896,15 +868,10 @@


			// Modify the group and make sure the group manager gets updated accordingly
			LinkedList<Modification> mods = new LinkedList<>();
			Attribute a2 = Attributes.create("uniquemember", "uid=user.2,ou=People,o=test");
			Attribute a3 = Attributes.create("uniquemember", "uid=user.3,ou=People,o=test");
			mods.add(new Modification(ModificationType.DELETE, a2));
			mods.add(new Modification(ModificationType.ADD, a3));

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyOperation modifyOperation = conn.processModify(groupDN, mods);
			final ModifyRequest modifyRequest = newModifyRequest(from(groupDN))
			.addModification(DELETE, "uniquemember", "uid=user.2,ou=People,o=test")
			.addModification(ADD, "uniquemember", "uid=user.3,ou=People,o=test");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			groupInstance = groupManager.getGroupInstance(groupDN);
			@@ -916,7 +883,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -967,9 +934,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -1087,15 +1052,10 @@


			// Modify the group and make sure the group manager gets updated accordingly
			LinkedList<Modification> mods = new LinkedList<>();
			Attribute a2 = Attributes.create("member", "uid=user.2,ou=People,o=test");
			Attribute a3 = Attributes.create("member", "uid=user.3,ou=People,o=test");
			mods.add(new Modification(ModificationType.DELETE, a2));
			mods.add(new Modification(ModificationType.ADD, a3));

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyOperation modifyOperation = conn.processModify(groupDN, mods);
			final ModifyRequest modifyRequest = newModifyRequest(from(groupDN))
			.addModification(DELETE, "member", "uid=user.2,ou=People,o=test")
			.addModification(ADD, "member", "uid=user.3,ou=People,o=test");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			groupInstance = groupManager.getGroupInstance(groupDN);
			@@ -1107,7 +1067,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -1158,9 +1118,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -1234,10 +1192,8 @@
			RDN newRDN = RDN.decode("cn=Renamed Group");
			DN newDN = DN.valueOf("cn=Renamed Group,ou=Groups,o=test");

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyDNOperation modifyDNOperation =
			conn.processModifyDN(groupDN, newRDN, true);
			getRootConnection().processModifyDN(groupDN, newRDN, true);
			assertEquals(modifyDNOperation.getResultCode(), ResultCode.SUCCESS);

			groupInstance = groupManager.getGroupInstance(groupDN);
			@@ -1250,7 +1206,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			DeleteOperation deleteOperation = conn.processDelete(newDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(newDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(newDN));
			}
			@@ -1473,21 +1429,19 @@


			// Delete all of the groups and make sure the group manager gets updated accordingly
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(group1DN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(group1DN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(group1DN));

			deleteOperation = conn.processDelete(group2DN);
			deleteOperation = getRootConnection().processDelete(group2DN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(group2DN));

			deleteOperation = conn.processDelete(group3DN);
			deleteOperation = getRootConnection().processDelete(group3DN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(group3DN));

			deleteOperation = conn.processDelete(group4DN);
			deleteOperation = getRootConnection().processDelete(group4DN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(group3DN));
			}
			@@ -1628,9 +1582,7 @@


			// Delete the group and make sure the group manager gets updated accordingly
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -1752,9 +1704,7 @@
			groupInstance.toString(new StringBuilder());


			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -1813,9 +1763,7 @@
			DynamicGroup dynamicGroup = (DynamicGroup) groupInstance;
			assertTrue(dynamicGroup.getMemberURLs().isEmpty());

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -1912,9 +1860,7 @@
			"Expected member set to be empty but it was not: " + memberSet);


			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -2012,9 +1958,7 @@
			"Expected member set to be empty but it was not: " + memberSet);


			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -2113,9 +2057,7 @@
			"Expected member set to be empty but it was not: " + memberSet);


			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}
			@@ -2218,9 +2160,7 @@
			"Expected member set to be empty but it was not: " + memberSet);


			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			DeleteOperation deleteOperation = conn.processDelete(groupDN);
			DeleteOperation deleteOperation = getRootConnection().processDelete(groupDN);
			assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
			assertNull(groupManager.getGroupInstance(groupDN));
			}

			@@ -32,11 +32,9 @@
			import org.opends.server.plugins.DisconnectClientPlugin;
			import org.opends.server.plugins.ShortCircuitPlugin;
			import org.opends.server.plugins.UpdatePreOpPlugin;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPControl;
			import org.opends.server.protocols.ldap.LDAPMessage;
			import org.opends.server.protocols.ldap.LDAPModification;
			import org.opends.server.protocols.ldap.ModifyRequestProtocolOp;
			@@ -57,7 +55,6 @@
			import org.opends.server.types.RawModification;
			import org.opends.server.types.WritabilityMode;
			import org.opends.server.util.Base64;
			import org.opends.server.util.ServerConstants;
			import org.opends.server.workflowelement.localbackend.LocalBackendModifyOperation;
			import org.testng.annotations.AfterMethod;
			import org.testng.annotations.BeforeClass;
			@@ -67,12 +64,14 @@

			import static org.assertj.core.api.Assertions.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.controls.GenericControl.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.TestCaseUtils.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.protocols.internal.Requests.*;
			import static org.opends.server.protocols.ldap.LDAPConstants.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;

			/**
			@@ -717,23 +716,9 @@
			retrieveFailedOperationElements(modifyOperation);
			}

			private ModifyOperation processModify(String entryDN, List<RawModification> mods)
			{
			InternalClientConnection conn = getRootConnection();
			return conn.processModify(ByteString.valueOfUtf8(entryDN), mods);
			}

			private ModifyOperation processModify(String entryDN, RawModification... mods)
			{
			InternalClientConnection conn = getRootConnection();
			return conn.processModify(ByteString.valueOfUtf8(entryDN), Arrays.asList(mods));
			}

			private ModifyOperation processModify(String entryDN,
			List<RawModification> mods, List<Control> requestControls)
			{
			InternalClientConnection conn = getRootConnection();
			return conn.processModify(ByteString.valueOfUtf8(entryDN), mods, requestControls);
			return getRootConnection().processModify(ByteString.valueOfUtf8(entryDN), Arrays.asList(mods));
			}

			/**
			@@ -1327,7 +1312,7 @@
			"mail: foo");

			String dn = "uid=test.user," + baseDN;
			ModifyOperation modifyOperation = processModify(dn, newRawModifications(REPLACE, "uid", "test.user"));
			ModifyOperation modifyOperation = processModify(dn, newRawModification(REPLACE, "uid", "test.user"));
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			retrieveSuccessfulOperationElements(modifyOperation);

			@@ -3000,14 +2985,10 @@
			"displayName: Test User",
			"userPassword: password");

			List<RawModification> mods = newRawModifications(ADD, "givenName", "Test");

			List<Control> requestControls = new ArrayList<>();
			requestControls.add(
			new LDAPControl(ServerConstants.OID_PERMISSIVE_MODIFY_CONTROL, false));

			ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN,
			mods, requestControls);
			ModifyRequest modifyRequest = Requests.newModifyRequest("uid=test.user," + baseDN)
			.addModification(ADD, "givenName", "Test")
			.addControl(newControl(OID_PERMISSIVE_MODIFY_CONTROL));
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			retrieveSuccessfulOperationElements(modifyOperation);
			}
			@@ -3035,14 +3016,10 @@
			"displayName: Test User",
			"userPassword: password");

			List<RawModification> mods = newRawModifications(DELETE, "givenName", "Foo");

			List<Control> requestControls = new ArrayList<>();
			requestControls.add(
			new LDAPControl(ServerConstants.OID_PERMISSIVE_MODIFY_CONTROL, false));

			ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN,
			mods, requestControls);
			ModifyRequest modifyRequest = Requests.newModifyRequest("uid=test.user," + baseDN)
			.addModification(DELETE, "givenName", "Foo")
			.addControl(newControl(OID_PERMISSIVE_MODIFY_CONTROL));
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			retrieveSuccessfulOperationElements(modifyOperation);
			}
			@@ -3070,14 +3047,10 @@
			"displayName: Test User",
			"userPassword: password");

			List<RawModification> mods = newRawModifications(DELETE, "description");

			List<Control> requestControls = new ArrayList<>();
			requestControls.add(
			new LDAPControl(ServerConstants.OID_PERMISSIVE_MODIFY_CONTROL, false));

			ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN,
			mods, requestControls);
			ModifyRequest modifyRequest = Requests.newModifyRequest("uid=test.user," + baseDN)
			.addModification(DELETE, "description")
			.addControl(newControl(OID_PERMISSIVE_MODIFY_CONTROL));
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			retrieveSuccessfulOperationElements(modifyOperation);
			}
			@@ -3463,11 +3436,9 @@
			"objectClass: top", "objectClass: person",
			"objectClass: organizationalPerson", "sn: User", "cn: Test User");

			// First check that adding "dc" fails because it is not allowed by
			// inetOrgPerson.
			List<RawModification> mods = newRawModifications(ADD, "dc", "foo");

			ModifyOperation modifyOperation = processModify("cn=Test User," + baseDN, mods);
			// First check that adding "dc" fails because it is not allowed by inetOrgPerson.
			RawModification mod = newRawModification(ADD, "dc", "foo");
			ModifyOperation modifyOperation = processModify("cn=Test User," + baseDN, mod);
			assertEquals(modifyOperation.getResultCode(), ResultCode.OBJECTCLASS_VIOLATION);

			int res = applyModifications(
			@@ -3487,7 +3458,7 @@
			try
			{
			// Modify existing entry.
			modifyOperation = processModify("cn=Test User," + baseDN, mods);
			modifyOperation = processModify("cn=Test User," + baseDN, mod);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			// Add new entry and modify.
			@@ -3495,7 +3466,7 @@
			"objectClass: top", "objectClass: person",
			"objectClass: organizationalPerson", "sn: User2", "cn: Test User2");

			modifyOperation = processModify("cn=Test User2," + baseDN, mods);
			modifyOperation = processModify("cn=Test User2," + baseDN, mod);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}
			finally
			@@ -3520,7 +3491,7 @@
			"objectClass: top", "objectClass: person",
			"objectClass: organizationalPerson", "sn: User3", "cn: Test User3");

			modifyOperation = processModify("cn=Test User3," + baseDN, mods);
			modifyOperation = processModify("cn=Test User3," + baseDN, mod);
			assertEquals(modifyOperation.getResultCode(), ResultCode.OBJECTCLASS_VIOLATION);
			}
			}

			@@ -12,143 +12,131 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2008 Sun Microsystems, Inc.
			* Portions Copyright 2014-2015 ForgeRock AS.
			* Portions Copyright 2014-2016 ForgeRock AS.
			*/
			package org.opends.server.core;



			import java.net.Socket;
			import java.util.ArrayList;
			import java.util.concurrent.atomic.AtomicInteger;
			import java.io.UnsupportedEncodingException;
			import java.io.IOException;
			import java.util.List;

			import org.testng.annotations.Test;
			import org.testng.annotations.BeforeClass;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.ByteString;
			import org.opends.server.protocols.ldap.LDAPMessage;
			import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
			import org.opends.server.tools.*;
			import static org.testng.Assert.*;
			import org.opends.server.tools.LDAPAuthenticationHandler;
			import org.opends.server.tools.LDAPCompare;
			import org.opends.server.tools.LDAPDelete;
			import org.opends.server.tools.LDAPModify;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.AuthenticationInfo;
			import org.opends.server.types.Control;
			import org.opends.server.types.DN;
			import org.opends.server.types.LDAPException;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			import static org.opends.server.TestCaseUtils.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.ServerConstants.*;
			import com.forgerock.opendj.cli.ClientException;


			import static org.testng.Assert.*;

			/**
			* A set of testcases for configuration attribute
			* "ds-cfg-reject-unauthenticated-requests".
			*/

			@SuppressWarnings("javadoc")
			public class RejectUnauthReqTests extends CoreTestCase
			{
			private class Args
			{
			private final List<String> args = new ArrayList<>();

			public void add(String arg)
			{
			args.add(arg);
			}

			public void add(String arg, Object value)
			{
			args.add(arg);
			args.add(value.toString());
			}

			public String[] toArray()
			{
			return args.toArray(new String[args.size()]);
			}

			@Override
			public String toString()
			{
			return args.toString();
			}
			}

			/**
			* Utility method which is called by the testcase sending an ADD
			* request.
			* Utility method which is called by the testcase sending an ADD request.
			*
			* @param authentication
			* @param authenticate
			* The flag to set the authentication on and off.
			* @return The error code of operation performed.
			* @throws Exception
			* If an unexpected problem occurs.
			*/
			private int performAddOperation(boolean authentication) throws Exception
			private int performAddOperation(boolean authenticate) throws Exception
			{
			String filePath = TestCaseUtils.createTempFile(
			"dn: o=rejectTestCase,o=test", "objectclass: top",
			"objectclass: organization", "o: rejectTestCase",
			"description: Reject Test Case");
			String[] args = null;
			if (authentication)
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=directory manager",
			"-w",
			"password",
			"-a",
			"-f",
			filePath,
			};
			}
			else
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-a",
			"-f",
			filePath,
			};
			}
			return LDAPModify.mainModify(args, false, null, null);
			return LDAPModify.mainModify(addArgs(authenticate, filePath), false, null, null);
			}

			private String[] modifyArgs(boolean authenticate, String filePath)
			{
			return args(authenticate, false, filePath);
			}

			private String[] addArgs(boolean authenticate, String filePath)
			{
			return args(authenticate, true, filePath);
			}

			private String[] args(boolean authenticate, boolean add, String filePath)
			{
			Args args = new Args();
			args.add("--noPropertiesFile");
			args.add("-h", "127.0.0.1");
			args.add("-p", TestCaseUtils.getServerLdapPort());
			if (authenticate)
			{
			args.add("-D", "cn=directory manager");
			args.add("-w", "password");
			}
			if (add)
			{
			args.add("-a");
			}
			args.add("-f", filePath);
			return args.toArray();
			}

			/**
			* Utility method which is called by the testcase sending a MODIFY
			* request.
			* Utility method which is called by the testcase sending a MODIFY request.
			*
			* @param authentication
			* @param authenticate
			* The flag to set the authentication on and off.
			* @return The error code of operation performed.
			* @throws Exception
			* If an unexpected problem occurs.
			*/
			private int performModifyOperation(boolean authentication) throws Exception
			private int performModifyOperation(boolean authenticate) throws Exception
			{
			String path = TestCaseUtils.createTempFile("dn: o=rejectTestCase,o=test",
			"changetype: modify", "replace: description",
			"description: New Description");
			String[] args = null;
			if (authentication)
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=directory manager",
			"-w",
			"password",
			"-f",
			path
			};
			}
			else
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-f",
			path
			};
			}
			return LDAPModify.mainModify(args, false, null, null);
			return LDAPModify.mainModify(modifyArgs(authenticate, path), false, null, null);
			}


			@@ -165,42 +153,23 @@
			*/
			private int performCompareOperation(boolean authentication) throws Exception
			{
			String[] args = null;
			if (authentication)
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=Directory Manager",
			"-w",
			"password",
			"o:test",
			"o=test"
			};
			}
			else
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"o:test",
			"o=test"
			};
			}

			return LDAPCompare.mainCompare(args, false, null, null);
			return LDAPCompare.mainCompare(compareArgs(authentication), false, null, null);
			}


			private String[] compareArgs(boolean authenticate)
			{
			Args args = new Args();
			args.add("--noPropertiesFile");
			args.add("-h", "127.0.0.1");
			args.add("-p", TestCaseUtils.getServerLdapPort());
			if (authenticate)
			{
			args.add("-D", "cn=Directory Manager");
			args.add("-w", "password");
			}
			args.add("o:test", "o=test");
			return args.toArray();
			}

			/**
			* Utility method which is called by the testcase sending a MODRDN
			@@ -217,41 +186,23 @@
			String path = TestCaseUtils
			.createTempFile("dn: o=rejectTestCase,o=Test", "changetype: modrdn",
			"newrdn: o=mod_rejectTestCase", "deleteoldrdn: 0");
			String[] args = null;
			if (authentication)
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=directory manager",
			"-w",
			"password",
			"-f",
			path
			};
			}
			else
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-f",
			path
			};
			}
			return LDAPModify.mainModify(args, false, null, null);
			return LDAPModify.mainModify(modRdnArgs(authentication, path), false, null, null);
			}


			private String[] modRdnArgs(boolean authenticate, String path)
			{
			Args args = new Args();
			args.add("--noPropertiesFile");
			args.add("-h", "127.0.0.1");
			args.add("-p", TestCaseUtils.getServerLdapPort());
			if (authenticate)
			{
			args.add("-D", "cn=directory manager");
			args.add("-w", "password");
			}
			args.add("-f", path);
			return args.toArray();
			}

			/**
			* Utility method which is called by the testcase sending a DELETE
			@@ -265,41 +216,24 @@
			*/
			private int performDeleteOperation(boolean authentication) throws Exception
			{
			String[] args = null;
			if (authentication)
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-V",
			"3",
			"-D",
			"cn=Directory Manager",
			"-w",
			"password",
			"o=mod_rejectTestCase,o=test"
			};
			}
			else
			{
			args = new String[]
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"o=mod_rejectTestCase,o=test"
			};
			}
			return LDAPDelete.mainDelete(args, false, null, null);
			return LDAPDelete.mainDelete(deleteArgs(authentication), false, null, null);
			}


			private String[] deleteArgs(boolean authenticate)
			{
			Args args = new Args();
			args.add("--noPropertiesFile");
			args.add("-h", "127.0.0.1");
			args.add("-p", TestCaseUtils.getServerLdapPort());
			if (authenticate)
			{
			args.add("-V", "3");
			args.add("-D", "cn=Directory Manager");
			args.add("-w", "password");
			}
			args.add("o=mod_rejectTestCase,o=test");
			return args.toArray();
			}

			/**
			* Ensures that the Directory Server is running before executing the
			@@ -315,70 +249,55 @@
			TestCaseUtils.initializeTestBackend(true);
			}

			private enum Auth
			{
			ANONYMOUS, SIMPLE, START_TLS
			}

			private String[] searchArgs(Auth auth)
			{
			Args args = new Args();
			args.add("--noPropertiesFile");
			args.add("-h", "127.0.0.1");
			args.add("-p", TestCaseUtils.getServerLdapPort());
			if (!Auth.ANONYMOUS.equals(auth))
			{
			args.add("-D", "cn=Directory Manager");
			args.add("-w", "password");
			}
			if (Auth.START_TLS.equals(auth))
			{
			args.add("-q");
			args.add("-X");
			}
			args.add("-b", "");
			args.add("-s", "base");
			args.add("(objectClass=*)");
			return args.toArray();
			}

			/**
			* Tests whether an authenticated SEARCH request will be allowed
			* with the default configuration settings for
			* "ds-cfg-reject-unauthenticated-requests".
			* Tests whether an authenticated SEARCH request will be allowed with the default configuration
			* settings for "ds-cfg-reject-unauthenticated-requests".
			*/
			@Test
			public void testAuthSearchDefCfg()
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			String[] args =
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=Directory Manager",
			"-w",
			"password",
			"-b",
			"",
			"-s",
			"base",
			"(objectClass=*)"
			};

			assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
			assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.SIMPLE), false, null, System.err), 0);
			}



			/**
			* Tests whether an unauthenticated SEARCH request will be allowed
			* with the default configuration settings for
			* "ds-cfg-reject-unauthenticated-requests".
			* Tests whether an unauthenticated SEARCH request will be allowed with the default configuration
			* settings for "ds-cfg-reject-unauthenticated-requests".
			*/
			@Test
			public void testUnauthSearchDefCfg()
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			String[] args =
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b",
			"",
			"-s",
			"base",
			"(objectClass=*)"
			};

			assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
			assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.ANONYMOUS), false, null, System.err), 0);
			}



			/**
			* Tests whether an authenticated BIND request will be allowed with
			* the default configuration settings for
			@@ -389,8 +308,7 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			InternalClientConnection conn = new InternalClientConnection(
			new AuthenticationInfo());
			InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
			ByteString user = ByteString.valueOfUtf8("cn=Directory Manager");
			ByteString password = ByteString.valueOfUtf8("password");
			BindOperation bindOperation = conn.processSimpleBind(user, password);
			@@ -409,8 +327,7 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			InternalClientConnection conn = new InternalClientConnection(
			new AuthenticationInfo());
			InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
			BindOperation bindOperation = conn.processSimpleBind(DN.rootDN(), null);
			assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
			}
			@@ -430,23 +347,16 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
			authHandler.doSimpleBind(3, ByteString.valueOfUtf8("cn=Directory Manager"),
			ByteString.valueOfUtf8("password"), new ArrayList<Control>(),
			new ArrayList<Control>());
			assertNotNull(authHandler.requestAuthorizationIdentity());

			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler = new LDAPAuthenticationHandler(
			reader, writer, "localhost", nextMessageID);
			authHandler.doSimpleBind(3, ByteString.valueOfUtf8("cn=Directory Manager"),
			ByteString.valueOfUtf8("password"), new ArrayList<Control>(),
			new ArrayList<Control>());
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNotNull(authzID);

			LDAPMessage unbindMessage = new LDAPMessage(
			nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			conn.unbind();
			}
			}


			@@ -464,20 +374,12 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);

			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler = new LDAPAuthenticationHandler(
			reader, writer, "localhost", nextMessageID);
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNull(authzID);

			LDAPMessage unbindMessage = new LDAPMessage(
			nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
			assertNull(authHandler.requestAuthorizationIdentity());
			conn.unbind();
			}
			}


			@@ -494,31 +396,9 @@
			public void testStartTLSUnauthDefCfg() throws Exception
			{
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			String[] argSearch =
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=directory manager",
			"-w",
			"password",
			"-q",
			"-X",
			"-b",
			"",
			"-s",
			"base",
			"(objectClass=*)"
			};
			assertEquals(LDAPSearch.mainSearch(argSearch, false, null, System.err), 0);
			assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.START_TLS), false, null, System.err), 0);
			}



			/**
			* Tests the whether the authenticated ADD,MODIFY,COMPARE,MODRDN and
			* DELETE requests succeed with the default configuration settings.
			@@ -532,13 +412,9 @@
			DirectoryServer.setRejectUnauthenticatedRequests(false);

			assertEquals(performAddOperation(true), 0);

			assertEquals(performModifyOperation(true), 0);

			assertEquals(performCompareOperation(true), 0);

			assertEquals(performModRdnOperation(true), 0);

			assertEquals(performDeleteOperation(true), 0);
			}

			@@ -558,13 +434,9 @@
			public void testOtherOpsUnauthDefCfg() throws Exception
			{
			assertEquals(performAddOperation(false), 0);

			assertEquals(performModifyOperation(false), 0);

			assertEquals(performCompareOperation(false), 0);

			assertEquals(performModRdnOperation(false), 0);

			assertEquals(performDeleteOperation(false), 0);
			}

			@@ -582,40 +454,8 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			String[] args =
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-b",
			"",
			"-s",
			"base",
			"(objectClass=*)"
			};

			assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);

			String[] authArgs =
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=Directory Manager",
			"-w",
			"password",
			"-b",
			"",
			"-s",
			"base",
			"(objectClass=*)"
			};
			assertEquals(LDAPSearch.mainSearch(authArgs, false, null, System.err), 0);
			assertFalse(LDAPSearch.mainSearch(searchArgs(Auth.ANONYMOUS), false, null, null) == 0);
			assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.START_TLS), false, null, System.err), 0);
			}
			finally
			{
			@@ -623,8 +463,6 @@
			}
			}



			/**
			* Tests whether authenticated and unauthenticated BIND requests
			* will be allowed with the new configuration settings for
			@@ -637,8 +475,7 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			InternalClientConnection conn = new InternalClientConnection(
			new AuthenticationInfo());
			InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
			ByteString user = ByteString.valueOfUtf8("cn=Directory Manager");
			ByteString password = ByteString.valueOfUtf8("password");
			// Unauthenticated BIND request.
			@@ -671,26 +508,7 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			String[] argSearch =
			{
			"--noPropertiesFile",
			"-h",
			"127.0.0.1",
			"-p",
			String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D",
			"cn=directory manager",
			"-w",
			"password",
			"-q",
			"-X",
			"-b",
			"",
			"-s",
			"base",
			"(objectClass=*)"
			};
			assertEquals(LDAPSearch.mainSearch(argSearch, false, null, System.err), 0);
			assertEquals(LDAPSearch.mainSearch(searchArgs(Auth.START_TLS), false, null, System.err), 0);
			}
			finally
			{
			@@ -715,10 +533,7 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			InternalClientConnection conn = InternalClientConnection
			.getRootConnection();
			ExtendedOperation extOp = conn.processExtendedOperation(
			OID_WHO_AM_I_REQUEST, null);
			ExtendedOperation extOp = getRootConnection().processExtendedOperation(OID_WHO_AM_I_REQUEST, null);
			assertEquals(extOp.getResultCode(), ResultCode.SUCCESS);
			assertNotNull(extOp.getResponseValue());
			}
			@@ -734,43 +549,26 @@
			* Tests whether the who am I? extended operation with an
			* unauthenticated connection fails with new setting of
			* "ds-cfg-reject-unauthenticated-requests".
			*
			* @throws UnsupportedEncodingException
			* If an unexpected problem occurs.
			* @throws IOException
			* If an unexpected problem occurs.
			* @throws ClientException
			* If an unexpected problem occurs.
			*/
			@Test
			public void testUnauthWAINewCfg() throws UnsupportedEncodingException,
			IOException, ClientException
			public void testUnauthWAINewCfg() throws Exception
			{
			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler = new LDAPAuthenticationHandler(
			reader, writer, "localhost", nextMessageID);
			ByteString authzID = null;
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
			try
			{
			authzID = authHandler.requestAuthorizationIdentity();
			authHandler.requestAuthorizationIdentity();
			fail();
			}
			catch (LDAPException e)
			catch (LDAPException expected)
			{
			assertNull(authzID);
			}
			finally
			{
			LDAPMessage unbindMessage = new LDAPMessage(nextMessageID
			.getAndIncrement(), new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			conn.unbind();
			}
			}
			finally
			@@ -796,13 +594,9 @@
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			assertEquals(performAddOperation(true), 0);

			assertEquals(performModifyOperation(true), 0);

			assertEquals(performCompareOperation(true), 0);

			assertEquals(performModRdnOperation(true), 0);

			assertEquals(performDeleteOperation(true), 0);
			}
			finally
			@@ -827,15 +621,11 @@
			{
			DirectoryServer.setRejectUnauthenticatedRequests(true);

			assertFalse(performAddOperation(false) == 0);

			assertFalse(performModifyOperation(false) == 0);

			assertFalse(performCompareOperation(false) == 0);

			assertFalse(performModRdnOperation(false) == 0);

			assertFalse(performDeleteOperation(false) == 0);
			assertNotEquals(performAddOperation(false), 0);
			assertNotEquals(performModifyOperation(false), 0);
			assertNotEquals(performCompareOperation(false), 0);
			assertNotEquals(performModRdnOperation(false), 0);
			assertNotEquals(performDeleteOperation(false), 0);
			}
			finally
			{

			@@ -38,7 +38,6 @@
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.protocols.internal.Requests;
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.protocols.ldap.BindResponseProtocolOp;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPConstants;
			import org.opends.server.protocols.ldap.LDAPControl;
			@@ -281,9 +280,7 @@
			assertTrue(DirectoryServer.getWorkQueue().waitUntilIdle(10000));

			InvocationCounterPlugin.resetAllCounters();
			LDAPMessage message = conn.bind("cn=Directory Manager", "password");
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
			conn.bind("cn=Directory Manager", "password");
			}

			@Test

			@@ -17,16 +17,20 @@

			import java.util.Arrays;
			import java.util.Collections;
			import java.util.List;
			import java.util.SortedSet;
			import java.util.TreeSet;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.Filter;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.controls.AssertionRequestControl;
			import org.forgerock.opendj.ldap.controls.PostReadRequestControl;
			import org.forgerock.opendj.ldap.controls.PreReadRequestControl;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.mockito.ArgumentCaptor;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.ConfigurationChangeListener;
			@@ -36,10 +40,7 @@
			import org.opends.server.admin.std.meta.VirtualAttributeCfgDefn.Scope;
			import org.opends.server.admin.std.server.EntityTagVirtualAttributeCfg;
			import org.opends.server.admin.std.server.VirtualAttributeCfg;
			import org.opends.server.controls.LDAPAssertionRequestControl;
			import org.opends.server.controls.LDAPPostReadRequestControl;
			import org.opends.server.controls.LDAPPostReadResponseControl;
			import org.opends.server.controls.LDAPPreReadRequestControl;
			import org.opends.server.controls.LDAPPreReadResponseControl;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			@@ -48,26 +49,22 @@
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.protocols.internal.Requests;
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.protocols.ldap.LDAPFilter;
			import org.opends.server.types.Attribute;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.Control;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.Modification;
			import org.opends.server.types.SearchFilter;
			import org.opends.server.types.VirtualAttributeRule;
			import org.opends.server.util.StaticUtils;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			import static java.util.Collections.*;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.mockito.Mockito.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.testng.Assert.*;

			/**
			@@ -501,13 +498,13 @@
			Entry e1 = readEntry(userDN);
			String etag1 = e1.parseAttribute(ETAG).asString();
			assertNotNull(etag1);
			AssertionRequestControl ctrl = AssertionRequestControl.newControl(true, Filter.equality(ETAG, etag1));

			// Apply a change using the assertion control for optimistic concurrency.
			Attribute attr = Attributes.create(DESCRIPTION, "first modify");
			List<Modification> mods = newArrayList(new Modification(ModificationType.REPLACE, attr));
			Control c = new LDAPAssertionRequestControl(true, LDAPFilter.createEqualityFilter(ETAG, ByteString.valueOfUtf8(etag1)));
			List<Control> ctrls = Collections.singletonList(c);
			ModifyOperation modifyOperation = conn.processModify(userDN, mods, ctrls);
			ModifyRequest modifyRequest = newModifyRequest(from(userDN))
			.addModification(REPLACE, DESCRIPTION, "first modify")
			.addControl(ctrl);
			ModifyOperation modifyOperation = conn.processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			// Reread the entry and check that the description has been added and that
			@@ -518,14 +515,13 @@
			assertNotNull(etag2);
			assertFalse(etag1.equals(etag2));

			String description2 = e2.parseAttribute(DESCRIPTION).asString();
			assertNotNull(description2);
			assertEquals(description2, "first modify");
			String description2 = assertDescriptionValue(e2, "first modify");

			// Simulate a concurrent update: perform another update using the old etag.
			Attribute attr2 = Attributes.create(DESCRIPTION, "second modify");
			mods = newArrayList(new Modification(ModificationType.REPLACE, attr2));
			modifyOperation = conn.processModify(userDN, mods, ctrls);
			modifyRequest = newModifyRequest(from(userDN))
			.addModification(REPLACE, DESCRIPTION, "second modify")
			.addControl(ctrl);
			modifyOperation = conn.processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.ASSERTION_FAILED);

			// Reread the entry and check that the description and etag have not changed
			@@ -535,9 +531,7 @@
			assertNotNull(etag3);
			assertEquals(etag2, etag3);

			String description3 = e3.parseAttribute(DESCRIPTION).asString();
			assertNotNull(description3);
			assertEquals(description3, description2);
			assertDescriptionValue(e3, description2);
			}

			/**
			@@ -582,10 +576,10 @@
			assertNotNull(etag1);

			// Apply a change using the pre and post read controls.
			Attribute attr = Attributes.create(DESCRIPTION, "modified value");
			List<Modification> mods = newArrayList(new Modification(ModificationType.REPLACE, attr));
			List<Control> ctrls = singletonList((Control) new LDAPPreReadRequestControl(true, singleton(ETAG)));
			ModifyOperation modifyOperation = conn.processModify(userDN, mods, ctrls);
			ModifyRequest modifyRequest = newModifyRequest(from(userDN))
			.addModification(REPLACE, DESCRIPTION, "modified value")
			.addControl(PreReadRequestControl.newControl(true, ETAG));
			ModifyOperation modifyOperation = conn.processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			// Reread the entry and check that the description has been added and that
			@@ -596,9 +590,7 @@
			assertNotNull(etag2);
			assertFalse(etag1.equals(etag2));

			String description2 = e2.parseAttribute(DESCRIPTION).asString();
			assertNotNull(description2);
			assertEquals(description2, "modified value");
			assertDescriptionValue(e2, "modified value");

			// Now check that the pre-read is the same as the initial etag.
			LDAPPreReadResponseControl preReadControl = getLDAPPreReadResponseControl(modifyOperation);
			@@ -606,6 +598,14 @@
			assertEquals(etagPreRead, etag1);
			}

			private String assertDescriptionValue(Entry entry, String expected)
			{
			String description = entry.parseAttribute(DESCRIPTION).asString();
			assertNotNull(description);
			assertEquals(description, expected);
			return description;
			}

			/**
			* Tests that the etag returned with a post-read control after a modify
			* operation is correct. See OPENDJ-861.
			@@ -648,10 +648,10 @@
			assertNotNull(etag1);

			// Apply a change using the pre and post read controls.
			Attribute attr = Attributes.create(DESCRIPTION, "modified value");
			List<Modification> mods = newArrayList(new Modification(ModificationType.REPLACE, attr));
			List<Control> ctrls = singletonList((Control) new LDAPPostReadRequestControl(true, singleton(ETAG)));
			ModifyOperation modifyOperation = conn.processModify(userDN, mods, ctrls);
			ModifyRequest modifyRequest = newModifyRequest(from(userDN))
			.addModification(REPLACE, DESCRIPTION, "modified value")
			.addControl(PostReadRequestControl.newControl(true, ETAG));
			ModifyOperation modifyOperation = conn.processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			// Reread the entry and check that the description has been added and that
			@@ -662,9 +662,7 @@
			assertNotNull(etag2);
			assertFalse(etag1.equals(etag2));

			String description2 = e2.parseAttribute(DESCRIPTION).asString();
			assertNotNull(description2);
			assertEquals(description2, "modified value");
			assertDescriptionValue(e2, "modified value");

			// Now check that the post-read is the same as the initial etag.
			LDAPPostReadResponseControl postReadControl = getLDAPPostReadResponseControl(modifyOperation);

			@@ -21,8 +21,9 @@

			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.AdminTestCaseUtils;
			import org.opends.server.admin.std.meta.ExactMatchIdentityMapperCfgDefn;
			@@ -30,25 +31,26 @@
			import org.opends.server.api.IdentityMapper;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPModification;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.types.*;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.InitializationException;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.testng.Assert.*;

			/**
			* A set of test cases for the exact match identity mapper.
			*/
			/** A set of test cases for the exact match identity mapper. */
			public class ExactMatchIdentityMapperTestCase
			extends ExtensionsTestCase
			{
			private static final String MAPPER_DN = "cn=Exact Match,cn=Identity Mappers,cn=config";

			/**
			* Ensures that the Directory Server is running.
			*
			@@ -266,7 +268,7 @@
			public void testMapperEnabled()
			throws Exception
			{
			DN mapperDN = DN.valueOf("cn=Exact Match,cn=Identity Mappers,cn=config");
			DN mapperDN = DN.valueOf(MAPPER_DN);
			IdentityMapper mapper = DirectoryServer.getIdentityMapper(mapperDN);
			assertNotNull(mapper);
			assertTrue(mapper instanceof ExactMatchIdentityMapper);
			@@ -762,8 +764,7 @@
			public void testChangingMapAttribute()
			throws Exception
			{
			String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
			DN mapperDN = DN.valueOf(mapperDNString);
			DN mapperDN = DN.valueOf(MAPPER_DN);
			IdentityMapper mapper = DirectoryServer.getIdentityMapper(mapperDN);
			assertNotNull(mapper);
			assertTrue(mapper instanceof ExactMatchIdentityMapper);
			@@ -794,18 +795,11 @@
			assertNull(mappedEntry);


			InternalClientConnection conn = getRootConnection();
			// Create a modification to change the map attribute from uid to cn.
			ArrayList<ByteString> values = newArrayList(ByteString.valueOfUtf8("cn"));

			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE,
			new LDAPAttribute("ds-cfg-match-attribute",
			values)));
			ModifyOperation modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-attribute", "cn");
			processModifyIsSuccessful(modifyRequest);

			// Verify that "test" no longer works but "test user" does.
			mappedEntry = mapper.getEntryForID("test");
			@@ -817,10 +811,9 @@


			// Change the configuration back to the way it was.
			values.set(0, ByteString.valueOfUtf8("uid"));
			modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			ModifyRequest modifyRequest2 = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-attribute", "uid");
			processModifyIsSuccessful(modifyRequest2);


			// Verify that the original matching pattern is back.
			@@ -844,8 +837,7 @@
			public void testChangingMapBaseDN()
			throws Exception
			{
			String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
			DN mapperDN = DN.valueOf(mapperDNString);
			DN mapperDN = DN.valueOf(MAPPER_DN);
			IdentityMapper mapper = DirectoryServer.getIdentityMapper(mapperDN);
			assertNotNull(mapper);
			assertTrue(mapper instanceof ExactMatchIdentityMapper);
			@@ -872,17 +864,10 @@
			assertEquals(mappedEntry.getName(), DN.valueOf("uid=test,o=test"));


			InternalClientConnection conn = getRootConnection();
			// Create a modification to set the map base DN to "dc=example,dc=com".
			ArrayList<ByteString> values = newArrayList(ByteString.valueOfUtf8("dc=example,dc=com"));

			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE,
			new LDAPAttribute("ds-cfg-match-base-dn",
			values)));
			ModifyOperation modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-base-dn", "dc=example,dc=com");
			processModifyIsSuccessful(modifyRequest);


			// Verify that we can't find the user anymore.
			@@ -891,10 +876,9 @@


			// Change the base DN to "o=test".
			values.set(0, ByteString.valueOfUtf8("o=test"));
			modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-base-dn", "o=test");
			processModifyIsSuccessful(modifyRequest);


			// Verify that we can retrieve the user again.
			@@ -904,10 +888,9 @@


			// Change the configuration back to its original setting.
			values.clear();
			modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-base-dn");
			processModifyIsSuccessful(modifyRequest);


			// Verify that we can still retrieve the user.
			@@ -916,8 +899,6 @@
			assertEquals(mappedEntry.getName(), DN.valueOf("uid=test,o=test"));
			}



			/**
			* Tests that an internal modification to remove the match attribute will be
			* rejected.
			@@ -929,15 +910,9 @@
			throws Exception
			{
			// Create a modification to remove the match attribute.
			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE,
			new LDAPAttribute("ds-cfg-match-attribute")));
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
			ModifyOperation modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-attribute");
			processModifyIsNotSuccessful(modifyRequest);
			}


			@@ -953,15 +928,9 @@
			throws Exception
			{
			// Create a modification to remove the match attribute.
			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE,
			new LDAPAttribute("ds-cfg-match-attribute", "undefinedAttribute")));
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
			ModifyOperation modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-attribute", "undefinedAttribute");
			processModifyIsNotSuccessful(modifyRequest);
			}


			@@ -977,14 +946,20 @@
			throws Exception
			{
			// Create a modification to remove the match attribute.
			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE,
			new LDAPAttribute("ds-cfg-match-base-dn", "invalidDN")));
			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			String mapperDNString = "cn=Exact Match,cn=Identity Mappers,cn=config";
			ModifyOperation modifyOperation =
			conn.processModify(ByteString.valueOfUtf8(mapperDNString), mods);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			ModifyRequest modifyRequest = newModifyRequest(MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-match-base-dn", "invalidDN");
			processModifyIsNotSuccessful(modifyRequest);
			}

			private void processModifyIsSuccessful(ModifyRequest modifyRequest)
			{
			ModifyOperation op = getRootConnection().processModify(modifyRequest);
			assertEquals(op.getResultCode(), ResultCode.SUCCESS);
			}

			private void processModifyIsNotSuccessful(ModifyRequest modifyRequest)
			{
			ModifyOperation op = getRootConnection().processModify(modifyRequest);
			assertNotSame(op.getResultCode(), ResultCode.SUCCESS);
			}
			}

			@@ -12,13 +12,12 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2006-2008 Sun Microsystems, Inc.
			* Portions Copyright 2012-2015 ForgeRock AS.
			* Portions Copyright 2012-2016 ForgeRock AS.
			*/
			package org.opends.server.extensions;

			import java.io.File;
			import java.io.FileInputStream;
			import java.net.Socket;
			import java.security.KeyStore;
			import java.util.ArrayList;
			import java.util.List;
			@@ -37,9 +36,8 @@
			import org.opends.server.protocols.ldap.BindRequestProtocolOp;
			import org.opends.server.protocols.ldap.BindResponseProtocolOp;
			import org.opends.server.protocols.ldap.LDAPMessage;
			import org.opends.server.tools.LDAPReader;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.tools.LDAPWriter;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.Entry;
			@@ -279,20 +277,14 @@
			{
			TestCaseUtils.initializeTestBackend(true);

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			conn.writeMessage(new BindRequestProtocolOp(ByteString.empty(), "EXTERNAL", null));

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.empty(), "EXTERNAL", null);
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);

			message = reader.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertFalse(bindResponse.getResultCode() == 0);

			s.close();
			LDAPMessage message = conn.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertFalse(bindResponse.getResultCode() == 0);
			}
			}

			@@ -17,16 +17,16 @@
			package org.opends.server.extensions;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.testng.Assert.*;

			import java.io.File;
			import java.util.ArrayList;
			import java.util.List;

			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.AdminTestCaseUtils;
			import org.opends.server.admin.std.meta.FingerprintCertificateMapperCfgDefn;
			@@ -34,12 +34,9 @@
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.InitializationException;
			import org.opends.server.types.Modification;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;
			@@ -50,6 +47,8 @@
			public class FingerprintCertificateMapperTestCase
			extends ExtensionsTestCase
			{
			private static final String FINGERPRINT_MAPPER_DN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

			/**
			* Ensures that the Directory Server is running.
			*
			@@ -431,18 +430,9 @@
			@Test
			public void testRemoveFingerprintAttribute() throws Exception
			{
			String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

			Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-fingerprint-attribute"));

			ArrayList<Modification> mods = newArrayList(new Modification(DELETE, a));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			delete(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-attribute");
			}



			/**
			* Tests to ensure that an attempt to remove the fingerprint algorithm will fail.
			*
			@@ -451,18 +441,9 @@
			@Test
			public void testRemoveFingerprintAlgorithm() throws Exception
			{
			String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

			Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-fingerprint-algorithm"));

			ArrayList<Modification> mods = newArrayList(new Modification(DELETE, a));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			delete(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-algorithm");
			}



			/**
			* Tests to ensure that an attmept to set an undefined fingerprint attribute
			* will fail.
			@@ -494,15 +475,17 @@


			/**
			* Tests to ensure that an attmept to set an invalid base DN will fail.
			* Tests to ensure that an attempt to set an invalid base DN will fail.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test(expectedExceptions = { AssertionError.class })
			public void testSetInvalidBaseDN()
			throws Exception
			@Test
			public void testSetInvalidBaseDN() throws Exception
			{
			setBaseDNs(new String[] { "invalid" });
			ModifyRequest modifyRequest = newModifyRequest(FINGERPRINT_MAPPER_DN)
			.addModification(REPLACE, "ds-cfg-user-base-dn", "invalid");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.INVALID_ATTRIBUTE_SYNTAX);
			}


			@@ -513,17 +496,9 @@
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void enableMapper()
			throws Exception
			private void enableMapper() throws Exception
			{
			String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
			String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

			ArrayList<Modification> mods = newArrayList(
			new Modification(REPLACE, Attributes.create("ds-cfg-certificate-mapper", mapperDN)));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(externalDN), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			replace("cn=EXTERNAL,cn=SASL Mechanisms,cn=config", "ds-cfg-certificate-mapper", FINGERPRINT_MAPPER_DN);
			}


			@@ -534,17 +509,11 @@
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void disableMapper()
			throws Exception
			private void disableMapper() throws Exception
			{
			String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
			String mapperDN = "cn=Subject Equals DN,cn=Certificate Mappers,cn=config";

			ArrayList<Modification> mods = newArrayList(
			new Modification(REPLACE, Attributes.create("ds-cfg-certificate-mapper", mapperDN)));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(externalDN), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			replace("cn=EXTERNAL,cn=SASL Mechanisms,cn=config", "ds-cfg-certificate-mapper", mapperDN);
			}


			@@ -558,19 +527,24 @@
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void setFingerprintAttribute(String attrName)
			throws Exception
			private void setFingerprintAttribute(String attrName) throws Exception
			{
			String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";
			replace(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-attribute", attrName);
			}

			ArrayList<Modification> mods = newArrayList(
			new Modification(REPLACE, Attributes.create("ds-cfg-fingerprint-attribute", attrName)));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			private void replace(String mapperDN, String attrName, String attrValues) throws DirectoryException
			{
			ModifyRequest modifyRequest = newModifyRequest(mapperDN).addModification(REPLACE, attrName, attrValues);
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}


			private void delete(String mapperDN, String attrName) throws DirectoryException
			{
			ModifyRequest modifyRequest = newModifyRequest(mapperDN).addModification(DELETE, attrName);
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}

			/**
			* Alters the configuration of the fingerprint certificate mapper so that it
			@@ -583,37 +557,7 @@
			private void setFingerprintAlgorithm(String algorithm)
			throws Exception
			{
			String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

			ArrayList<Modification> mods = newArrayList(
			new Modification(REPLACE, Attributes.create("ds-cfg-fingerprint-algorithm", algorithm)));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}



			/**
			* Alters the configuration of the Subject DN to User Attribute certificate
			* mapper so that it will look for the subject DN below the specified set of
			* base DNs.
			*
			* @param baseDNs The set of base DNs to use when mapping certificates to
			* users.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void setBaseDNs(String[] baseDNs)
			throws Exception
			{
			String mapperDN = "cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config";

			ArrayList<Modification> mods = newArrayList(
			new Modification(REPLACE, Attributes.create("ds-cfg-user-base-dn", baseDNs)));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			replace(FINGERPRINT_MAPPER_DN, "ds-cfg-fingerprint-algorithm", algorithm);
			}

			/**

			@@ -23,8 +23,9 @@
			import org.forgerock.opendj.io.ASN1Writer;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ByteStringBuilder;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.AdminTestCaseUtils;
			@@ -36,21 +37,19 @@
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.tools.LDAPPasswordModify;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.AuthenticationInfo;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.InitializationException;
			import org.opends.server.types.Modification;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.extensions.ExtensionsConstants.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;

			@@ -1419,7 +1418,7 @@

			String dnStr = "cn=Default Password Policy,cn=Password Policies,cn=config";
			String attr = "ds-cfg-password-generator";
			applyPwdPolicyMods(dnStr, attr, null);
			applyPwdPolicyMods(dnStr, attr);


			String[] args =
			@@ -1454,7 +1453,7 @@

			String dnStr = "cn=Default Password Policy,cn=Password Policies,cn=config";
			String attr = "ds-cfg-password-generator";
			applyPwdPolicyMods(dnStr, attr, null);
			applyPwdPolicyMods(dnStr, attr);

			String[] args =
			{
			@@ -1506,7 +1505,7 @@
			assertFalse(0 == LDAPPasswordModify.mainPasswordModify(args, false, null, null));
			}
			finally {
			applyPwdPolicyMods(dnStr, attr, null);
			applyPwdPolicyMods(dnStr, attr);
			}
			}

			@@ -1543,7 +1542,7 @@
			assertFalse(0 == LDAPPasswordModify.mainPasswordModify(args, false, null, null));
			}
			finally {
			applyPwdPolicyMods(dnStr, attr, null);
			applyPwdPolicyMods(dnStr, attr);
			}
			}

			@@ -1835,23 +1834,19 @@
			assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
			}

			private void applyPwdPolicyMods(String pwPolDN, String attr, String value)
			private void applyPwdPolicyMods(String pwpDN, String attrName, Object... attrValues)
			throws DirectoryException
			{
			List<Modification> mods = newModifications(REPLACE, attr, value);
			ModifyOperation op = getRootConnection().processModify(DN.valueOf(pwPolDN), mods);
			ModifyRequest modifyRequest = Requests.newModifyRequest(pwpDN)
			.addModification(REPLACE, attrName, attrValues);
			ModifyOperation op = getRootConnection().processModify(modifyRequest);
			assertEquals(op.getResultCode(), ResultCode.SUCCESS);
			}

			private void setPasswordChangedTime(Entry userEntry) {
			List<Modification> mods = newModifications(REPLACE, "pwdchangedtime", "20050101000000.000Z");
			ModifyOperation op = getRootConnection().processModify(userEntry.getName(), mods);
			ModifyRequest modifyRequest = Requests.newModifyRequest(from(userEntry.getName()))
			.addModification(REPLACE, "pwdchangedtime", "20050101000000.000Z");
			ModifyOperation op = getRootConnection().processModify(modifyRequest);
			assertEquals(op.getResultCode(), ResultCode.SUCCESS);
			}

			private List<Modification> newModifications(ModificationType modType, String attrName, String attrValue)
			{
			return newArrayList(new Modification(modType,
			attrValue == null ? Attributes.empty(attrName) : Attributes.create(attrName, attrValue)));
			}
			}

			@@ -12,33 +12,31 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2006-2008 Sun Microsystems, Inc.
			* Portions Copyright 2010-2015 ForgeRock AS.
			* Portions Copyright 2010-2016 ForgeRock AS.
			*/
			package org.opends.server.extensions;

			import java.util.ArrayList;

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.api.PasswordStorageScheme;
			import org.opends.server.config.ConfigEntry;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.core.PasswordPolicy;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.schema.AuthPasswordSyntax;
			import org.opends.server.schema.UserPasswordSyntax;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.Modification;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.testng.Assert.*;

			/** A set of generic test cases for password storage schemes. */
			@@ -299,33 +297,25 @@
			{
			// This code was borrowed from
			// PasswordPolicyTestCase.testAllowPreEncodedPasswordsAuth
			boolean previousValue = false;
			try {
			DN dn = DN.valueOf("cn=Default Password Policy,cn=Password Policies,cn=config");
			PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
			previousValue = p.isAllowPreEncodedPasswords();
			final boolean previousValue = p.isAllowPreEncodedPasswords();

			String attr = "ds-cfg-allow-pre-encoded-passwords";

			ArrayList<Modification> mods = new ArrayList<>();
			mods.add(new Modification(ModificationType.REPLACE,
			Attributes.create(attr, String.valueOf(allowPreencoded))));

			InternalClientConnection conn =
			InternalClientConnection.getRootConnection();
			ModifyOperation modifyOperation = conn.processModify(dn, mods);
			ModifyRequest modifyRequest = Requests.newModifyRequest("cn=Default Password Policy,cn=Password Policies,cn=config")
			.addModification(REPLACE, "ds-cfg-allow-pre-encoded-passwords", allowPreencoded);
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

			p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
			assertEquals(p.isAllowPreEncodedPasswords(), allowPreencoded);
			return previousValue;
			} catch (Exception e) {
			System.err.println("Failed to set ds-cfg-allow-pre-encoded-passwords " +
			" to " + allowPreencoded);
			e.printStackTrace();
			throw e;
			}

			return previousValue;
			}

			protected static void testAuthPasswords(final String upperName,

			@@ -18,19 +18,16 @@
			package org.opends.server.extensions;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.testng.Assert.*;

			import java.io.File;
			import java.util.ArrayList;
			import java.util.Arrays;
			import java.util.List;

			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.AdminTestCaseUtils;
			import org.opends.server.admin.std.meta.SubjectAttributeToUserAttributeCertificateMapperCfgDefn;
			@@ -38,14 +35,9 @@
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.AttributeBuilder;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.InitializationException;
			import org.opends.server.types.Modification;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;
			@@ -658,12 +650,9 @@
			{
			String mapperDN = "cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config";

			Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-subject-attribute-mapping"));

			ArrayList<Modification> mods = newArrayList(
			new Modification(ModificationType.DELETE, a));

			ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			ModifyRequest modifyRequest =
			newModifyRequest(mapperDN).addModification(DELETE, "ds-cfg-subject-attribute-mapping");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}

			@@ -778,8 +767,7 @@
			String mapperDN = "cn=Subject Attribute to User Attribute," +
			"cn=Certificate Mappers,cn=config";

			Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
			assertModifyReplaceIsSuccess(externalDN, attr);
			assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
			}

			/**
			@@ -794,8 +782,7 @@
			String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
			String mapperDN = "cn=Subject Equals DN,cn=Certificate Mappers,cn=config";

			Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
			assertModifyReplaceIsSuccess(externalDN, attr);
			assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
			}

			/**
			@@ -806,13 +793,12 @@
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void setAttributeMappings(String... mappings) throws Exception
			private void setAttributeMappings(Object... mappings) throws Exception
			{
			String mapperDN = "cn=Subject Attribute to User Attribute," +
			"cn=Certificate Mappers,cn=config";

			Attribute attr = Attributes.create("ds-cfg-subject-attribute-mapping", mappings);
			assertModifyReplaceIsSuccess(mapperDN, attr);
			assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-subject-attribute-mapping", mappings);
			}


			@@ -827,18 +813,11 @@
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void setBaseDNs(String... baseDNs) throws Exception
			private void setBaseDNs(Object... baseDNs) throws Exception
			{
			String mapperDN = "cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config";

			AttributeType attrType = DirectoryServer.getAttributeType("ds-cfg-user-base-dn");
			AttributeBuilder builder = new AttributeBuilder(attrType);
			if (baseDNs != null)
			{
			builder.addAllStrings(Arrays.asList(baseDNs));
			}

			assertModifyReplaceIsSuccess(mapperDN, builder.toAttribute());
			assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-user-base-dn", baseDNs);
			}

			/**
			@@ -893,10 +872,18 @@
			}
			}

			private void assertModifyReplaceIsSuccess(String dn, Attribute replaceAttr) throws DirectoryException
			private void assertModifyReplaceIsSuccess(String dn, String attrName, Object... attrValues) throws DirectoryException
			{
			ArrayList<Modification> mods = newArrayList(new Modification(REPLACE, replaceAttr));
			ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(dn), mods);
			ModifyRequest modifyRequest = newModifyRequest(dn);
			if (attrValues != null)
			{
			modifyRequest.addModification(REPLACE, attrName, attrValues);
			}
			else
			{
			modifyRequest.addModification(REPLACE, attrName);
			}
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}
			}

			@@ -17,18 +17,16 @@
			package org.opends.server.extensions;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.testng.Assert.*;

			import java.io.File;
			import java.util.ArrayList;
			import java.util.Arrays;
			import java.util.List;

			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.AdminTestCaseUtils;
			import org.opends.server.admin.std.meta.SubjectDNToUserAttributeCertificateMapperCfgDefn;
			@@ -36,15 +34,9 @@
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.AttributeBuilder;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.InitializationException;
			import org.opends.server.types.Modification;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;
			@@ -532,11 +524,10 @@
			throws Exception
			{
			String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";
			Attribute a = Attributes.empty(DirectoryServer.getAttributeType("ds-cfg-subject-attribute"));

			ArrayList<Modification> mods = newArrayList(new Modification(ModificationType.DELETE, a));
			ModifyOperation modifyOperation =
			getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			ModifyRequest modifyRequest = newModifyRequest(mapperDN)
			.addModification(DELETE, "ds-cfg-subject-attribute");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertNotSame(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}

			@@ -580,11 +571,9 @@
			throws Exception
			{
			String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
			String mapperDN =
			"cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";
			String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";

			Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
			assertModifyReplaceIsSuccess(externalDN, attr);
			assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
			}


			@@ -601,8 +590,7 @@
			String externalDN = "cn=EXTERNAL,cn=SASL Mechanisms,cn=config";
			String mapperDN = "cn=Subject Equals DN,cn=Certificate Mappers,cn=config";

			Attribute attr = Attributes.create("ds-cfg-certificate-mapper", mapperDN);
			assertModifyReplaceIsSuccess(externalDN, attr);
			assertModifyReplaceIsSuccess(externalDN, "ds-cfg-certificate-mapper", mapperDN);
			}


			@@ -619,11 +607,9 @@
			private void setSubjectAttribute(String attrName)
			throws Exception
			{
			String mapperDN =
			"cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";
			String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";

			Attribute attr = Attributes.create("ds-cfg-subject-attribute", attrName);
			assertModifyReplaceIsSuccess(mapperDN, attr);
			assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-subject-attribute", attrName);
			}


			@@ -638,18 +624,11 @@
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			private void setBaseDNs(String[] baseDNs) throws Exception
			private void setBaseDNs(Object[] baseDNs) throws Exception
			{
			String mapperDN = "cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config";

			AttributeType attrType = DirectoryServer.getAttributeType("ds-cfg-user-base-dn");
			AttributeBuilder builder = new AttributeBuilder(attrType);
			if (baseDNs != null)
			{
			builder.addAllStrings(Arrays.asList(baseDNs));
			}

			assertModifyReplaceIsSuccess(mapperDN, builder.toAttribute());
			assertModifyReplaceIsSuccess(mapperDN, "ds-cfg-user-base-dn", baseDNs);
			}

			/**
			@@ -711,10 +690,19 @@
			}
			}

			private void assertModifyReplaceIsSuccess(String mapperDN, Attribute attr) throws DirectoryException
			private void assertModifyReplaceIsSuccess(String mapperDN, String attrName, Object... attrValues)
			throws DirectoryException
			{
			ArrayList<Modification> mods = newArrayList(new Modification(REPLACE, attr));
			ModifyOperation modifyOperation = getRootConnection().processModify(DN.valueOf(mapperDN), mods);
			ModifyRequest modifyRequest = newModifyRequest(mapperDN);
			if (attrValues != null)
			{
			modifyRequest.addModification(REPLACE, attrName, attrValues);
			}
			else
			{
			modifyRequest.addModification(REPLACE, attrName);
			}
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			}
			}

			@@ -12,15 +12,13 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2006-2008 Sun Microsystems, Inc.
			* Portions Copyright 2014-2015 ForgeRock AS.
			* Portions Copyright 2014-2016 ForgeRock AS.
			*/
			package org.opends.server.extensions;

			import java.net.Socket;
			import java.util.ArrayList;
			import java.util.HashMap;
			import java.util.List;
			import java.util.concurrent.atomic.AtomicInteger;

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ResultCode;
			@@ -32,17 +30,18 @@
			import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
			import org.opends.server.protocols.ldap.LDAPMessage;
			import org.opends.server.protocols.ldap.LDAPResultCode;
			import org.opends.server.protocols.ldap.UnbindRequestProtocolOp;
			import org.opends.server.tools.LDAPAuthenticationHandler;
			import org.opends.server.tools.LDAPReader;
			import org.opends.server.tools.LDAPWriter;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.AuthenticationInfo;
			import org.opends.server.types.Control;
			import org.opends.server.types.DN;
			import org.opends.server.types.Entry;
			import org.opends.server.types.LDAPException;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			import com.forgerock.opendj.cli.ClientException;

			import static org.opends.server.util.CollectionUtils.*;
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;
			@@ -146,29 +145,16 @@
			public void testAsLDAPRootUser()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
			doSimpleBind(authHandler, "cn=Directory Manager", "password");
			assertNotNull(authHandler.requestAuthorizationIdentity());

			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler =
			new LDAPAuthenticationHandler(reader, writer, "localhost",
			nextMessageID);
			authHandler.doSimpleBind(3, ByteString.valueOfUtf8("cn=Directory Manager"),
			ByteString.valueOfUtf8("password"),
			new ArrayList<Control>(),
			new ArrayList<Control>());
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNotNull(authzID);

			LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
			new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			conn.unbind();
			}
			}



			/**
			* Tests the use of the Who Am I? extended operation with an unauthenticated
			* LDAP connection.
			@@ -179,21 +165,12 @@
			public void testAsLDAPAnonymous()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);

			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler =
			new LDAPAuthenticationHandler(reader, writer, "localhost",
			nextMessageID);
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNull(authzID);

			LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
			new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
			assertNull(authHandler.requestAuthorizationIdentity());
			conn.unbind();
			}
			}


			@@ -222,25 +199,15 @@
			"userPassword: password");


			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler =
			new LDAPAuthenticationHandler(reader, writer, "localhost",
			nextMessageID);
			authHandler.doSimpleBind(3, ByteString.valueOfUtf8("uid=test.user,o=test"),
			ByteString.valueOfUtf8("password"),
			new ArrayList<Control>(),
			new ArrayList<Control>());
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNotNull(authzID);
			doSimpleBind(authHandler, "uid=test.user,o=test", "password");
			assertNotNull(authHandler.requestAuthorizationIdentity());

			LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
			new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			conn.unbind();
			}
			}


			@@ -283,37 +250,24 @@
			"ds-privilege-name: bypass-acl",
			"ds-privilege-name: proxied-auth");

			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			// Bind as the proxy user with an alternate authorization identity, and use
			// the "Who Am I?" operation.
			HashMap<String,List<String>> saslProperties = new HashMap<>(2);
			saslProperties.put("authID", newArrayList("dn:uid=proxy.user,o=test"));
			saslProperties.put("authzID", newArrayList("dn:uid=test.user,o=test"));

			authHandler.doSASLPlain(ByteString.empty(),
			ByteString.valueOfUtf8("password"), saslProperties,
			new ArrayList<Control>(),
			new ArrayList<Control>());
			assertAuthzID(authHandler.requestAuthorizationIdentity(), "dn:uid=test.user,o=test");

			// Bind as the proxy user with an alternate authorization identity, and use
			// the "Who Am I?" operation.
			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler =
			new LDAPAuthenticationHandler(reader, writer, "localhost",
			nextMessageID);

			HashMap<String,List<String>> saslProperties = new HashMap<>(2);
			saslProperties.put("authID", newArrayList("dn:uid=proxy.user,o=test"));
			saslProperties.put("authzID", newArrayList("dn:uid=test.user,o=test"));

			authHandler.doSASLPlain(ByteString.empty(),
			ByteString.valueOfUtf8("password"), saslProperties,
			new ArrayList<Control>(),
			new ArrayList<Control>());
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNotNull(authzID);
			assertEquals(authzID.toString(), "dn:uid=test.user,o=test");


			// Close the connection to the server.
			LDAPMessage unbindMessage = new LDAPMessage(nextMessageID.getAndIncrement(),
			new UnbindRequestProtocolOp());
			writer.writeMessage(unbindMessage);
			s.close();
			conn.unbind();
			}
			}


			@@ -355,54 +309,34 @@
			"ds-privilege-name: bypass-acl",
			"ds-privilege-name: proxied-auth");

			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			// Bind as the proxy user and use the "Who Am I?" operation, but without the
			// proxied auth control.
			doSimpleBind(authHandler, "uid=proxy.user,o=test", "password");
			assertAuthzID(authHandler.requestAuthorizationIdentity(), "dn:uid=proxy.user,o=test");

			// Use the "Who Am I?" operation again, this time with the proxy control.
			conn.writeMessage(
			new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST),
			new ProxiedAuthV2Control(ByteString.valueOfUtf8("dn:uid=test.user,o=test")));

			// Bind as the proxy user and use the "Who Am I?" operation, but without the
			// proxied auth control.
			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler =
			new LDAPAuthenticationHandler(reader, writer, "localhost",
			nextMessageID);
			authHandler.doSimpleBind(3, ByteString.valueOfUtf8("uid=proxy.user,o=test"),
			ByteString.valueOfUtf8("password"),
			new ArrayList<Control>(),
			new ArrayList<Control>());
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNotNull(authzID);
			assertEquals(authzID.toString(), "dn:uid=proxy.user,o=test");
			LDAPMessage message = conn.readMessage();
			ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
			assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
			assertAuthzID(extendedResponse.getValue(), "dn:uid=test.user,o=test");


			// Use the "Who Am I?" operation again, this time with the proxy control.
			ExtendedRequestProtocolOp extendedRequest =
			new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
			ArrayList<Control> requestControls = new ArrayList<>(1);
			requestControls.add(new ProxiedAuthV2Control(
			ByteString.valueOfUtf8("dn:uid=test.user,o=test")));
			LDAPMessage message = new LDAPMessage(nextMessageID.getAndIncrement(),
			extendedRequest, requestControls);
			writer.writeMessage(message);

			message = reader.readMessage();
			ExtendedResponseProtocolOp extendedResponse =
			message.getExtendedResponseProtocolOp();
			assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
			authzID = extendedResponse.getValue();
			assertNotNull(authzID);
			assertEquals(authzID.toString(), "dn:uid=test.user,o=test");


			// Close the connection to the server.
			message = new LDAPMessage(nextMessageID.getAndIncrement(),
			new UnbindRequestProtocolOp());
			writer.writeMessage(message);
			s.close();
			conn.unbind();
			}
			}


			private void assertAuthzID(ByteString authzID, String expected)
			{
			assertNotNull(authzID);
			assertEquals(authzID.toString(), expected);
			}

			/**
			* Tests the use of the Who Am I? extended operation in conjunction with the
			@@ -441,51 +375,33 @@
			"userPassword: password",
			"ds-privilege-name: bypass-acl");

			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			LDAPReader reader = new LDAPReader(s);
			LDAPWriter writer = new LDAPWriter(s);
			// Bind as the proxy user and use the "Who Am I?" operation, but without the
			// proxied auth control.
			doSimpleBind(authHandler, "uid=cantproxy.user,o=test", "password");
			assertAuthzID(authHandler.requestAuthorizationIdentity(), "dn:uid=cantproxy.user,o=test");

			// Use the "Who Am I?" operation again, this time with the proxy control.
			conn.writeMessage(
			new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST),
			new ProxiedAuthV2Control(ByteString.valueOfUtf8("dn:uid=test.user,o=test")));

			// Bind as the proxy user and use the "Who Am I?" operation, but without the
			// proxied auth control.
			AtomicInteger nextMessageID = new AtomicInteger(1);
			LDAPAuthenticationHandler authHandler =
			new LDAPAuthenticationHandler(reader, writer, "localhost",
			nextMessageID);
			authHandler.doSimpleBind(3,
			ByteString.valueOfUtf8("uid=cantproxy.user,o=test"),
			ByteString.valueOfUtf8("password"),
			new ArrayList<Control>(),
			new ArrayList<Control>());
			ByteString authzID = authHandler.requestAuthorizationIdentity();
			assertNotNull(authzID);
			assertEquals(authzID.toString(), "dn:uid=cantproxy.user,o=test");
			LDAPMessage message = conn.readMessage();
			ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
			assertEquals(extendedResponse.getResultCode(), LDAPResultCode.AUTHORIZATION_DENIED);
			assertNull(extendedResponse.getValue());

			conn.unbind();
			}
			}

			// Use the "Who Am I?" operation again, this time with the proxy control.
			ExtendedRequestProtocolOp extendedRequest =
			new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
			ArrayList<Control> requestControls = new ArrayList<>(1);
			requestControls.add(new ProxiedAuthV2Control(
			ByteString.valueOfUtf8("dn:uid=test.user,o=test")));
			LDAPMessage message = new LDAPMessage(nextMessageID.getAndIncrement(),
			extendedRequest, requestControls);
			writer.writeMessage(message);

			message = reader.readMessage();
			ExtendedResponseProtocolOp extendedResponse =
			message.getExtendedResponseProtocolOp();
			assertEquals(extendedResponse.getResultCode(),
			LDAPResultCode.AUTHORIZATION_DENIED);
			assertNull(extendedResponse.getValue());


			// Close the connection to the server.
			message = new LDAPMessage(nextMessageID.getAndIncrement(),
			new UnbindRequestProtocolOp());
			writer.writeMessage(message);
			s.close();
			private void doSimpleBind(LDAPAuthenticationHandler authHandler, String bindDn, String bindPwd)
			throws ClientException, LDAPException
			{
			authHandler.doSimpleBind(3, ByteString.valueOfUtf8(bindDn), ByteString.valueOfUtf8(bindPwd),
			new ArrayList<Control>(), new ArrayList<Control>());
			}
			}

			@@ -12,11 +12,12 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2011 profiq s.r.o.
			* Portions Copyright 2013-2015 ForgeRock AS.
			* Portions Copyright 2013-2016 ForgeRock AS.
			*/
			package org.opends.server.plugins;

			import java.util.ArrayList;
			import java.util.Arrays;
			import java.util.List;
			import java.util.Set;

			@@ -32,18 +33,21 @@
			import org.opends.server.api.plugin.PluginType;
			import org.opends.server.core.AddOperationBasis;
			import org.opends.server.core.ModifyOperationBasis;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.types.*;
			import org.opends.server.types.Entry;
			import org.opends.server.types.InitializationException;
			import org.opends.server.types.RawAttribute;
			import org.opends.server.types.RawModification;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.TestCaseUtils.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.testng.Assert.*;

			/**
			* Tests for the attribute cleanup plugin.
			*/
			/** Tests for the attribute cleanup plugin. */
			@SuppressWarnings("javadoc")
			public class AttributeCleanupPluginTestCase extends PluginTestCase
			{
			@@ -242,30 +246,15 @@
			* cn: Name Surname
			* sn: Surname
			*/
			ArrayList<ByteString> values = new ArrayList<>();
			values.add(ByteString.valueOfUtf8("top"));
			values.add(ByteString.valueOfUtf8("person"));
			values.add(ByteString.valueOfUtf8("organizationalperson"));
			values.add(ByteString.valueOfUtf8("inetorgperson"));
			AddOperationBasis addOperation = add("dn: uid=test,dc=example,dc=com",
			RawAttribute.create("objectClass", toByteStrings("top", "person", "organizationalperson", "inetorgperson")),
			RawAttribute.create("uid", "test"),
			RawAttribute.create("cn", "Name Surname"),
			RawAttribute.create("sn", "Surname"));

			List<RawAttribute> rawAttributes = new ArrayList<>();
			rawAttributes.add(RawAttribute.create("objectClass", values));
			rawAttributes.add(RawAttribute.create("uid", "test"));
			rawAttributes.add(RawAttribute.create("cn", "Name Surname"));
			rawAttributes.add(RawAttribute.create("sn", "Surname"));

			AddOperationBasis addOperation =
			new AddOperationBasis(InternalClientConnection.getRootConnection(),
			1,
			1,
			null,
			ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
			rawAttributes);

			/* Process the operation. The processing should continue. */

			PluginResult.PreParse res = plugin.doPreParse(addOperation);

			assertTrue(res.continueProcessing());

			/* Verify that the 'cn' attribute has been renamed to 'description'
			@@ -289,7 +278,22 @@
			}

			fail();
			}

			private ArrayList<ByteString> toByteStrings(String... strings)
			{
			ArrayList<ByteString> results = new ArrayList<>(strings.length);
			for (String s : strings)
			{
			results.add(ByteString.valueOfUtf8(s));
			}
			return results;
			}

			private AddOperationBasis add(String entryDN, RawAttribute... rawAttributes)
			{
			return new AddOperationBasis(getRootConnection(), 1, 1, null,
			ByteString.valueOfUtf8(entryDN), Arrays.asList(rawAttributes));
			}

			/**
			@@ -339,29 +343,14 @@
			* modifyTimeStamp: 2011091212400000Z
			* createTimeStamp: 2011091212400000Z
			*/
			AddOperationBasis addOperation = add("dn: uid=test,dc=example,dc=com",
			RawAttribute.create("objectClass", toByteStrings("top", "person", "organizationalperson", "inetorgperson")),
			RawAttribute.create("uid", "test"),
			RawAttribute.create("cn", "Name Surname"),
			RawAttribute.create("sn", "Surname"),
			RawAttribute.create("modifyTimeStamp", "2011091212400000Z"),
			RawAttribute.create("createTimeStamp", "2011091212400000Z"));

			ArrayList<ByteString> values = new ArrayList<>();
			values.add(ByteString.valueOfUtf8("top"));
			values.add(ByteString.valueOfUtf8("person"));
			values.add(ByteString.valueOfUtf8("organizationalperson"));
			values.add(ByteString.valueOfUtf8("inetorgperson"));

			List<RawAttribute> rawAttributes = new ArrayList<>();

			rawAttributes.add(RawAttribute.create("objectClass", values));
			rawAttributes.add(RawAttribute.create("uid", "test"));
			rawAttributes.add(RawAttribute.create("cn", "Name Surname"));
			rawAttributes.add(RawAttribute.create("sn", "Surname"));
			rawAttributes.add(RawAttribute.create("modifyTimeStamp", "2011091212400000Z"));
			rawAttributes.add(RawAttribute.create("createTimeStamp", "2011091212400000Z"));

			AddOperationBasis addOperation =
			new AddOperationBasis(InternalClientConnection.getRootConnection(),
			1,
			1,
			null,
			ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
			rawAttributes);

			/* Process the operation and expect the server to continue
			* processing the operation.
			@@ -436,23 +425,9 @@
			* createTimeStamp: 2011091212400000Z
			* -
			*/

			List<RawModification> rawMods= new ArrayList<>();

			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"modifyTimeStamp",
			"2011091212400000Z"));
			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"createTimeStamp",
			"2011091212400000Z"));

			ModifyOperationBasis modifyOperation =
			new ModifyOperationBasis(InternalClientConnection.getRootConnection(),
			1,
			1,
			null,
			ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
			rawMods);
			ModifyOperationBasis modifyOperation = modify("dn: uid=test,dc=example,dc=com",
			newRawModification(REPLACE, "modifyTimeStamp", "2011091212400000Z"),
			newRawModification(REPLACE, "createTimeStamp", "2011091212400000Z"));

			/* Process the request. The result should be SUCCESS and the server
			* should stop the processing.
			@@ -465,6 +440,11 @@

			}

			private ModifyOperationBasis modify(String entryDN, RawModification... rawMods)
			{
			return new ModifyOperationBasis(getRootConnection(), 1, 1, null, ByteString.valueOfUtf8(entryDN), newArrayList(rawMods));
			}

			/**
			* Verify the attribute renaming for a MODIFY operation.
			* @throws Exception in case of a bug.
			@@ -516,29 +496,11 @@
			* createTimeStamp: 2011091212400000Z
			* -
			*/

			List<RawModification> rawMods= new ArrayList<>();

			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"cn",
			"Test User"));
			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"sn",
			"User"));
			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"modifyTimeStamp",
			"2011091212400000Z"));
			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"createTimeStamp",
			"2011091212400000Z"));

			ModifyOperationBasis modifyOperation =
			new ModifyOperationBasis(InternalClientConnection.getRootConnection(),
			1,
			1,
			null,
			ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
			rawMods);
			ModifyOperationBasis modifyOperation = modify("dn: uid=test,dc=example,dc=com",
			newRawModification(REPLACE, "cn", "Test User"),
			newRawModification(REPLACE, "sn", "User"),
			newRawModification(REPLACE, "modifyTimeStamp", "2011091212400000Z"),
			newRawModification(REPLACE, "createTimeStamp", "2011091212400000Z"));

			/* Process the MODIFY operation making sure the remaining number of
			* modifications is 2 and that the '*TimeStamp' modifications are
			@@ -548,7 +510,7 @@

			assertEquals(modifyOperation.getRawModifications().size(), 2);

			rawMods = modifyOperation.getRawModifications();
			List<RawModification> rawMods = modifyOperation.getRawModifications();
			assertNotNull(rawMods);

			for(RawModification rawMod : rawMods )
			@@ -566,6 +528,11 @@

			}

			private RawModification newRawModification(ModificationType modType, String attrName, String attrValue)
			{
			return RawModification.create(modType, attrName, attrValue);
			}


			/**
			* Verify the attribute renaming for the MODIFY operation.
			@@ -611,40 +578,21 @@
			* replace: modifyTimeStamp
			* modifyTimeStamp: 2011091212400000Z
			*/
			List<RawModification> rawMods= new ArrayList<>();

			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"cn",
			"Test User"));
			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"sn",
			"User"));
			rawMods.add(RawModification.create(ModificationType.REPLACE,
			"modifyTimeStamp",
			"2011091212400000Z"));

			ModifyOperationBasis modifyOperation =
			new ModifyOperationBasis(InternalClientConnection.getRootConnection(),
			1,
			1,
			null,
			ByteString.valueOfUtf8("dn: uid=test,dc=example,dc=com"),
			rawMods);
			ModifyOperationBasis modifyOperation = modify("dn: uid=test,dc=example,dc=com",
			newRawModification(REPLACE, "cn", "Test User"),
			newRawModification(REPLACE, "sn", "User"),
			newRawModification(REPLACE, "modifyTimeStamp", "2011091212400000Z"));

			/* Process the MODIFY operation. */

			PluginResult.PreParse res = plugin.doPreParse(modifyOperation);

			assertTrue(res.continueProcessing());

			/* Verify that the attribute has been properly renamed by comparing
			* the value of the attribute 'description' with the original value
			* of the 'modifyTimeStamp' attribute.
			*/
			rawMods = modifyOperation.getRawModifications();

			List<RawModification> rawMods = modifyOperation.getRawModifications();
			assertNotNull(rawMods);

			for(RawModification rawMod : rawMods )
			{
			RawAttribute modAttr = rawMod.getAttribute();

			@@ -18,14 +18,14 @@
			package org.opends.server.plugins;

			import java.util.HashSet;
			import java.util.LinkedList;
			import java.util.List;

			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.admin.server.AdminTestCaseUtils;
			@@ -43,11 +43,9 @@
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.Control;
			import org.opends.server.types.DN;
			import org.opends.server.types.Entry;
			import org.opends.server.types.Modification;
			import org.opends.server.types.RDN;
			import org.opends.server.types.SearchResultEntry;
			import org.testng.annotations.AfterClass;
			@@ -56,6 +54,7 @@
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.core.DirectoryServer.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			@@ -1024,10 +1023,10 @@
			* @param attrValStrings The values to add to the entry.
			*/
			private ModifyOperation
			addAttrEntry(DN dn, String attrName, String... attrValStrings) {
			LinkedList<Modification> mods = newLinkedList(
			new Modification(ADD, Attributes.create(attrName, attrValStrings)));
			return getRootConnection().processModify(dn, mods);
			addAttrEntry(DN dn, String attrName, Object... attrValStrings) {
			ModifyRequest modifyRequest = Requests.newModifyRequest(from(dn))
			.addModification(ADD, attrName, attrValStrings);
			return getRootConnection().processModify(modifyRequest);
			}

			/**
			@@ -1037,10 +1036,10 @@
			* @param attrName The attribute type to replace the values in.
			* @param attrValStrings The values to replace in the the entry.
			*/
			private ModifyOperation replaceAttrEntry(DN dn, String attrName, String... attrValStrings) {
			LinkedList<Modification> mods = newLinkedList(
			new Modification(REPLACE, Attributes.create(attrName, attrValStrings)));
			return getRootConnection().processModify(dn, mods);
			private ModifyOperation replaceAttrEntry(DN dn, String attrName, Object... attrValStrings) {
			ModifyRequest modifyRequest = Requests.newModifyRequest(from(dn))
			.addModification(REPLACE, attrName, attrValStrings);
			return getRootConnection().processModify(modifyRequest);
			}

			/**
			@@ -1053,13 +1052,11 @@
			*/
			private void
			deleteAttrsEntry(DN dn, String... attrTypeStrings) throws Exception {
			LinkedList<Modification> mods = new LinkedList<>();
			ModifyRequest modifyRequest = Requests.newModifyRequest(from(dn));
			for(String attrTypeString : attrTypeStrings) {
			AttributeType attrType = getAttributeType(attrTypeString);
			mods.add(new Modification(ModificationType.DELETE,
			Attributes.empty(attrType)));
			modifyRequest.addModification(DELETE, attrTypeString);
			}
			getRootConnection().processModify(dn, mods);
			getRootConnection().processModify(modifyRequest);
			}

			private void deleteEntries(String... dns) throws Exception{

			@@ -17,6 +17,8 @@
			package org.opends.server.plugins;

			import static org.assertj.core.api.Assertions.*;
			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.opends.server.util.StaticUtils.*;
			@@ -30,6 +32,8 @@
			import org.forgerock.opendj.ldap.ByteStringBuilder;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ExtendedOperation;
			@@ -141,13 +145,12 @@
			* Samba administrative user needs a permission to manipulate user accounts.
			* Hence, we add a very permissive ACI.
			*/
			LinkedList<Modification> mods =
			newLinkedList(new Modification(ModificationType.ADD, Attributes.create("aci",
			"(target=\"ldap:///uid=,o=test\")(targetattr=\"\")"
			+ "(version 3.0; acl \"Samba admin\"; allow (all) "
			+ "userdn=\"ldap:///cn=samba admin,o=test\";)")));

			ModifyOperation modOp = getRootConnection().processModify(DN.valueOf("o=test"), mods);
			ModifyRequest modifyRequest = Requests.newModifyRequest("o=test")
			.addModification(ADD, "aci",
			"(target=\"ldap:///uid=,o=test\")(targetattr=\"\")"
			+ "(version 3.0; acl \"Samba admin\"; allow (all) "
			+ "userdn=\"ldap:///cn=samba admin,o=test\";)");
			ModifyOperation modOp = getRootConnection().processModify(modifyRequest);
			assertEquals(modOp.getResultCode(), ResultCode.SUCCESS);
			}

			@@ -219,10 +222,9 @@
			TestCaseUtils.addEntry(testEntry);

			// Perform the modify operation
			LinkedList<Modification> mods = newLinkedList(
			new Modification(ModificationType.REPLACE, Attributes.create("userPassword", "password")));

			ModifyOperation modOp = getRootConnection().processModify(testEntry.getName(), mods);
			ModifyRequest modifyRequest = Requests.newModifyRequest(from(testEntry.getName()))
			.addModification(REPLACE, "userPassword", "password");
			ModifyOperation modOp = getRootConnection().processModify(modifyRequest);
			assertEquals(modOp.getResultCode(), ResultCode.SUCCESS);

			// Verification of the change

			@@ -17,10 +17,10 @@
			package org.opends.server.protocols.internal;

			import java.util.ArrayList;
			import java.util.List;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.TestCaseUtils;
			@@ -33,7 +33,6 @@
			import org.opends.server.core.ModifyDNOperation;
			import org.opends.server.core.ModifyOperation;
			import org.opends.server.protocols.ldap.LDAPAttribute;
			import org.opends.server.protocols.ldap.LDAPModification;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.AuthenticationInfo;
			import org.opends.server.types.CancelRequest;
			@@ -50,6 +49,7 @@
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.protocols.internal.Requests.*;
			import static org.opends.server.util.CollectionUtils.*;
			@@ -507,9 +507,7 @@
			"objectClass: device",
			"cn: test");

			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(new LDAPModification(ModificationType.REPLACE,
			new LDAPAttribute("description", "This is a test")));
			List<RawModification> mods = newArrayList(RawModification.create(REPLACE, "description", "This is a test"));

			InternalClientConnection conn = getRootConnection();
			ModifyOperation modifyOperation =
			@@ -535,9 +533,8 @@
			"objectClass: device",
			"cn: test");

			ArrayList<Modification> mods = new ArrayList<>();
			mods.add(new Modification(ModificationType.REPLACE,
			Attributes.create("description", "This is a test")));
			List<Modification> mods = newArrayList(
			new Modification(REPLACE, Attributes.create("description", "This is a test")));

			InternalClientConnection conn = getRootConnection();
			ModifyOperation modifyOperation =

			@@ -12,13 +12,13 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2008 Sun Microsystems, Inc.
			* Portions Copyright 2014-2015 ForgeRock AS.
			* Portions Copyright 2014-2016 ForgeRock AS.
			*/
			package org.opends.server.protocols.internal;

			import java.util.ArrayList;
			import java.util.Hashtable;
			import java.util.LinkedHashSet;
			import java.util.List;

			import javax.naming.Context;
			import javax.naming.NamingEnumeration;
			@@ -33,11 +33,21 @@

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.protocols.ldap.*;
			import org.opends.server.protocols.ldap.AddRequestProtocolOp;
			import org.opends.server.protocols.ldap.BindRequestProtocolOp;
			import org.opends.server.protocols.ldap.CompareRequestProtocolOp;
			import org.opends.server.protocols.ldap.DeleteRequestProtocolOp;
			import org.opends.server.protocols.ldap.ExtendedRequestProtocolOp;
			import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
			import org.opends.server.protocols.ldap.LDAPFilter;
			import org.opends.server.protocols.ldap.LDAPMessage;
			import org.opends.server.protocols.ldap.LDAPResultCode;
			import org.opends.server.protocols.ldap.ModifyDNRequestProtocolOp;
			import org.opends.server.protocols.ldap.ModifyRequestProtocolOp;
			import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
			import org.opends.server.tools.LDAPReader;
			import org.opends.server.tools.LDAPWriter;
			import org.opends.server.types.DN;
			@@ -46,13 +56,12 @@
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.server.util.CollectionUtils.*;
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;

			/**
			* This class provides a number of tests to cover the internal LDAP socket
			* implementation.
			*/
			/** This class provides a number of tests to cover the internal LDAP socket implementation. */
			public class InternalLDAPSocketTestCase extends InternalTestCase
			{
			/**
			@@ -80,38 +89,28 @@
			TestCaseUtils.initializeTestBackend(false);
			assertFalse(DirectoryServer.entryExists(DN.valueOf("o=test")));

			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			writer.writeMessage(bindRequestMessage());

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);
			LDAPMessage message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
			List<RawAttribute> attrList = newArrayList(
			RawAttribute.create("objectClass", "organization"),
			RawAttribute.create("o", "test"));

			AddRequestProtocolOp addRequest = new AddRequestProtocolOp(ByteString.valueOfUtf8("o=test"), attrList);
			writer.writeMessage(new LDAPMessage(2, addRequest));

			ArrayList<RawAttribute> attrList = new ArrayList<>();
			attrList.add(RawAttribute.create("objectClass", "organization"));
			attrList.add(RawAttribute.create("o", "test"));

			AddRequestProtocolOp addRequest =
			new AddRequestProtocolOp(ByteString.valueOfUtf8("o=test"), attrList);
			writer.writeMessage(new LDAPMessage(2, addRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getAddResponseProtocolOp().getResultCode(),
			LDAPResultCode.SUCCESS);
			assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

			reader.close();
			writer.close();
			socket.close();
			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getAddResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
			assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));
			}
			}


			@@ -173,34 +172,24 @@
			TestCaseUtils.initializeTestBackend(true);
			assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			writer.writeMessage(bindRequestMessage());

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);
			LDAPMessage message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
			CompareRequestProtocolOp compareRequest =
			new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"), "o", ByteString.valueOfUtf8("test"));
			writer.writeMessage(new LDAPMessage(2, compareRequest));


			CompareRequestProtocolOp compareRequest =
			new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"), "o",
			ByteString.valueOfUtf8("test"));
			writer.writeMessage(new LDAPMessage(2, compareRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getCompareResponseProtocolOp().getResultCode(),
			LDAPResultCode.COMPARE_TRUE);

			reader.close();
			writer.close();
			socket.close();
			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getCompareResponseProtocolOp().getResultCode(), LDAPResultCode.COMPARE_TRUE);
			}
			}


			@@ -257,34 +246,24 @@
			TestCaseUtils.initializeTestBackend(true);
			assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			writer.writeMessage(bindRequestMessage());

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);
			LDAPMessage message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
			DeleteRequestProtocolOp deleteRequest = new DeleteRequestProtocolOp(ByteString.valueOfUtf8("o=test"));
			writer.writeMessage(new LDAPMessage(2, deleteRequest));


			DeleteRequestProtocolOp deleteRequest =
			new DeleteRequestProtocolOp(ByteString.valueOfUtf8("o=test"));
			writer.writeMessage(new LDAPMessage(2, deleteRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getDeleteResponseProtocolOp().getResultCode(),
			LDAPResultCode.SUCCESS);
			assertFalse(DirectoryServer.entryExists(DN.valueOf("o=test")));

			reader.close();
			writer.close();
			socket.close();
			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getDeleteResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
			assertFalse(DirectoryServer.entryExists(DN.valueOf("o=test")));
			}
			}


			@@ -331,37 +310,27 @@
			@Test
			public void testExtendedOperation() throws Exception
			{
			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			writer.writeMessage(bindRequestMessage());

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);
			LDAPMessage message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
			ExtendedRequestProtocolOp extendedRequest = new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
			writer.writeMessage(new LDAPMessage(2, extendedRequest));

			message = reader.readMessage();
			assertNotNull(message);

			ExtendedRequestProtocolOp extendedRequest =
			new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
			writer.writeMessage(new LDAPMessage(2, extendedRequest));

			message = reader.readMessage();
			assertNotNull(message);

			ExtendedResponseProtocolOp extendedResponse =
			message.getExtendedResponseProtocolOp();
			assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
			assertTrue(extendedResponse.getValue().toString().equalsIgnoreCase(
			"dn:cn=Directory Manager,cn=Root DNs,cn=config"));

			reader.close();
			writer.close();
			socket.close();
			ExtendedResponseProtocolOp extendedResponse = message.getExtendedResponseProtocolOp();
			assertEquals(extendedResponse.getResultCode(), LDAPResultCode.SUCCESS);
			assertTrue(extendedResponse.getValue().toString().equalsIgnoreCase(
			"dn:cn=Directory Manager,cn=Root DNs,cn=config"));
			}
			}


			@@ -378,36 +347,38 @@
			TestCaseUtils.initializeTestBackend(true);
			assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			writer.writeMessage(bindRequestMessage());

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			List<RawModification> mods = newArrayList(
			RawModification.create(REPLACE, "description", "foo"));

			ModifyRequestProtocolOp modifyRequest = new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
			writer.writeMessage(new LDAPMessage(2, modifyRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getModifyResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
			}
			}



			/**
			* @return
			*/
			private LDAPMessage bindRequestMessage()
			{
			BindRequestProtocolOp bindRequest = bindRequest();
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);


			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(RawModification.create(ModificationType.REPLACE, "description", "foo"));

			ModifyRequestProtocolOp modifyRequest =
			new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
			writer.writeMessage(new LDAPMessage(2, modifyRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getModifyResponseProtocolOp().getResultCode(),
			LDAPResultCode.SUCCESS);

			reader.close();
			writer.close();
			socket.close();
			return message;
			}


			@@ -467,37 +438,42 @@
			assertTrue(DirectoryServer.entryExists(DN.valueOf("ou=People,o=test")));
			assertFalse(DirectoryServer.entryExists(DN.valueOf("ou=Users,o=test")));

			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			LDAPMessage message = bindRequestMessage();
			writer.writeMessage(message);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			ModifyDNRequestProtocolOp modifyDNRequest =
			new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"), ByteString.valueOfUtf8("ou=Users"),
			true);
			writer.writeMessage(new LDAPMessage(2, modifyDNRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getModifyDNResponseProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);

			assertFalse(DirectoryServer.entryExists(DN.valueOf("ou=People,o=test")));
			assertTrue(DirectoryServer.entryExists(DN.valueOf("ou=Users,o=test")));
			}
			}



			/**
			* @return
			*/
			private BindRequestProtocolOp bindRequest()
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);


			ModifyDNRequestProtocolOp modifyDNRequest =
			new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"),
			ByteString.valueOfUtf8("ou=Users"), true);
			writer.writeMessage(new LDAPMessage(2, modifyDNRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getModifyDNResponseProtocolOp().getResultCode(),
			LDAPResultCode.SUCCESS);

			assertFalse(DirectoryServer.entryExists(DN.valueOf("ou=People,o=test")));
			assertTrue(DirectoryServer.entryExists(DN.valueOf("ou=Users,o=test")));

			reader.close();
			writer.close();
			socket.close();
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"), 3, ByteString
			.valueOfUtf8("password"));
			return bindRequest;
			}


			@@ -556,43 +532,29 @@
			TestCaseUtils.initializeTestBackend(true);
			assertTrue(DirectoryServer.entryExists(DN.valueOf("o=test")));

			InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket);
			try (InternalLDAPSocket socket = new InternalLDAPSocket();
			LDAPReader reader = new LDAPReader(socket);
			LDAPWriter writer = new LDAPWriter(socket))
			{
			writer.writeMessage(bindRequestMessage());

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(ByteString.valueOfUtf8("cn=Directory Manager"),
			3, ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			writer.writeMessage(message);
			LDAPMessage message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getBindResponseProtocolOp().getResultCode(), 0);
			SearchRequestProtocolOp searchRequest =
			new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"), SearchScope.BASE_OBJECT,
			DereferenceAliasesPolicy.NEVER, 0, 0, false, LDAPFilter.objectClassPresent(), new LinkedHashSet<String>());
			writer.writeMessage(new LDAPMessage(2, searchRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getSearchResultEntryProtocolOp().getDN(), DN.valueOf("o=test"));

			SearchRequestProtocolOp searchRequest =
			new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
			SearchScope.BASE_OBJECT,
			DereferenceAliasesPolicy.NEVER,
			0, 0, false,
			LDAPFilter.objectClassPresent(),
			new LinkedHashSet<String>());
			writer.writeMessage(new LDAPMessage(2, searchRequest));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getSearchResultEntryProtocolOp().getDN(),
			DN.valueOf("o=test"));

			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getSearchResultDoneProtocolOp().getResultCode(),
			LDAPResultCode.SUCCESS);

			reader.close();
			writer.close();
			socket.close();
			message = reader.readMessage();
			assertNotNull(message);
			assertEquals(message.getSearchResultDoneProtocolOp().getResultCode(), LDAPResultCode.SUCCESS);
			}
			}


			@@ -634,4 +596,3 @@
			context.close();
			}
			}

			@@ -28,6 +28,7 @@
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.controls.ProxiedAuthV1Control;
			import org.opends.server.controls.ProxiedAuthV2Control;
			@@ -42,12 +43,22 @@
			import org.opends.server.core.SchemaConfigManager;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.types.*;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.AuthenticationInfo;
			import org.opends.server.types.Control;
			import org.opends.server.types.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.Modification;
			import org.opends.server.types.Operation;
			import org.opends.server.types.Privilege;
			import org.opends.server.types.RDN;
			import org.testng.annotations.AfterClass;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.DataProvider;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.opends.messages.ProtocolMessages.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			@@ -820,8 +831,8 @@

			private void processModify(DN dn, ModificationType modType, String attrName, String attrValue)
			{
			ArrayList<Modification> mods = newModifications(modType, attrName, attrValue);
			ModifyOperation modifyOp = getRootConnection().processModify(dn, mods);
			ModifyOperation modifyOp = getRootConnection().processModify(
			Requests.newModifyRequest(from(dn)).addModification(modType, attrName, attrValue));
			assertEquals(modifyOp.getResultCode(), ResultCode.SUCCESS);
			}

			@@ -17,6 +17,7 @@
			package org.opends.server.protocols.ldap;

			import static org.assertj.core.api.Assertions.*;
			import static org.forgerock.opendj.ldap.SearchScope.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.protocols.internal.Requests.*;
			import static org.testng.Assert.*;
			@@ -24,15 +25,14 @@
			import java.io.BufferedReader;
			import java.io.File;
			import java.io.FileReader;
			import java.net.Socket;
			import java.util.ArrayList;
			import java.util.LinkedHashSet;
			import java.io.IOException;
			import java.util.List;

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.requests.AddRequest;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.api.Backend;
			import org.opends.server.core.DirectoryServer;
			@@ -40,11 +40,12 @@
			import org.opends.server.protocols.internal.SearchRequest;
			import org.opends.server.tools.LDAPModify;
			import org.opends.server.tools.LDAPSearch;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.ExistingFileBehavior;
			import org.opends.server.types.LDAPException;
			import org.opends.server.types.LDIFExportConfig;
			import org.opends.server.types.LDIFImportConfig;
			import org.opends.server.types.RawAttribute;
			import org.opends.server.types.SearchResultEntry;
			import org.opends.server.util.Base64;
			import org.testng.annotations.BeforeClass;
			@@ -232,76 +233,30 @@
			public void binaryOptionUsingV2() throws Exception
			{
			//Construct a V2 connection.
			try (Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			org.opends.server.tools.LDAPWriter w = new org.opends.server.tools.LDAPWriter(s))
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);
			ArrayList<RawAttribute> addAttrs = new ArrayList<>();
			addAttrs.add(RawAttribute.create("objectClass", "inetOrgPerson"));
			addAttrs.add(RawAttribute.create("uid", "user.7"));
			addAttrs.add(RawAttribute.create("cn", "user 7"));
			addAttrs.add(RawAttribute.create("sn", "sn#1"));
			addAttrs.add(RawAttribute.create("sn;x-foo", "sn#2"));
			addAttrs.add(RawAttribute.create("sn;lang-fr", "sn#3"));
			addAttrs.add(RawAttribute.create("userCertificate;binary",
			ByteString.wrap(Base64.decode(CERT))));

			AddRequestProtocolOp addRequest =
			new AddRequestProtocolOp(ByteString.valueOfUtf8("uid=user.7,o=test"),
			addAttrs);
			message = new LDAPMessage(2, addRequest);
			w.writeMessage(message);

			message = r.readMessage();
			AddRequest addRequest = Requests.newAddRequest("uid=user.7,o=test")
			.addAttribute("objectClass", "inetOrgPerson")
			.addAttribute("uid", "user.7")
			.addAttribute("cn", "user 7")
			.addAttribute("sn", "sn#1")
			.addAttribute("sn;x-foo", "sn#2")
			.addAttribute("sn;lang-fr", "sn#3")
			.addAttribute("userCertificate;binary", ByteString.wrap(Base64.decode(CERT)));
			LDAPMessage message = conn.add(addRequest);
			AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
			assertEquals(addResponse.getResultCode(),0);

			//Create a SEARCH request to search for this added entry.
			LinkedHashSet<String> attrs = new LinkedHashSet<>();
			//Request only the interesting attributes.
			attrs.add("sn");
			attrs.add("userCertificate;binary");
			SearchRequestProtocolOp searchRequest =
			new SearchRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
			SearchScope.WHOLE_SUBTREE,
			DereferenceAliasesPolicy.NEVER, 0,
			0, false,
			LDAPFilter.decode("(uid=user.7)"),
			attrs);
			message = new LDAPMessage(2, searchRequest);
			w.writeMessage(message);

			SearchResultEntryProtocolOp searchResultEntry = null;
			SearchResultDoneProtocolOp searchResultDone = null;
			while (searchResultDone == null)
			{
			message = r.readMessage();
			switch (message.getProtocolOpType())
			{
			case LDAPConstants.OP_TYPE_SEARCH_RESULT_ENTRY:
			searchResultEntry = message.getSearchResultEntryProtocolOp();
			break;
			case LDAPConstants.OP_TYPE_SEARCH_RESULT_DONE:
			searchResultDone = message.getSearchResultDoneProtocolOp();
			assertEquals(searchResultDone.getResultCode(),
			LDAPResultCode.SUCCESS);
			break;
			}
			}
			assertNotNull(searchResultEntry);
			conn.search(Requests.newSearchRequest("o=test", WHOLE_SUBTREE, "(uid=user.7)", "sn", "userCertificate;binary"));
			List<SearchResultEntryProtocolOp> entries = conn.readEntries();
			assertThat(entries).hasSize(1);
			boolean certWithNoOption = false;
			boolean snWithMultiVal = false;
			for(LDAPAttribute a:searchResultEntry.getAttributes())
			for (LDAPAttribute a : entries.get(0).getAttributes())
			{
			//Shouldn't be userCertificate;binary.
			if ("userCertificate".equalsIgnoreCase(a.getAttributeType()))
			@@ -321,7 +276,14 @@
			}
			}

			private void bindLdapV2(RemoteConnection conn, String bindDN, String bindPwd) throws IOException, LDAPException
			{
			conn.writeMessage(new BindRequestProtocolOp(ByteString.valueOfUtf8(bindDN), 2, ByteString.valueOfUtf8(bindPwd)));

			LDAPMessage message = conn.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
			}

			/**
			* Test to verify that the DB stores the binary option by

			@@ -12,29 +12,37 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2006-2008 Sun Microsystems, Inc.
			* Portions Copyright 2010-2015 ForgeRock AS.
			* Portions Copyright 2010-2016 ForgeRock AS.
			*/
			package org.opends.server.protocols.ldap ;

			import java.net.Socket;
			import java.util.ArrayList;

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.tools.LDAPWriter;
			import org.opends.server.types.Control;
			import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
			import org.opends.server.types.RawAttribute;
			import org.opends.server.types.RawModification;
			import org.opends.server.util.StaticUtils;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			import static org.forgerock.opendj.ldap.ModificationType.*;
			import static org.forgerock.opendj.ldap.SearchScope.*;
			import static org.forgerock.opendj.ldap.controls.GenericControl.*;
			import static org.forgerock.opendj.ldap.requests.Requests.*;
			import static org.opends.server.util.ServerConstants.*;
			import static org.testng.Assert.*;

			import java.io.IOException;
			import java.util.Arrays;

			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DN;
			import org.forgerock.opendj.ldap.Filter;
			import org.forgerock.opendj.ldap.requests.AddRequest;
			import org.forgerock.opendj.ldap.requests.CompareRequest;
			import org.forgerock.opendj.ldap.requests.DeleteRequest;
			import org.forgerock.opendj.ldap.requests.ModifyDNRequest;
			import org.forgerock.opendj.ldap.requests.ModifyRequest;
			import org.forgerock.opendj.ldap.requests.Requests;
			import org.forgerock.opendj.ldap.requests.SearchRequest;
			import org.opends.server.TestCaseUtils;
			import org.opends.server.tools.RemoteConnection;
			import org.opends.server.types.Control;
			import org.opends.server.types.LDAPException;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;

			/**
			* This class provides a number of tests to ensure that the server interacts
			* with LDAPv2 clients as expected.
			@@ -73,23 +81,9 @@
			"replace: ds-cfg-allow-ldap-v2",
			"ds-cfg-allow-ldap-v2: false");

			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(),
			LDAPResultCode.PROTOCOL_ERROR);
			bindLdapV2(conn, "cn=Directory Manager", "password", LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			@@ -98,9 +92,6 @@
			"changetype: modify",
			"replace: ds-cfg-allow-ldap-v2",
			"ds-cfg-allow-ldap-v2: true");

			StaticUtils.close(r, w);
			StaticUtils.close(s);
			}
			}

			@@ -116,34 +107,11 @@
			public void testRejectExtendedRequest()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			ExtendedRequestProtocolOp extendedRequest =
			new ExtendedRequestProtocolOp(OID_START_TLS_REQUEST);
			message = new LDAPMessage(2, extendedRequest);
			w.writeMessage(message);

			assertNull(r.readMessage());
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			bindLdapV2(conn, "cn=Directory Manager", "password");
			conn.writeMessage(new ExtendedRequestProtocolOp(OID_START_TLS_REQUEST));
			assertNull(conn.readMessage());
			}
			}

			@@ -159,46 +127,36 @@
			public void testRejectAddControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);
			AddRequest addRequest = Requests.newAddRequest("ou=People,o=test")
			.addAttribute("objectClass", "organizationalUnit")
			.addAttribute("ou", "People")
			.addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));

			ArrayList<RawAttribute> addAttrs = new ArrayList<>();
			addAttrs.add(RawAttribute.create("objectClass", "organizationalUnit"));
			addAttrs.add(RawAttribute.create("ou", "People"));

			AddRequestProtocolOp addRequest =
			new AddRequestProtocolOp(ByteString.valueOfUtf8("ou=People,o=test"), addAttrs);
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			message = new LDAPMessage(2, addRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			LDAPMessage message = conn.add(addRequest, false);
			AddResponseProtocolOp addResponse = message.getAddResponseProtocolOp();
			assertEquals(addResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			}
			}

			private void bindLdapV2(RemoteConnection conn, String bindDN, String bindPwd) throws IOException, LDAPException
			{
			bindLdapV2(conn, bindDN, bindPwd, LDAPResultCode.SUCCESS);
			}

			private void bindLdapV2(RemoteConnection conn, String bindDN, String bindPwd, int expectedRC, Control... controls)
			throws IOException, LDAPException
			{
			conn.writeMessage(new BindRequestProtocolOp(ByteString.valueOfUtf8(bindDN), 2, ByteString.valueOfUtf8(bindPwd)),
			Arrays.asList(controls));

			LDAPMessage message = conn.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), expectedRC);
			}

			/**
			* Tests to ensure that the server will reject an LDAPv2 bind request if it
			@@ -210,34 +168,13 @@
			public void testRejectBindControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			LDAPMessage message = new LDAPMessage(1, bindRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			bindLdapV2(conn, "cn=Directory Manager", "password",
			LDAPResultCode.PROTOCOL_ERROR, new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			}
			}



			/**
			* Tests to ensure that the server will reject an LDAPv2 compare request if it
			* contains any controls.
			@@ -248,41 +185,15 @@
			public void testRejectCompareControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			CompareRequestProtocolOp compareRequest =
			new CompareRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
			"o", ByteString.valueOfUtf8("test"));
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			message = new LDAPMessage(2, compareRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			CompareResponseProtocolOp compareResponse =
			message.getCompareResponseProtocolOp();
			assertEquals(compareResponse.getResultCode(),
			LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			CompareRequest compareRequest = newCompareRequest("o=test", "o", "test")
			.addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
			LDAPMessage message = conn.compare(compareRequest, false);
			CompareResponseProtocolOp compareResponse = message.getCompareResponseProtocolOp();
			assertEquals(compareResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			}

			@@ -298,40 +209,15 @@
			public void testRejectDeleteControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			DeleteRequestProtocolOp deleteRequest =
			new DeleteRequestProtocolOp(ByteString.valueOfUtf8("o=test"));
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			message = new LDAPMessage(2, deleteRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			DeleteResponseProtocolOp deleteResponse =
			message.getDeleteResponseProtocolOp();
			assertEquals(deleteResponse.getResultCode(),
			LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			DeleteRequest deleteRequest = newDeleteRequest("o=test")
			.addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
			LDAPMessage message = conn.delete(deleteRequest, false);
			DeleteResponseProtocolOp deleteResponse = message.getDeleteResponseProtocolOp();
			assertEquals(deleteResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			}

			@@ -347,43 +233,16 @@
			public void testRejectModifyControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			ArrayList<RawModification> mods = new ArrayList<>();
			mods.add(RawModification.create(ModificationType.REPLACE, "description", "foo"));

			ModifyRequestProtocolOp modifyRequest =
			new ModifyRequestProtocolOp(ByteString.valueOfUtf8("o=test"), mods);
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			message = new LDAPMessage(2, modifyRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			ModifyResponseProtocolOp modifyResponse =
			message.getModifyResponseProtocolOp();
			assertEquals(modifyResponse.getResultCode(),
			LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			ModifyRequest modifyRequest = newModifyRequest("o=test")
			.addModification(REPLACE, "description", "foo")
			.addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
			LDAPMessage message = conn.modify(modifyRequest, false);
			ModifyResponseProtocolOp modifyResponse = message.getModifyResponseProtocolOp();
			assertEquals(modifyResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			}

			@@ -399,41 +258,15 @@
			public void testRejectModifyDNControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			ModifyDNRequestProtocolOp modifyDNRequest =
			new ModifyDNRequestProtocolOp(ByteString.valueOfUtf8("o=test"),
			ByteString.valueOfUtf8("cn=test"), false);
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			message = new LDAPMessage(2, modifyDNRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			ModifyDNResponseProtocolOp modifyDNResponse =
			message.getModifyDNResponseProtocolOp();
			assertEquals(modifyDNResponse.getResultCode(),
			LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			ModifyDNRequest modifyDNRequest = newModifyDNRequest("o=test", "cn=test")
			.addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
			LDAPMessage message = conn.modifyDN(modifyDNRequest, false);
			ModifyDNResponseProtocolOp modifyDNResponse = message.getModifyDNResponseProtocolOp();
			assertEquals(modifyDNResponse.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			}

			@@ -449,43 +282,16 @@
			public void testRejectSearchControls()
			throws Exception
			{
			Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
			org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
			LDAPWriter w = new LDAPWriter(s);

			try
			try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
			{
			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(
			ByteString.valueOfUtf8("cn=Directory Manager"), 2,
			ByteString.valueOfUtf8("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeMessage(message);
			bindLdapV2(conn, "cn=Directory Manager", "password");

			message = r.readMessage();
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			SearchRequestProtocolOp searchRequest =
			new SearchRequestProtocolOp(ByteString.empty(),
			SearchScope.BASE_OBJECT,
			DereferenceAliasesPolicy.NEVER, 0, 0, false,
			LDAPFilter.objectClassPresent(), null);
			ArrayList<Control> controls = new ArrayList<>(1);
			controls.add(new LDAPControl(OID_MANAGE_DSAIT_CONTROL, true));
			message = new LDAPMessage(2, searchRequest, controls);
			w.writeMessage(message);

			message = r.readMessage();
			SearchResultDoneProtocolOp searchDone =
			message.getSearchResultDoneProtocolOp();
			SearchRequest searchRequest = newSearchRequest(DN.rootDN(), BASE_OBJECT, Filter.objectClassPresent())
			.addControl(newControl(OID_MANAGE_DSAIT_CONTROL, true));
			conn.search(searchRequest);
			LDAPMessage message = conn.readMessage();
			SearchResultDoneProtocolOp searchDone = message.getSearchResultDoneProtocolOp();
			assertEquals(searchDone.getResultCode(), LDAPResultCode.PROTOCOL_ERROR);
			}
			finally
			{
			StaticUtils.close(r, w);
			StaticUtils.close(s);
			}
			}
			}