Re-write of password policy functional tests part 2

Gary Williams

12.12.2012 6edd12a189c0c6036980818d895c8e8cc6fd2e6b

Re-write of password policy functional tests part 2

 opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes.xml

New file
@@ -0,0 +1,149 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_allow_user_password_changes"/>
  <function name="main_pwp_allow_user_password_changes" scope="local">
    <sequence>
      <block name="'main_pwp_allow_user_password_changes'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'allow_user_password_changes'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Allow User Pswd Changes'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy allow_user_password_changes test suite
            #@TestSuitePurpose    Verify password policy allow_user_password_changes operations
            #@TestSuiteID         allow_user_password_changes
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : False ,
                    'startServer'   : True  ,
                    'loadData'      : True  ,
                    'ldifFile'      : '%s/password_policy/pwp_startup.ldif' % remote.data ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('allow_user_password_changes/pwp_allow_user_password_changes_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to allow_user_password_changes password policy tests -->
                <script>
                  basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
                  basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
                  msg1 = 'Password Policy: Allow User Pswd Changes:'
                </script>    

                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_allow_user_pswd_changes_001')
                  testsList.append('pwp_allow_user_pswd_changes_002')
                  testsList.append('pwp_allow_user_pswd_changes_003')
                  testsList.append('pwp_allow_user_pswd_changes_004')
                  testsList.append('pwp_allow_user_pswd_changes_005')
                  testsList.append('pwp_allow_user_pswd_changes_006')
                  testsList.append('pwp_allow_user_pswd_changes_007')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes_tests.xml

New file
@@ -0,0 +1,605 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2006-2008 Sun Microsystems, Inc.
 !      Portions copyright 2012 ForgeRock AS.
 ! -->
<stax>

  <!--- Test Case information
    #@TestMarker         User Password Policy
    #@TestName           Get Allow User Password Changes
    #@TestIssue          None
    #@TestPurpose        Get ds-cfg-allow-user-password-changes
    #@TestPreamble       None
    #@TestStep           Check ds-cfg-allow-user-password-changes
    #@TestStep           Check the output of the command.
    #@TestPostamble      None
    #@TestResult         Success if compareEntry returns 0 and the 
                         output is correct.
  -->
  <function name="pwp_allow_user_pswd_changes_001" scope="local">
    <testcase name="getTestCaseName('PWP Get Allow User Password Changes')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Allow User Password Changes Property.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--property "allow-user-password-changes"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedString'      : 'allow-user-password-changes : true'
               
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Allow User Password Changes Attribute.' % msg1 }
            </call>

            <call function="'compareEntry'">
            { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
              'attrToBeCompared'    : 'ds-cfg-allow-user-password-changes:true',
              'entryToBeCompared'   : basepwp }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>


  <!--- Test Case information
    #@TestMarker          User Password Policy
    #@TestName            Check User Search With Password
    #@TestIssue           None
    #@TestPurpose         Check User Search With Password
    #@TestPreamble        None
    #@TestStep            Check User Search With Password
    #@TestStep            Check the output of the command.
    #@TestPostamble       None
    #@TestResult          Success if SearchObject returns 0
  -->
  <function name="pwp_allow_user_pswd_changes_002" scope="local">
    <testcase name="getTestCaseName('PWP User Search')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          User Password Policy
    #@TestName            Check User Search With Bad Password
    #@TestIssue           None
    #@TestPurpose         Check User Search With Bad Password
    #@TestPreamble        None
    #@TestStep            Check User Search With Bad Password
    #@TestPostamble       None
    #@TestResult          Success if SearchObject returns 49
  -->
  <function name="pwp_allow_user_pswd_changes_003" scope="local">
    <testcase name="getTestCaseName('PWP User Search With Bad Password')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Bad Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'newsprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
  #@TestMarker          User Password Policy
  #@TestName            User With Bad Credentials Change Password
  #@TestIssue           None
  #@TestPurpose         Check User Search With Bad Credentials
  #@TestPreamble        None
  #@TestStep            Check User Search With Bad Credentials
  #@TestPostamble       None
  #@TestResult          Success if ldapPasswordModifyWithScript returns 49
  -->
  <function name="pwp_allow_user_pswd_changes_004" scope="local">
    <testcase name="getTestCaseName('PWP User With Bad Credentials Change Password')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s User with Bad Credentials Changing Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=scarter,%s' % basedn ,
                    'dsInstancePswd'         : 'BadPwd' ,
                    'dsAuthzID'              : 'dn:uid=scarter,%s' % basedn ,
                    'dsNewPassword'          : 'newsprain' ,
                    'expectedRC'             : 49  }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          User Password Policy
    #@TestName            User Change Password
    #@TestIssue           None
    #@TestPurpose         User Change Password
    #@TestPreamble        None
    #@TestStep            Step 1 User Change Password
    #@TestStep            Step 2 User Searching With Old Password
    #@TestStep            Step 3 User Searching With New Password
    #@TestPostamble       None
    #@TestResult          Success if SearchObject returns 0
  -->
  <function name="pwp_allow_user_pswd_changes_005" scope="local">
    <testcase name="getTestCaseName('PWP User Changing Own Password')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Changing Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'         : 'sprain' ,
                'dsAuthzID'              : 'dn:uid=scarter,%s' % basedn ,
                'dsNewPassword'          : 'newsprain' ,
               }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Old Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*' ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With New Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'newsprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*' ,
                'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
  #@TestMarker          User Password Policy
  #@TestName            Admin Change Password Policy
  #@TestIssue           None
  #@TestPurpose         Admin Change Password Policy
  #@TestPreamble        None
  #@TestStep            Step 1 Modify the Password Policy by setting
                        allow-user-password-changes to false
  #@TestStep            Step 2 User resetting password should fail (49)
  #@TestStep            Step 3 Check manage-account get-password-is-reset
  #@TestPostamble       None
  #@TestResult          Success if ldapPasswordModifyWithScript returns 49
  -->
  <function name="pwp_allow_user_pswd_changes_006" scope="local">
    <testcase name="getTestCaseName('PWP Allow User Password Changes False')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Allow User Password Changes to false.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "allow-user-password-changes:false"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Resetting Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=scarter,%s' % basedn ,
                    'dsInstancePswd'         : 'sprain' ,
                    'dsAuthzID'              : 'dn:uid=scarter,%s' % basedn ,
                    'dsNewPassword'          : 'sprain' ,
                    'expectedRC'             : 49 }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Check manage-account get-password-is-reset.' % msg1 }
            </call>

          <call function="'manageAccountWithScript'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'subcommand'       : 'get-password-is-reset' ,
                'targetDn'         : 'uid=scarter,%s' % basedn  }
          </call>
          
          <script> 
             returnString = STAXResult[0][1]
          </script>
            
          <call function="'searchString'">
              { 'returnString'       : returnString ,
                'expectedString'     : 'Password Is Reset:  false' }
          </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          User Password Policy
    #@TestName            Allow User Password Changes
    #@TestIssue           None
    #@TestPurpose         Allow User Password Changes
    #@TestPreamble        None
    #@TestStep            Step 1 - Admin Resetting Password Policy
                          set allow-user-password-changes to true
    #@TestStep            Step 2 - User Resetting Password
    #@TestStep            Step 3 - Check manage-account 
                          get-password-is-reset
    #@TestStep            Step 4 - check manage-account
                          get-password-changed-time
    #@TestStep            Step 5 - User Searching With Old Password
    #@TestStep            Step 6 - User Searching With New Password
    #@TestPostamble       None
    #@TestResult          Success if SearchObject returns 0.
  -->
  <function name="pwp_allow_user_pswd_changes_007" scope="local">
    <testcase name="getTestCaseName('PWP Reset Allow User Password Changes')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Allow User Password Changes.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset allow-user-password-changes')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
 
            <call function="'testStep'">
              { 'stepMessage' : '%s User Resetting Password.' % msg1 }
            </call>           

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=scarter,%s' % basedn ,
                    'dsInstancePswd'         : 'newsprain' ,
                    'dsAuthzID'              : 'dn:uid=scarter,%s' % basedn ,
                    'dsNewPassword'          : 'sprain' ,
                  }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Check manage-account get-password-is-reset.' % msg1 }
            </call>            

            <call function="'manageAccountWithScript'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'subcommand'       : 'get-password-is-reset' ,
                    'targetDn'         : 'uid=scarter,%s' % basedn  }
            </call>
          
            <script> 
               returnString = STAXResult[0][1]
            </script>
            
            <call function="'searchString'">
               { 'returnString'       : returnString ,
                 'expectedString'     : 'Password Is Reset:  false' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Check manage-account get-password-changed-time.' % msg1 }
            </call>

            <call function="'manageAccountWithScript'">
               { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                 'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                 'subcommand'       : 'get-password-changed-time' ,
                 'targetDn'         : 'uid=scarter,%s' % basedn  }
            </call>
          
            <script> 
               returnString = STAXResult[0][1]
            </script>
              
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'Password Changed Time:  2' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Old Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'newsprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*' ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With New Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*' ,
                'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/force_pwd_change/pwp_force_pwd_change_all_users_tests.xml

@@ -285,7 +285,7 @@
             returnString = STAXResult[0][1]
            </script> 
      
            <call function="'checktestString'">
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'will expire' }
            </call>
@@ -410,7 +410,7 @@
               returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
               { 'returnString'       : returnString ,
                 'expectedString'     : 'Password Changed by Required Time:' }
            </call>
@@ -431,7 +431,7 @@
               returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
               { 'returnString'       : returnString ,
                 'expectedString'     : 'Seconds Until Required Change Time:' }
            </call>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml

@@ -407,7 +407,7 @@
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'Grace Login Use Times:' }
            </call>
@@ -451,7 +451,7 @@
                 returnString = STAXResult[0][1]
                </script>
                
                <call function="'checktestString'">
                <call function="'searchString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'Remaining Grace Login Count:  %s' % remaining_grace_login_count }
                </call>
@@ -473,7 +473,7 @@
                </script>
    
                <!-- TODO: WTF -->            
                <call function="'checktestString'">
                <call function="'searchString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'Grace Login Use Times:  20' }
                </call>
@@ -518,7 +518,7 @@
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'Remaining Grace Login Count:  0' }
            </call>
@@ -539,7 +539,7 @@
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : msg1 ,
                  'expectedString'     : msg2 ,

 opends/tests/staf-tests/functional-tests/testcases/password_policy/last_login/pwp_last_login_tests.xml

@@ -345,7 +345,7 @@
    #@TestStep          Check manage-account get-last-login-time
    #@TestStep          Checking for Absence of Last Login Time
    #@TestStep          SearchObject ds-pwp-last-login-time returns 0
    #@TestStep          checktestString ds-pwp-last-login-time
    #@TestStep          searchString ds-pwp-last-login-time
    #@TestPostamble     none
    #@TestResult        Success if the 3 steps are PASS
  -->
@@ -435,7 +435,7 @@
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'Last Login Time:  2' }
            </call>
@@ -458,7 +458,7 @@
             returnString = STAXResult[0][1]
            </script> 

            <call function="'checktestString'">
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'ds-pwp-last-login-time' }
            </call>
@@ -794,7 +794,7 @@
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
            <call function="'searchString'">
              { 'returnString'       : returnString ,
                'expectedString'     : 'Seconds Until Idle Account Lockout: ' }
            </call>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout.xml

New file
@@ -0,0 +1,157 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_lockout"/>
  <function name="main_pwp_lockout" scope="local">
    <sequence>
      <block name="'main_pwp_lockout'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'lockout'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Account Lockout'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy lockout test suite
            #@TestSuitePurpose    Verify password policy lockout operations
            #@TestSuiteID         lockout
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : False ,
                    'startServer'   : True  ,
                    'loadData'      : True  ,
                    'ldifFile'      : '%s/password_policy/pwp_startup.ldif' % remote.data ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('lockout/pwp_lockout_duration_tests')
                  importList.append('lockout/pwp_lockout_failure_count_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to lockout password policy tests -->
                  <script>
                    # Common
                    basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
                    basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'

                    # Lockout Duration
                    msg1 = 'Security: Lockout Duration:'

                    # Lockout Failure
                    msg2 = 'Security: Lockout Failure Count:'
                  </script>

                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_lockout_duration_001')
                  testsList.append('pwp_lockout_duration_002')
                  testsList.append('pwp_lockout_duration_003')
                  testsList.append('pwp_lockout_duration_004')
                  testsList.append('pwp_lockout_failure_count_001')
                  testsList.append('pwp_lockout_failure_count_002')
                  testsList.append('pwp_lockout_failure_count_003')
                  testsList.append('pwp_lockout_failure_count_004')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_duration_tests.xml

New file
@@ -0,0 +1,602 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2006-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2012 ForgeRock AS
 ! -->
<stax>

  <!--- Test Case information
     #@TestMarker         Lockout Duration
     #@TestName           Default Lockout Duration
     #@TestIssue          None
     #@TestPurpose        Verify that the default lockout duration is working
     #@TestPreamble       None
     #@TestStep           Step 1. Get Lockout Duration
     #@TestStep           Step 2. Set Lockout Failure Count to 3
     #@TestStep           Step 3. User Lockout With Bad Password 3x
     #@TestStep           Step 4. Admin Resets User Password
     #@TestStep           Step 5. User Bind With New Password
     #@TestPostamble      None
     #@TestResult         Success if the 5 steps are PASS
  -->       
  <function name="pwp_lockout_duration_001" scope="local">
    <testcase name="getTestCaseName('PWP Default Lockout Duration')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Lockout Duration.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--property "lockout-duration"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedString'      : 'lockout-duration : 0 s'
               
              }
            </call>        

            <call function="'testStep'">
              { 'stepMessage' : '%s Compare Lockout Duration Attribute.' % msg1 }
            </call>

            <call function="'compareEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'ds-cfg-lockout-duration:0 seconds',
                'entryToBeCompared'   : basepwp }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Lockout Failure Count.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "lockout-failure-count:3"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad', 'normal']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin Resetting User Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'dsAuthzID'              : 'dn:uid=mward,%s' % basedn ,
                    'dsNewPassword'          : 'adminnormal' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : 'adminnormal' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>


  <!--- Test Case information
     #@TestMarker         Lockout Duration
     #@TestName           Lockout Duration Short
     #@TestIssue          None
     #@TestPurpose        Lockout Duration Short
     #@TestPreamble       None
     #@TestStep           Step 1. User Lockout with Bad Password 3x 
                          SearchObject returns 49 (3x with bad, 
                          1x with correct one)
                          Sleeping sleepForMilliSeconds 8000
     #@TestStep           Step 2. User Changing Password returns 0
     #@TestStep           Step 3. Admin Resetting User Password
     #@TestStep           Step 4. User Bind With New Password
                          SearchObject returns 0
     #@TestPostamble      None
     #@TestResult         Success if the 4 steps are PASS
  -->        
  <function name="pwp_lockout_duration_002" scope="local">
    <testcase name="getTestCaseName('PWP Short Lockout Duration')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Lockout Duration to 10s.' % msg1 }
            </call>        

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "lockout-duration:10s"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad', 'adminnormal']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'testStep'">
              { 'stepMessage' : '%s Sleeping 8s.' % msg1 }
            </call>

            <call function="'Sleep'">
              { 'sleepForMilliSeconds' : '8000' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s  User Changing Password.' % msg1 }
            </call>
                        
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mward,%s' % basedn ,
                    'dsInstancePswd'         : 'adminnormal' ,
                    'dsAuthzID'              : 'dn:uid=mward,%s' % basedn ,
                    'dsNewPassword'          : 'newnormal' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : 'newnormal' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
 
  <!--- Test Case information
     #@TestMarker         Lockout Duration
     #@TestName           Testing Lockout Duration Long
     #@TestIssue          None
     #@TestPurpose        Testing Lockout Duration Long
     #@TestPreamble       None
     #@TestStep           Step 1. User Initial Bind returns 0
     #@TestStep           Step 2. User Lockout with Bad Password 3x 
                          SearchObject returns 49 (3x with bad, 
                          1x with correct one)
                          Sleeping sleepForMilliSeconds 8000
     #@TestStep           Step 3. User Changing Password returns 49
     #@TestStep           Step 4. User Bind With New Password
                          SearchObject returns 49
     #@TestPostamble      None
     #@TestResult         Success if the 4 steps are PASS
  -->
  <function name="pwp_lockout_duration_003" scope="local">
    <testcase name="getTestCaseName('PWP Long Lockout Duration')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Lockout Duration to 5d.' % msg1 }
            </call>        

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "lockout-duration:5d"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get get-seconds-until-password-reset-lockout.' % msg1 }
            </call>

            <call function="'manageAccountWithScript'">
               { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                 'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                 'subcommand'       : 'get-seconds-until-password-reset-lockout' ,
                 'targetDn'         : 'uid=scarter,%s' % basedn  }
            </call>
          
            <script> 
               returnString = STAXResult[0][1]
            </script>
            
          <call function="'searchString'">
              { 'returnString'       : returnString ,
                'expectedString'     : 'Seconds Until Password Reset Lockout:' }
          </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Initial Bind.' % msg1 }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bjablons,%s' % basedn ,
                  'dsInstancePswd'   : 'strawberry' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad', 'strawberry']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bjablons,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'testStep'">
              { 'stepMessage' : '%s Sleeping 8s.' % msg1 }
            </call>

            <call function="'Sleep'">
              { 'sleepForMilliSeconds' : '8000' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Changing Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=bjablons,%s' % basedn ,
                    'dsInstancePswd'         : 'strawberry' ,
                    'dsAuthzID'              : 'dn:uid=bjablons,%s' % basedn ,
                    'dsNewPassword'          : 'newberry' ,
                    'expectedRC'             : 49 }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bjablons,%s' % basedn ,
                  'dsInstancePswd'   : 'newberry' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base',
                  'expectedRC'       : 49 } 
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>


  <!--- Test Case information
     #@TestMarker         Lockout Duration
     #@TestName           Reset Lockout Properties
     #@TestIssue          None
     #@TestPurpose        Verify that lockout properties can be reset
     #@TestPreamble       None
     #@TestStep           Step 1. Reset Lockout Duration to 0
     #@TestStep           Step 2. User Lockout with Bad Password 3x 
     #@TestStep           Stpe 4. Sleeping sleepForMilliSeconds 8000
     #@TestStep           Step 5. User Changing Password returns 0
     #@TestStep           Step 6. User Bind With New Password
                          SearchObject returns 0
     #@TestPostamble      None
     #@TestResult         Success if the 4 steps are PASS
  -->
  <function name="pwp_lockout_duration_004" scope="local">
    <testcase name="getTestCaseName('PWP Reset Lockout Duration Properties ')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Lockout Duration.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset "lockout-duration"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad', 'newnormal']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin Resetting User Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'dsAuthzID'              : 'dn:uid=mward,%s' % basedn ,
                    'dsNewPassword'          : 'normal' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : 'normal' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>

            <message>
               '%s Postamble Step 5. Admin Resetting Lockout Count' % msg1
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Lockout Failure Count.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset "lockout-failure-count"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_failure_count_tests.xml

New file
@@ -0,0 +1,438 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2006-2008 Sun Microsystems, Inc.
 !      Portions Copyright 2012 ForgeRock AS
 ! -->
<stax>

  <!--- Test Case information
    #@TestMarker          Lockout Failure Count
    #@TestName            Default Lockout Failure Count
    #@TestIssue           None
    #@TestPurpose         Verify that by default the lockout failure count is not active
    #@TestPreamble        None
    #@TestStep            Step 1. Get lockout-failure-count and value is 0
    #@TestStep            Step 2. Default Bind With Bad Pwd 3x RC 49
    #@TestStep            Step 3  User search with good password returns 0
    #@TestStep            Step 4. Get manage-account get-remaining-authentication-failure-count
    #@TestPostamble       None
    #@TestResult          Success if the 3 steps are PASS
  -->
  <function name="pwp_lockout_failure_count_001" scope="local">
    <testcase name="getTestCaseName('PWP Default Lockout Failure Count')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Lockout Failure Count.' % msg2 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--property "lockout-failure-count"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedString'      : 'lockout-failure-count : 0'
               
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Compare Lockout Failure Count Attribute.' % msg2 }
            </call>

            <call function="'compareEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'ds-cfg-lockout-failure-count:0',
                'entryToBeCompared'   : basepwp }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Default Bind With Bad Pwd 3x.' % msg2 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                  'dsInstancePswd'   : 'oranges',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get manage-account get-remaining-authentication-failure-count.' % msg2 }
            </call>            

            <call function="'manageAccountWithScript'">
               { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                 'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                 'subcommand'       : 'get-remaining-authentication-failure-count' ,
                 'targetDn'         : 'uid=bhall,%s' % basedn  }
            </call>
          
            <script> 
               returnString = STAXResult[0][1]
            </script>
            
            <call function="'searchString'">
               { 'returnString'       : returnString ,
                 'expectedString'     : 'Remaining Authentication Failure Count' }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Lockout Failure Count
    #@TestName            Set Lockout Failure Count
    #@TestIssue           None
    #@TestPurpose         Verify that lockout failure count can be activated
    #@TestPreamble        None
    #@TestStep            Setlockout-failure-count to 3
    #@TestStep            get-remaining-authentication-failure-count
    #@TestPostamble       None
    #@TestResult          Success if all tests are PASS
  -->
  <function name="pwp_lockout_failure_count_002" scope="local">
    <testcase name="getTestCaseName('PWP Set Lockout Failure Count')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Lockout Failure Count.' % msg2 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "lockout-failure-count:3"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get manage-account get-remaining-authentication-failure-count.' % msg2 }
            </call>            

            <call function="'manageAccountWithScript'">
               { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                 'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                 'subcommand'       : 'get-remaining-authentication-failure-count' ,
                 'targetDn'         : 'uid=bhall,%s' % basedn  }
            </call>
          
            <script> 
               returnString = STAXResult[0][1]
            </script>
            
            <call function="'searchString'">
               { 'returnString'       : returnString ,
                 'expectedString'     : 'Remaining Authentication Failure Count:  3' }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Lockout Failure Count
    #@TestName            Lockout With Bad Pwd 3x
    #@TestIssue           None
    #@TestPurpose         Lockout With Bad Pwd 3x
    #@TestPreamble        None
    #@TestStep            Lockout With Bad Pwd 3x SearchObject RC 49 3x
    #@TestStep            get-remaining-authentication-failure-count
    #@TestPostamble       None
    #@TestResult          Success if all tests are PASS
  -->
  <function name="pwp_lockout_failure_count_003" scope="local">
    <testcase name="getTestCaseName('PWP Lockout With Bad Pwd 3x')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Lockout With Bad Pwd 3x.' % msg2 }
            </call>        

            <script>
                search_pwds = ['bad', 'bad', 'bad', 'oranges']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get manage-account get-remaining-authentication-failure-count.' % msg2 }
            </call>

            <call function="'manageAccountWithScript'">
               { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                 'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                 'subcommand'       : 'get-remaining-authentication-failure-count' ,
                 'targetDn'         : 'uid=bhall,%s' % basedn  }
            </call>
          
            <script> 
               returnString = STAXResult[0][1]
            </script>
            
            <call function="'searchString'">
               { 'returnString'       : returnString ,
                 'expectedString'     : 'Remaining Authentication Failure Count:  0' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker        Lockout Failure Count
    #@TestName          Reset Lockout Failure Count Properties
    #@TestIssue         None
    #@TestPurpose       Reseting the Password policy and verify it
    #@TestPreamble      None
    #@TestStep          Step 1. Set lockout-failure-count to 0
    #@TestStep          Step 2. Check Bind With Previous User Lockout RC 0
    #@TestStep          Step 3. Check Bind With Bad Pwd 3x RC 49 3x
    #@TestStep          Step 4: User search with good password returns 0
    #@TestPostamble     None
    #@TestResult        Success if the 3 steps are PASS
  -->
  <function name="pwp_lockout_failure_count_004" scope="local">
    <testcase name="getTestCaseName('PWP Reset Lockout Failure Count Properties')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Lockout Failure Count.' % msg2 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset "lockout-failure-count"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Check Bind With Previous User Lockout.' % msg2 }
            </call>

            <!--- Check Locked Out User -->
           <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                'dsInstancePswd'   : 'oranges' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Check Bind With Bad Pwd 3x.' % msg2 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=gfarmer,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base', 
                  'expectedRC'       : 49 } 
              </call>
            </iterate>

            <call function="'testStep'">
              { 'stepMessage' : '%s Check Bind With Valid Password.' % msg2 }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=gfarmer,%s' % basedn ,
                  'dsInstancePswd'   : 'ruling',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base'}
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age.xml

New file
@@ -0,0 +1,144 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_min_pwd_age"/>
  <function name="main_pwp_min_pwd_age" scope="local">
    <sequence>
      <block name="'main_pwp_min_pwd_age'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'min_pwd_age'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Min Password Age'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy min_pwd_age test suite
            #@TestSuitePurpose    Verify password policy min_pwd_age operations
            #@TestSuiteID         min_pwd_age
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : False ,
                    'startServer'   : True  ,
                    'loadData'      : True  ,
                    'ldifFile'      : '%s/password_policy/pwp_startup.ldif' % remote.data ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('min_pwd_age/pwp_min_pwd_age_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to min_pwd_age password policy tests -->
                <script>
                  basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
                  msg1 = 'Password Policy: Min Age:'
                </script>

                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_min_pwd_age_001')
                  testsList.append('pwp_min_pwd_age_002')
                  testsList.append('pwp_min_pwd_age_003')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age_tests.xml

New file
@@ -0,0 +1,323 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2006-2008 Sun Microsystems, Inc.
 !      Portions Copyright 2012 ForgeRock AS
 ! -->
<stax>

  <!--- Test Case information
    #@TestMarker          Minimum Password Age
    #@TestName            Default Minimum Password Age
    #@TestIssue           none
    #@TestPurpose         Checking Minimum Password Age
    #@TestPreamble        none
    #@TestStep            Checking existence of ds-cfg-min-password-age
    #@TestPostamble       none
    #@TestResult          Success if compareEntry returns 0.
  -->
  <function name="pwp_min_pwd_age_001" scope="local">
    <testcase name="getTestCaseName('PWP Default Minimum Password Age')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Min Password Age.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--property "min-password-age"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedString'      : 'min-password-age : 0 s'
               
              }
            </call>        

            <call function="'testStep'">
              { 'stepMessage' : '%s Compare Min Password Age Attribute.' % msg1 }
            </call>

            <call function="'compareEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'ds-cfg-min-password-age:0 seconds',
                'entryToBeCompared'   : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Minimum Password Age
    #@TestName            Minimum Password Age
    #@TestIssue           none
    #@TestPurpose         Test Minimum Password Age
    #@TestPreamble        none
    #@TestStep            Step 1. Admin Enabling Minimum Pwd Age
                          set min-password-age to 24 h
    #@TestStep            Step 2. User Changing Password
                          ldapPasswordModifyWithScript returns 53
    #@TestStep            Step 3. User Searching With Password
                          SearchObject returns 49
    #@TestPostamble       none
    #@TestResult          Success if the 3 steps are PASS
  -->
  <function name="pwp_min_pwd_age_002" scope="local">
    <testcase name="getTestCaseName('PWP Minimum Password Age')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>         

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Lockout Duration to 24h.' % msg1 }
            </call>        

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "min-password-age:24h"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s User Changing Password.' % msg1 }
            </call> 

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=dmiller,%s' % basedn ,
                    'dsInstancePswd'         : 'gosling' ,
                    'dsAuthzID'              : 'dn:uid=dmiller,%s' % basedn ,
                    'dsNewPassword'          : 'newgosling' ,
                    'expectedRC'             : 53  }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=dmiller,%s' % basedn ,
                'dsInstancePswd'   : 'newgosling' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
            </call>
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

        
  <!--- Test Case information
    #@TestMarker          Minimum Password Age
    #@TestName            Reset Minimum Password Age Properties
    #@TestIssue           none
    #@TestPurpose         Reseting the password Policy
    #@TestPreamble        none
    #@TestStep            Step 1. Admin Disabling Minimum Pwd Age
                          set min-password-age to 0 s
    #@TestStep            Step 2. User Changing Password RC 0
    #@TestStep            Step 3. User Searching With Password RC 0
    #@TestStep            Step 4. User Changing Password RC 0
    #@TestStep            Step 5. User Searching With Password RC 0
    #@TestPostamble       none
    #@TestResult          Success if  returns 0.
  -->
  <function name="pwp_min_pwd_age_003" scope="local">
    <testcase name="getTestCaseName('PWP Reset Minimum Password Age Properties')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin Disabling Minimum Pwd Age.' % msg1 }
            </call>          

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Lockout Duration.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset "min-password-age"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Changing Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=dmiller,%s' % basedn ,
                    'dsInstancePswd'         : 'gosling' ,
                    'dsAuthzID'              : 'dn:uid=dmiller,%s' % basedn ,
                    'dsNewPassword'          : 'newgosling' }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=dmiller,%s' % basedn ,
                'dsInstancePswd'   : 'newgosling' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s User Changing Password.' % msg1 }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=dmiller,%s' % basedn ,
                    'dsInstancePswd'         : 'newgosling' ,
                    'dsAuthzID'              : 'dn:uid=dmiller,%s' % basedn ,
                    'dsNewPassword'          : 'gosling' }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s User Searching With Password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=dmiller,%s' % basedn ,
                'dsInstancePswd'   : 'gosling' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default.xml

New file
@@ -0,0 +1,148 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_non_default"/>
  <function name="main_pwp_non_default" scope="local">
    <sequence>
      <block name="'main_pwp_non_default'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'non_default'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Non Default Polices'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy non_default test suite
            #@TestSuitePurpose    Verify password policy non_default operations
            #@TestSuiteID         non_default
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : False ,
                    'startServer'   : True  ,
                    'loadData'      : True  ,
                    'ldifFile'      : '%s/password_policy/pwp_startup.ldif' % remote.data ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('non_default/pwp_non_default_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to non_default password policy tests -->
                <script>
                  basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
                  msg1 = 'Password Policy: Non Default:'
                </script>

                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_non_default_001')
                  testsList.append('pwp_non_default_002')
                  testsList.append('pwp_non_default_003')
                  testsList.append('pwp_non_default_004')
                  testsList.append('pwp_non_default_005')
                  testsList.append('pwp_non_default_006')
                  testsList.append('pwp_non_default_007')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default_tests.xml

New file
@@ -0,0 +1,479 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2006-2008 Sun Microsystems, Inc.
 !      Portions copyright 2012 ForgeRock AS.
 ! -->
<stax>
          
  <!--- Test Case information
      #@TestMarker          Non Default Password Policy
      #@TestName            Create New Password Policy
      #@TestIssue           None
      #@TestPurpose         Create a Non Default Password Policy
      #@TestPreamble        None
      #@TestStep            Create a new Password Policy called Sales
      #@TestStep            Set default-password-storage-schemeSalted SHA-1
      #@TestPostamble       None
      #@TestResult          Success if dsconfig returns 0
  -->
  <function name="pwp_non_default_001" scope="local">
    <testcase name="getTestCaseName('PWP Create New Password Policy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Add Sales Password Policy.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Sales Password Policy"')
              options.append('--type "password-policy"')
              options.append('--set "default-password-storage-scheme:Salted SHA-1"')
              options.append('--set "password-attribute:userPassword"')
               
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'create-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Non Default Password Policy
      #@TestName            Adding New Entry With Sales Password Policy
      #@TestIssue           None
      #@TestPurpose         Adding New Entry With Sales Password Policy
      #@TestPreamble        None
      #@TestStep            addEntry add_sales_person.ldif
                            SearchObject with uid=sguy returns 0
                            SearchObject with uid=sgal eturns 0
      #@TestPostamble       None
      #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_non_default_002" scope="local">
    <testcase name="getTestCaseName('PWP Add New Entry Using Sales Password Policy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Add New Entry Using Sales Password Policy.' % msg1 }
            </call>

            <call function="'addEntry'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'entryToBeAdded'   : '%s/password_policy/add_sales_person.ldif' \
                                  % remote.data }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=sguy,%s' % basedn ,
                'dsInstancePswd'   : 'superguy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=sgal,%s' % basedn ,
                'dsInstancePswd'   : 'supergal' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Non Default Password Policy
      #@TestName            Modify Sales Password Policy
      #@TestIssue           None
      #@TestPurpose         Admin Changing Sales Lockout Count
      #@TestPreamble        None
      #@TestStep            Set lockout-failure-count to 3
      #@TestPostamble       None
      #@TestResult          Success if dsconfig returns 0
  -->
  <function name="pwp_non_default_003" scope="local">
    <testcase name="getTestCaseName('PWP Modify Sales Password Policy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Lockout Failure Count to 3.' % msg1 }
            </call>        

            <script>
              options=[]
              options.append('--policy-name "Sales Password Policy"')
              options.append('--set "lockout-failure-count:3"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

            
 <!--- Test Case information
    #@TestMarker          Non Default Password Policy
    #@TestName            Test Sales Password Policy
    #@TestIssue           None
    #@TestPurpose         Test Sales Password Policy
    #@TestPreamble        None
    #@TestStep            Testing Sales Password Policy with Lockout Count
                          search with bad pwd 3x good pwd 1x
                          SearchObject returns 49 4x
    #@TestPostamble       None
    #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_non_default_004" scope="local">
    <testcase name="getTestCaseName('PWP Test Sales Password Policy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Test New Sales Password Policy Lockout Count.' % msg1 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad', 'superguy']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=sguy,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Non Default Password Policy
      #@TestName            Testing Default Password Policy with Lockout Count
      #@TestIssue           None
      #@TestPurpose         Testing Default Password Policy with Lockout Count
      #@TestPreamble        None
      #@TestStep            Testing Default Password Policy with Lockout Count
                            search with bad pwd 3x good pwd 1x
                            SearchObject returns 49 3x
                            SearchObject returns 0 1x
      #@TestPostamble       None
      #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_non_default_005" scope="local">
    <testcase name="getTestCaseName('PWP Test Default Password Policy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Testing Default Password Policy with Lockout Count.' % msg1 }
            </call>

            <script>
                search_pwds = ['bad', 'bad', 'bad']
            </script>
            
            <iterate var="pwds" in="search_pwds" indexvar="index">
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=tclow,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
              </call>
            </iterate>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=tclow,%s' % basedn ,
                'dsInstancePswd'   : 'cardreader' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'       : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Non Default Password Policy
      #@TestName            Delete Sales Password Policy
      #@TestIssue           None
      #@TestPurpose         Admin Deleting Sales Lockout Count
      #@TestPreamble        None
      #@TestStep            Admin Deleting Sales Lockout Count
                            dsconfig delete Sales Password Policy
      #@TestPostamble       None
      #@TestResult          Success if dsconfig returns 0
  -->
  <function name="pwp_non_default_006" scope="local">
    <testcase name="getTestCaseName('PWP Delete Sales Password Policy')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin Deleting Sales Lockout Count' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Sales Password Policy"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Non Default Password Policy
      #@TestName            Test Sales Password Policy after Remove
      #@TestIssue           None
      #@TestPurpose         Test Sales Password Policy after Remove
      #@TestPreamble        None
      #@TestStep            Testing Sales Password Policy after removing it
      #@TestPostamble       None
      #@TestResult          Success if SearchObject returns 80 (Other)
  -->
  <function name="pwp_non_default_007" scope="local">
    <testcase name="getTestCaseName('PWP Test Sales Password Policy after Remove')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Test Sales Password Policy after Remove.' % msg1 }
            </call>
        
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=sgal,%s' % basedn ,
                'dsInstancePswd'   : 'supergal' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 80 }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml

@@ -51,9 +51,16 @@

            <script>
              suiteList = []
              suiteList.append('max_pwd_age')
              suiteList.append('force_pwd_change')
              suiteList.append('grace_login')
              #suiteList.append('max_pwd_age')
              #suiteList.append('force_pwd_change')
              #suiteList.append('grace_login')
              #suiteList.append('last_login')
              #suiteList.append('lockout')
              #suiteList.append('min_pwd_age')
              #suiteList.append('non_default')
              #suiteList.append('preencoded_pwds')
              #suiteList.append('allow_user_password_changes')
              suiteList.append('root_policy')
            </script>
    
            <!-- Run the test suites -->

 opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds.xml

New file
@@ -0,0 +1,147 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_preencoded_pwds"/>
  <function name="main_pwp_preencoded_pwds" scope="local">
    <sequence>
      <block name="'main_pwp_preencoded_pwds'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'preencoded_pwds'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Pre-encoded Passwords'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy preencoded_pwds test suite
            #@TestSuitePurpose    Verify password policy preencoded_pwds operations
            #@TestSuiteID         preencoded_pwds
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : False ,
                    'startServer'   : True  ,
                    'loadData'      : True  ,
                    'ldifFile'      : '%s/password_policy/pwp_startup.ldif' % remote.data ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('preencoded_pwds/pwp_preencoded_pwds_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to preencoded_pwds password policy tests -->
                <script>
                  basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
                  basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
                  msg1 = 'Password Policy: Pre-encoded Passwords:'
                </script>

                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_preemcoded_pwds_001')
                  testsList.append('pwp_preemcoded_pwds_002')
                  testsList.append('pwp_preemcoded_pwds_003')
                  testsList.append('pwp_preemcoded_pwds_004')
                  testsList.append('pwp_preemcoded_pwds_005')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds_tests.xml

New file
@@ -0,0 +1,368 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2006-2008 Sun Microsystems, Inc.
 !      Portions copyright 2012 ForgeRock AS.
 ! -->
<stax>
     
  <!--- Test Case information
      #@TestMarker          Preencoded Passwords
      #@TestName            Get Preencoded Password
      #@TestIssue           none
      #@TestPurpose         Get Preencoded Password
      #@TestPreamble        none
      #@TestStep            Check for existence of 
                            ds-cfg-allow-pre-encoded-passwords
                            and value is set to false
      #@TestPostamble       none
      #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_preemcoded_pwds_001" scope="local">
    <testcase name="getTestCaseName('PWP Get Preencoded Password')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Allow Pre-encoded Password Property.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--property "allow-pre-encoded-passwords"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedString'      : 'allow-pre-encoded-passwords : false'
               
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Allow Pre-encoded Password Attribute.' % msg1 }
            </call>

            <call function="'compareEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared' : 'ds-cfg-allow-pre-encoded-passwords:false',
                'entryToBeCompared': basepwp }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Preencoded Passwords
      #@TestName            Add Entry With Pre-encoded Password
      #@TestIssue           none
      #@TestPurpose         Adding New Entry With a Pre-encoded Password
      #@TestPreamble        none
      #@TestStep            addEntry add_entry_preencoded_pwd.ldif RC 19
                            SearchObject returns 49
      #@TestPostamble       none
      #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_preemcoded_pwds_002" scope="local">
    <testcase name="getTestCaseName('PWP Default - Add New Entry')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Adding New Entry With a Pre-encoded Password.' % msg1 }
            </call>
        
            <call function="'addEntry'">
            { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
              'entryToBeAdded'   : '%s/password_policy/add_entry_preencoded_pwd.ldif' \
                                    % remote.data ,
              'expectedRC'       : 19 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=pguy,%s' % basedn ,
                'dsInstancePswd'   : 'superguy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
      #@TestMarker          Preencoded Passwords
      #@TestName            Enable Pre-encoded Passwords in pwd policy
      #@TestIssue           none
      #@TestPurpose         Admin Enabling Preencoded Passwords
      #@TestPreamble        none
      #@TestStep            set allow-pre-encoded-passwords to true
      #@TestPostamble       none
      #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_preemcoded_pwds_003" scope="local">
    <testcase name="getTestCaseName('PWP Enable Preencoded Passwords')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Allow Pre-encoded Password to true.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "allow-pre-encoded-passwords:true"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Preencoded Passwords
    #@TestName            Test Enabled Pre-encoded Passwords
    #@TestIssue           none
    #@TestPurpose         Test Enabled Pre-encoded Passwords
    #@TestPreamble        none
    #@TestStep            addEntry add_entry_preencoded_pwd.ldif RC 0
                          SearchObject returns 0
    #@TestPostamble       none
    #@TestResult          Success if the test is PASS
  -->           
  <function name="pwp_preemcoded_pwds_004" scope="local">
    <testcase name="getTestCaseName('PWP Enabled - Add New Entry')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Add New Entry With Pre-encoded Password.' % msg1 }
            </call>

            <call function="'addEntry'">
             { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
               'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
               'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
               'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
               'entryToBeAdded'   : '%s/password_policy/add_entry_preencoded_pwd.ldif' \
                                    % remote.data }
            </call>

             <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=pguy,%s' % basedn ,
                'dsInstancePswd'   : 'superguy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Preencoded Passwords
    #@TestName            Reset Pre-encoded Passwords
    #@TestIssue           none
    #@TestPurpose         Admin Reset Pre-encoded Passwords
    #@TestPreamble        none
    #@TestStep            Disable Pre-encoded Passwords 0
                          SearchObject returns 49
    #@TestPostamble       none
    #@TestResult          Success if the test is PASS
  -->
  <function name="pwp_preemcoded_pwds_005" scope="local">
    <testcase name="getTestCaseName('PWP Disable Preencoded Passwords')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>    

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Allow Pre-encoded Password.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset "allow-pre-encoded-passwords"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=pgal,%s' % basedn ,
                'dsInstancePswd'   : 'supergal' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_auth_tests.xml

New file
@@ -0,0 +1,674 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2009 Sun Microsystems, Inc.
 !      Portions copyright 2012 ForgeRock AS.
 ! -->
<stax>

  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                Root Authentication Tests
    #@TestName                  Root Auth - Preamble
    #@TestIssue                 None
    #@TestPurpose               Configure for Root Auth tests
    #@TestPreamble              None
    #@TestStep                  Admin change pwd storage to CLEAR
    #@TestStep                  Admin add new root user.
    #@TestStep                  Admin change Exact Match identity mapper match attribute.
    #@TestStep                  Admin change Exact Match identity mapper match base dn.
    #@TestPostamble             None
    #@TestResult                Success if OpenDS returns 0,for all steps.
  -->
  <function name="pwp_root_auth_001" scope="local">
    <testcase name="getTestCaseName('PWP Preamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Default Password Storage Scheme to Clear.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Root Password Policy"')
              options.append('--set "default-password-storage-scheme:Clear"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
            <message>
               'Security: Pwd Policy Root: Root Auth, Preamble Step 2 - Admin adding new root user'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
                'entryToBeAdded'      : '%s/password_policy/add_new_root_user.ldif' % remote.data }
            </call>
        
            <message>
               'Security: Pwd Policy Root: Root Auth, Preamble Step 3 - Admin changing authid attribute to givenName'
            </message>

            <call function="'modifyIdentityMapper'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'mapperName'             : 'Exact Match' ,
                'attributeName'          : 'match-attribute' ,
                'attributeValue'         : 'givenName' }
            </call>
        
            <message>
               'Security: Pwd Policy Root: Root Auth, Preamble Step 4 - Admin changing authid dn to root users'
            </message>

            <call function="'modifyIdentityMapper'">
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'mapperName'             : 'Exact Match' ,
                'attributeName'          : 'match-base-dn' ,
                'attributeValue'         : 'cn=Root DNs,cn=config' }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) DIGEST-MD5 Bind
        #@TestIssue                 None
        #@TestPurpose               DIGEST-MD5 Bind
        #@TestPreamble              None
        #@TestStep                  New root user binds using DIGEST-MD5
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_002" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (dn:) DIGEST-MD5 Bind')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (dn:) DIGEST-MD5 Binding.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
       
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) DIGEST-MD5 Bind, short form
        #@TestIssue                 None
        #@TestPurpose               DIGEST-MD5 Bind, short form
        #@TestPreamble              None
        #@TestStep                  New root user binds using DIGEST-MD5, short form
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_003" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (dn:) DIGEST-MD5 Bind, short form')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (dn:) DIGEST-MD5 Binding, short form.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:cn=Zroot" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
         
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) DIGEST-MD5 Bind, u: form
        #@TestIssue                 None
        #@TestPurpose               DIGEST-MD5 Bind, u: form
        #@TestPreamble              None
        #@TestStep                  New root user binds using DIGEST-MD5, u: form
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_004" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (u:) DIGEST-MD5 Bind')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (u:) DIGEST-MD5 Binding.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=u:Zroot" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
         
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) CRAM-MD5 Bind
        #@TestIssue                 None
        #@TestPurpose               CRAM-MD5 Bind
        #@TestPreamble              None
        #@TestStep                  New root user binds using CRAM-MD5
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_005" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (dn:) CRAM-MD5 Bind')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (dn:) CRAM-MD5 Binding.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=CRAM-MD5 -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
       
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) CRAM-MD5 Bind, short form
        #@TestIssue                 None
        #@TestPurpose               CRAM-MD5 Bind, short form
        #@TestPreamble              None
        #@TestStep                  New root user binds using CRAM-MD5, short form
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_006" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (dn:) CRAM-MD5 Bind, short form')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (dn:) CRAM-MD5 Binding, short form.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=CRAM-MD5 -o "authid=dn:cn=Zroot" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
         
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) CRAM-MD5 Bind, u: form
        #@TestIssue                 None
        #@TestPurpose               CRAM-MD5 Bind, u: form
        #@TestPreamble              None
        #@TestStep                  New root user binds using CRAM-MD5, u: form
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_007" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (u:) CRAM-MD5 Bind')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (u:) CRAM-MD5 Binding.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=CRAM-MD5 -o "authid=u:Zroot" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
         
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) PLAIN Bind
        #@TestIssue                 None
        #@TestPurpose               PLAIN Bind
        #@TestPreamble              None
        #@TestStep                  New root user binds using PLAIN
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_008" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (dn:) PLAIN Bind')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (dn:) PLAIN Binding.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=PLAIN -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
       
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) PLAIN Bind, short form
        #@TestIssue                 None
        #@TestPurpose               PLAIN Bind, short form
        #@TestPreamble              None
        #@TestStep                  New root user binds using PLAIN, short form
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_009" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (dn:) PLAIN Bind, short form')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (dn:) PLAIN Binding, short form.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=PLAIN -o "authid=dn:cn=Zroot" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
         
  <!---
        Place test-specific test information here.
        The tag, TestMarker, must be the same as the tag, TestSuiteName.
        #@TestMarker                Root Authentication Tests
        #@TestName                  Root Auth - New Root User (dn:) PLAIN Bind, u: form
        #@TestIssue                 None
        #@TestPurpose               PLAIN Bind, u: form
        #@TestPreamble              None
        #@TestStep                  New root user binds using PLAIN, u: form
        #@TestPostamble             None
        #@TestResult                Success if OpenDS returns 0.
    -->
  <function name="pwp_root_auth_010" scope="local">
    <testcase name="getTestCaseName('PWP New Root User (u:) PLAIN Bind')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Root User (u:) PLAIN Binding.' % msg1 }
            </call>

            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=PLAIN -o "authid=u:Zroot" -w froglegs' }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
         
  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                Root Authentication Tests
    #@TestName                  Root Auth - Postamble
    #@TestIssue                 None
    #@TestPurpose               Reset configuration.
    #@TestPreamble              None
    #@TestStep                  Admin change password storage scheme to SSHA.
    #@TestPostamble             None
    #@TestResult                Success if OpenDS returns 0 
                                for all ldap operations.
-->
  <function name="pwp_root_auth_011" scope="local">
    <testcase name="getTestCaseName('PWP Postamble')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Set Default Password Storage Scheme to Salted SHA-512.' % msg1 }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Root Password Policy"')
              options.append('--set "default-password-storage-scheme:Salted SHA-512"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
           
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_policy.xml

New file
@@ -0,0 +1,154 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_root_policy"/>
  <function name="main_pwp_root_policy" scope="local">
    <sequence>
      <block name="'main_pwp_root_policy'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'root_policy'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Root Policy'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy root_policy test suite
            #@TestSuitePurpose    Verify password policy root_policy operations
            #@TestSuiteID         root_policy
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : True ,
                    'startServer'   : True  ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('root_policy/pwp_root_auth_tests')
                  importList.append('root_policy/pwp_root_user_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to root_policy password policy tests -->
                <script>
                  basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
                  msg1 = 'Password Policy: Root Policy:'
                </script>

                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_root_auth_001')
                  testsList.append('pwp_root_auth_002')
                  testsList.append('pwp_root_auth_003')
                  testsList.append('pwp_root_auth_004')
                  testsList.append('pwp_root_auth_005')
                  testsList.append('pwp_root_auth_006')
                  testsList.append('pwp_root_auth_007')
                  testsList.append('pwp_root_auth_008')
                  testsList.append('pwp_root_auth_009')
                  testsList.append('pwp_root_auth_010')
                  testsList.append('pwp_root_auth_011')
                  testsList.append('pwp_root_user_001')
                  testsList.append('pwp_root_user_002')
                  testsList.append('pwp_root_user_003')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_user_tests.xml

New file
@@ -0,0 +1,214 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2008-2009 Sun Microsystems, Inc.
 !      Portions copyright 2012 ForgeRock AS.
 ! -->
<stax>

  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                Root User Tests
    #@TestName                  None
    #@TestIssue                 None
    #@TestPurpose               None
    #@TestPreamble              None
    #@TestStep                  None
    #@TestPostamble             None
    #@TestResult                None
  -->
  <function name="pwp_root_user_001" scope="local">
    <testcase name="getTestCaseName('PWP Default Pwd Scheme')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Default Password Storage Scheme Property.' % msg1 }
            </call>
  
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'cn=Root Password Policy,cn=Password Policies,cn=config' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'ds-cfg-default-password-storage-scheme' }
            </call>
  
            <script> 
             returnString = STAXResult[0][1]
            </script> 
  
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'cn=Salted SHA-512' }
            </call>
          
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                Root User Tests
    #@TestName                  None
    #@TestIssue                 None
    #@TestPurpose               None
    #@TestPreamble              None
    #@TestStep                  None
    #@TestPostamble             None
    #@TestResult                None
  -->
  <function name="pwp_root_user_002" scope="local">
    <testcase name="getTestCaseName('PWP No Default Pwd Generator')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Checking for ds-cfg-password-generator.' % msg1 }
            </call>

            <call function="'compareEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'   : 'ds-cfg-password-generator:cn=anything',
                'entryToBeCompared'   : 'cn=Root Password Policy,cn=Password Policies,cn=config',
                'expectedRC'         : 16 }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!---
    Place test-specific test information here.
    The tag, TestMarker, must be the same as the tag, TestSuiteName.
    #@TestMarker                Root User Tests
    #@TestName                  None
    #@TestIssue                 None
    #@TestPurpose               None
    #@TestPreamble              None
    #@TestStep                  None
    #@TestPostamble             None
    #@TestResult                None
  -->
  <function name="pwp_root_user_003" scope="local">
    <testcase name="getTestCaseName('PWP Default Pwd Change Setting')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Checking default value ds-cfg-password-change-requires-current-password.' % msg1 }
            </call>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'cn=Root Password Policy,cn=Password Policies,cn=config' ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'      : 'ds-cfg-password-change-requires-current-password' }
            </call>
  
            <script> 
             returnString = STAXResult[0][1]
            </script> 
  
            <call function="'searchString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'true' }
            </call>
          
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opends/tests/staf-tests/shared/functions/ldap.xml

@@ -24,7 +24,7 @@
 ! CDDL HEADER END
 !
 !      Copyright 2007-2010 Sun Microsystems, Inc.
 !      Portions Copyright 2011 ForgeRock AS.
 !      Portions Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <function name="addEntry">
@@ -1387,7 +1387,7 @@
    </sequence>
  </function>
  
  
<!-- TO BE DEPRECATED -->  
  <function name="AnonSearchObject">
    <function-prolog>
      This function searches the Directory Server anonymously with optional arguments possible
@@ -1449,10 +1449,15 @@
      </function-arg-def>
    </function-map-args>
    <sequence>
      <script>
        if dsPath:
          dsBinPath='%s/%s' % (dsPath,fileFolder) 
          STAFCmd='%s/ldapsearch%s' % (dsBinPath,fileExt)
      </script>
      <call function="'runCommand'" >
        { 'name'      : 'Anonymous Search Base Object',
          'location'  : location,
          'command'   : '%s/ldapsearch%s' % (dsBinPath,fileExt),
          'command'   : STAFCmd,
          'arguments' : '-h %s -p %s %s -b "%s" "%s"' % (dsInstanceHost,dsInstancePort,extraParams,dsBaseDN,dsFilter),
          'expectedRC': expectedRC,
          'knownIssue': knownIssue