external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: c377ffd9 | patch | commit | ignore whitespace

Adding functional test cases for Privileges features.

mkeyes

26.50.2007 7578b090629a75f88ca442249ac7d7abca9ce3af

Adding functional test cases for Privileges features.

17 files added

1 files modified

	opends/tests/functional-tests/shared/data/privileges/add_entry_with_new_objclass.ldif	43 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/shared/data/privileges/add_new_root_user.ldif	41 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/shared/data/privileges/addmozobj.ldif	29 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/shared/data/privileges/privileges_import_task/import_task.ldif	2829 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/shared/data/privileges/privileges_restore_task/del_entry.ldif	27 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/shared/data/privileges/privileges_restore_task/restore_task.ldif	2829 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/shared/data/privileges/privileges_startup.ldif	401 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges.xml	86 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_backup_task.xml	522 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_cleanup.xml	92 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_directory_manager.xml	2206 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_export_task.xml	524 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_import_task.xml	519 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_new_root_user.xml	2244 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_restore_task.xml	718 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_setup.xml	128 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_users.xml	3490 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/runFuncTests.xml	4 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/functional-tests/shared/data/privileges/add_entry_with_new_objclass.ldif

New file
@@ -0,0 +1,43 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: uid=sfish, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Salmon Fish
sn: Fish
givenname: Salmon
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaobject
ou: Accounting
ou: People
l: Cupertino
uid: sfish
mail: sfish@example.com
telephonenumber: +1 408 555 6201
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1269
userpassword: deepsea

 opends/tests/functional-tests/shared/data/privileges/add_new_root_user.ldif

New file
@@ -0,0 +1,41 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: cn=Zroot Manager,cn=Root DNs,cn=config
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ds-cfg-root-dn
objectClass: top
ds-cfg-alternate-bind-dn: cn=Zroot
givenName: Zroot
cn: Zroot Manager
sn: Manager
userpassword: PrivsRule
ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config
ds-rlim-lookthrough-limit: 0
ds-rlim-time-limit: 0
ds-rlim-size-limit: 0


 opends/tests/functional-tests/shared/data/privileges/addmozobj.ldif

New file
@@ -0,0 +1,29 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.2.3.4.5.6.7 NAME 'MozillaObject' SUP top MUST ( objectclass $ cn ) MAY ( givenName $ sn ) X-ORIGIN 'user defined' )

 opends/tests/functional-tests/shared/data/privileges/privileges_import_task/import_task.ldif

New file
@@ -0,0 +1,2829 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2006-2007 Sun Microsystems, Inc.
#
#
dn: dc=com
objectclass: top
objectclass: domain
dc: com

dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example

dn: o=Privileges Tests, dc=example,dc=com
objectclass: top
objectclass: organization
o: Privileges Tests

dn: uid=auser, o=Privileges Tests, dc=example,dc=com
cn: Aci User
sn: User
givenname: Aci
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: auser
mail: auser@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: ACIRules

dn: ou=import task, o=Privileges Tests,dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: import task

dn: ou=Groups, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: Groups

dn: cn=Directory Administrators, ou=Groups, dc=example,dc=com
cn: Directory Administrators
objectclass: top
objectclass: groupofuniquenames
ou: Groups
uniquemember: uid=kvaughan, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=rdaugherty, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=hmiller, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com

dn: ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: People

dn: ou=Special Users,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts

dn: uid=scarter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Sam Carter
sn: Carter
givenname: Sam
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: scarter
mail: scarter@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: sprain

dn: uid=tmorris, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Ted Morris
sn: Morris
givenname: Ted
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tmorris
mail: tmorris@example.com
telephonenumber: +1 408 555 9187
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4117
userpassword: irrefutable

dn: uid=kvaughan, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Kirsten Vaughan
sn: Vaughan
givenname: Kirsten
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: kvaughan
mail: kvaughan@example.com
telephonenumber: +1 408 555 5625
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 2871
userpassword: bribery

dn: uid=abergin, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Andy Bergin
sn: Bergin
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: abergin
mail: abergin@example.com
telephonenumber: +1 408 555 8585
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3472
userpassword: inflict

dn: uid=dmiller, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: David Miller
sn: Miller
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: dmiller
mail: dmiller@example.com
telephonenumber: +1 408 555 9423
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4135
userpassword: gosling

dn: uid=gfarmer, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Gern Farmer
sn: Farmer
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: gfarmer
mail: gfarmer@example.com
telephonenumber: +1 408 555 6201
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1269
userpassword: ruling

dn: uid=kwinters, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Kelly Winters
sn: Winters
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: kwinters
mail: kwinters@example.com
telephonenumber: +1 408 555 9069
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4178
userpassword: forsook

dn: uid=trigden, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Rigden
sn: Rigden
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: trigden
mail: trigden@example.com
telephonenumber: +1 408 555 9280
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3584
userpassword: sensitive

dn: uid=cschmith, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Chris Schmith
sn: Schmith
givenname: Chris
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: cschmith
mail: cschmith@example.com
telephonenumber: +1 408 555 8011
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0416
userpassword: hypotenuse

dn: uid=jwallace, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Judy Wallace
sn: Wallace
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: jwallace
mail: jwallace@example.com
telephonenumber: +1 408 555 0319
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1033
userpassword: linear

dn: uid=jwalker, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: John Walker
sn: Walker
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: jwalker
mail: jwalker@example.com
telephonenumber: +1 408 555 1476
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3915
userpassword: dogleg

dn: uid=tclow, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Clow
sn: Clow
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: tclow
mail: tclow@example.com
telephonenumber: +1 408 555 8825
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4376
userpassword: cardreader

dn: uid=rdaugherty, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Robert Daugherty
sn: Daugherty
givenname: Robert
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: rdaugherty
mail: rdaugherty@example.com
telephonenumber: +1 408 555 1296
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0194
userpassword: apples

dn: uid=jreuter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jayne Reuter
sn: Reuter
givenname: Jayne
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: jreuter
mail: jreuter@example.com
telephonenumber: +1 408 555 1122
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 2942
userpassword: destroy

dn: uid=tmason, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Mason
sn: Mason
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: tmason
mail: tmason@example.com
telephonenumber: +1 408 555 1596
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1124
userpassword: squatted

dn: uid=bhall, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Benjamin Hall
sn: Hall
givenname: Benjamin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: bhall
mail: bhall@example.com
telephonenumber: +1 408 555 6067
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 2511
userpassword: oranges

dn: uid=btalbot, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Brad Talbot
sn: Talbot
givenname: Brad
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: btalbot
mail: btalbot@example.com
telephonenumber: +1 408 555 4992
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3532
userpassword: trident

dn: uid=mward, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Marcus Ward
sn: Ward
givenname: Marcus
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: mward
mail: mward@example.com
telephonenumber: +1 408 555 5688
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 1707
userpassword: normal

dn: uid=bjablons, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Jablonski
sn: Jablonski
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: bjablons
mail: bjablons@example.com
telephonenumber: +1 408 555 8815
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0906
userpassword: strawberry

dn: uid=jmcFarla, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Judy McFarland
sn: McFarland
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: jmcFarla
mail: jmcFarla@example.com
telephonenumber: +1 408 555 2567
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 2359
userpassword: walnut

dn: uid=llabonte, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Lee Labonte
sn: Labonte
givenname: Lee
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: llabonte
mail: llabonte@example.com
telephonenumber: +1 408 555 0957
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2854
userpassword: sourdough

dn: uid=jcampaig, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jody Campaigne
sn: Campaigne
givenname: Jody
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: jcampaig
mail: jcampaig@example.com
telephonenumber: +1 408 555 1660
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4385
userpassword: grapevine

dn: uid=bhal2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Hall
sn: Hall
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: bhal2
mail: bhal2@example.com
telephonenumber: +1 408 555 4491
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2758
userpassword: truths

dn: uid=alutz, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Alexander Lutz
sn: Lutz
givenname: Alexander
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: alutz
mail: alutz@example.com
telephonenumber: +1 408 555 6505
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 1327
userpassword: northward

dn: uid=btalbo2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Talbot
sn: Talbot
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: btalbo2
mail: btalbo2@example.com
telephonenumber: +1 408 555 4234
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 1205
userpassword: corduroy

dn: uid=achassin, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Ashley Chassin
sn: Chassin
givenname: Ashley
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: achassin
mail: achassin@example.com
telephonenumber: +1 408 555 9972
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 0466
userpassword: duopolist

dn: uid=hmiller, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Harry Miller
sn: Miller
givenname: Harry
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: hmiller
mail: hmiller@example.com
telephonenumber: +1 408 555 9804
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4304
userpassword: hillock

dn: uid=jcampai2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jeffrey Campaigne
sn: Campaigne
givenname: Jeffrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jcampai2
mail: jcampai2@example.com
telephonenumber: +1 408 555 7393
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 1377
userpassword: nominee

dn: uid=lulrich, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Lee Ulrich
sn: Ulrich
givenname: Lee
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: lulrich
mail: lulrich@example.com
telephonenumber: +1 408 555 8652
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 0985
userpassword: attribution

dn: uid=mlangdon, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Marcus Langdon
sn: Langdon
givenname: Marcus
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: mlangdon
mail: mlangdon@example.com
telephonenumber: +1 408 555 6249
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4471
userpassword: threat

dn: uid=striplet, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Stephen Triplett
sn: Triplett
givenname: Stephen
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: striplet
mail: striplet@example.com
telephonenumber: +1 408 555 4519
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3083
userpassword: compactify

dn: uid=gtriplet, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Gern Triplett
sn: Triplett
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: gtriplet
mail: gtriplet@example.com
telephonenumber: +1 408 555 2582
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 4023
userpassword: placeable

dn: uid=jfalena, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: John Falena
sn: Falena
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jfalena
mail: jfalena@example.com
telephonenumber: +1 408 555 8133
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1917
userpassword: nightly

dn: uid=speterso, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Sue Peterson
sn: Peterson
givenname: Sue
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: speterso
mail: speterso@example.com
telephonenumber: +1 408 555 3613
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 3073
userpassword: quinine

dn: uid=ejohnson, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Emanuel Johnson
sn: Johnson
givenname: Emanuel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ejohnson
mail: ejohnson@example.com
telephonenumber: +1 408 555 3287
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 3737
userpassword: marketwise

dn: uid=prigden, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Peter Rigden
sn: Rigden
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: prigden
mail: prigden@example.com
telephonenumber: +1 408 555 5099
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1271
userpassword: epiphyseal

dn: uid=bwalker, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Brad Walker
sn: Walker
givenname: Brad
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: bwalker
mail: bwalker@example.com
telephonenumber: +1 408 555 5476
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 3529
userpassword: interruptible

dn: uid=kjensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Kurt Jensen
sn: Jensen
givenname: Kurt
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: kjensen
mail: kjensen@example.com
telephonenumber: +1 408 555 6127
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1944
userpassword: regulatory

dn: uid=mlott, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Mike Lott
sn: Lott
givenname: Mike
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: mlott
mail: mlott@example.com
telephonenumber: +1 408 555 2234
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 0498
userpassword: cognac

dn: uid=cwallace, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Cecil Wallace
sn: Wallace
givenname: Cecil
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: cwallace
mail: cwallace@example.com
telephonenumber: +1 408 555 6438
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 0349
userpassword: quintus

dn: uid=tpierce, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Pierce
sn: Pierce
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: tpierce
mail: tpierce@example.com
telephonenumber: +1 408 555 1531
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 1383
userpassword: rascal

dn: uid=rbannist, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Richard Bannister
sn: Bannister
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: rbannist
mail: rbannist@example.com
telephonenumber: +1 408 555 1833
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 0983
userpassword: demonstrate

dn: uid=bplante, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Brian Plante
sn: Plante
givenname: Brian
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: bplante
mail: bplante@example.com
telephonenumber: +1 408 555 3550
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4654
userpassword: tangerine

dn: uid=rmills, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Randy Mills
sn: Mills
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: rmills
mail: rmills@example.com
telephonenumber: +1 408 555 2072
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 3823
userpassword: condescend

dn: uid=bschneid, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Benjamin Schneider
sn: Schneider
givenname: Benjamin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: bschneid
mail: bschneid@example.com
telephonenumber: +1 408 555 1012
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 4471
userpassword: biblical

dn: uid=skellehe, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Sue Kelleher
sn: Kelleher
givenname: Sue
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: skellehe
mail: skellehe@example.com
telephonenumber: +1 408 555 3480
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1608
userpassword: sweltering

dn: uid=brentz, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Bertram Rentz
sn: Rentz
givenname: Bertram
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: brentz
mail: brentz@example.com
telephonenumber: +1 408 555 5526
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0617
userpassword: diachronic

dn: uid=dsmith, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Daniel Smith
sn: Smith
givenname: Daniel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: dsmith
mail: dsmith@example.com
telephonenumber: +1 408 555 9519
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 0368
userpassword: quantitative

dn: uid=scarte2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Stephen Carter
sn: Carter
givenname: Stephen
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: scarte2
mail: scarte2@example.com
telephonenumber: +1 408 555 6022
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 2013
userpassword: scooter

dn: uid=dthorud, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: David Thorud
sn: Thorud
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: dthorud
mail: dthorud@example.com
telephonenumber: +1 408 555 6185
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1128
userpassword: fulcrum

dn: uid=ekohler, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Elba Kohler
sn: Kohler
givenname: Elba
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: ekohler
mail: ekohler@example.com
telephonenumber: +1 408 555 1926
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 2721
userpassword: guildhall

dn: uid=lcampbel, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Laurel Campbell
sn: Campbell
givenname: Laurel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: lcampbel
mail: lcampbel@example.com
telephonenumber: +1 408 555 2537
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 2073
userpassword: impress

dn: uid=tlabonte, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Tim Labonte
sn: Labonte
givenname: Tim
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: tlabonte
mail: tlabonte@example.com
telephonenumber: +1 408 555 0058
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1426
userpassword: express

dn: uid=slee, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Scott Lee
sn: Lee
givenname: Scott
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: slee
mail: slee@example.com
telephonenumber: +1 408 555 2335
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 1806
userpassword: revertive

dn: uid=bfree, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Free
sn: Free
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: bfree
mail: bfree@example.com
telephonenumber: +1 408 555 8588
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 3307
userpassword: etiquette

dn: uid=tschneid, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Schneider
sn: Schneider
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: tschneid
mail: tschneid@example.com
telephonenumber: +1 408 555 7086
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2292
userpassword: chaperone

dn: uid=prose, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Paula Rose
sn: Rose
givenname: Paula
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: prose
mail: prose@example.com
telephonenumber: +1 408 555 9998
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 0542
userpassword: regatta

dn: uid=jhunter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Janet Hunter
sn: Hunter
givenname: Janet
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: jhunter
mail: jhunter@example.com
telephonenumber: +1 408 555 7665
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4856
userpassword: nanometer

dn: uid=ashelton, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Alexander Shelton
sn: Shelton
givenname: Alexander
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: ashelton
mail: ashelton@example.com
telephonenumber: +1 408 555 1081
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1987
userpassword: appointe

dn: uid=mmcinnis, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Marcus Mcinnis
sn: Mcinnis
givenname: Marcus
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: mmcinnis
mail: mmcinnis@example.com
telephonenumber: +1 408 555 9655
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 4818
userpassword: calcify

dn: uid=falbers, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Frank Albers
sn: Albers
givenname: Frank
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: falbers
mail: falbers@example.com
telephonenumber: +1 408 555 3094
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1439
userpassword: degradation

dn: uid=mschneid, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Martin Schneider
sn: Schneider
givenname: Martin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: mschneid
mail: mschneid@example.com
telephonenumber: +1 408 555 5017
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 3153
userpassword: motorcycle

dn: uid=pcruse, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Patricia Cruse
sn: Cruse
givenname: Patricia
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: pcruse
mail: pcruse@example.com
telephonenumber: +1 408 555 8641
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 3967
userpassword: pauper

dn: uid=tkelly, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Timothy Kelly
sn: Kelly
givenname: Timothy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
l: Santa Clara
uid: tkelly
mail: tkelly@example.com
telephonenumber: +1 408 555 4295
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3107
userpassword: risible

dn: uid=ahel, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Andrew Hel
sn: Hel
givenname: Andrew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ahel
mail: ahel@example.com
telephonenumber: +1 408 555 2666
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 0572
userpassword: sarsaparilla

dn: uid=jburrell, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: James Burrell
sn: Burrell
givenname: James
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: jburrell
mail: jburrell@example.com
telephonenumber: +1 408 555 0751
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4926
userpassword: degrease

dn: uid=smason, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Sue Mason
sn: Mason
givenname: Sue
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: smason
mail: smason@example.com
telephonenumber: +1 408 555 9780
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4971
userpassword: sensible

dn: uid=ptyler, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Pete Tyler
sn: Tyler
givenname: Pete
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ptyler
mail: ptyler@example.com
telephonenumber: +1 408 555 3335
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0327
userpassword: vinegar

dn: uid=calexand, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Chris Alexander
sn: Alexander
givenname: Chris
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: calexand
mail: calexand@example.com
telephonenumber: +1 408 555 9438
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 2884
userpassword: dauphin

dn: uid=jcruse, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jim Cruse
sn: Cruse
givenname: Jim
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: jcruse
mail: jcruse@example.com
telephonenumber: +1 408 555 9482
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 0083
userpassword: bridgework

dn: uid=kcarter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Karen Carter
sn: Carter
givenname: Karen
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: kcarter
mail: kcarter@example.com
telephonenumber: +1 408 555 4675
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 2320
userpassword: radiosonde

dn: uid=rfish, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Randy Fish
sn: Fish
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: rfish
mail: rfish@example.com
telephonenumber: +1 408 555 9865
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2317
userpassword: mailbox

dn: uid=phunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Philip Hunt
sn: Hunt
givenname: Philip
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: phunt
mail: phunt@example.com
telephonenumber: +1 408 555 1242
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 1183
userpassword: wastewater

dn: uid=rschneid, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Rachel Schneider
sn: Schneider
givenname: Rachel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: rschneid
mail: rschneid@example.com
telephonenumber: +1 408 555 9908
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4183
userpassword: decorous

dn: uid=bjensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: bjensen
mail: bjensen@example.com
telephonenumber: +1 408 555 1862
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0209
userpassword: hifalutin

dn: uid=jlange, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jim Lange
sn: Lange
givenname: Jim
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: jlange
mail: jlange@example.com
telephonenumber: +1 408 555 0488
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3798
userpassword: chastity

dn: uid=rulrich, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Randy Ulrich
sn: Ulrich
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: rulrich
mail: rulrich@example.com
telephonenumber: +1 408 555 5311
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1282
userpassword: twinkle

dn: uid=rfrancis, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Richard Francis
sn: Francis
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: rfrancis
mail: rfrancis@example.com
telephonenumber: +1 408 555 8157
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 3482
userpassword: hacienda

dn: uid=mwhite, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Morgan White
sn: White
givenname: Morgan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: mwhite
mail: mwhite@example.com
telephonenumber: +1 408 555 9620
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3088
userpassword: staple

dn: uid=gjensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Gern Jensen
sn: Jensen
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: gjensen
mail: gjensen@example.com
telephonenumber: +1 408 555 3299
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4609
userpassword: primitive

dn: uid=awhite, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Alan White
sn: White
givenname: Alan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: awhite
mail: awhite@example.com
telephonenumber: +1 408 555 3232
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 0142
userpassword: placeholder

dn: uid=bmaddox, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Maddox
sn: Maddox
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: bmaddox
mail: bmaddox@example.com
telephonenumber: +1 408 555 7783
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 2207
userpassword: feedback

dn: uid=mtalbot, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Martin Talbot
sn: Talbot
givenname: Martin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: mtalbot
mail: mtalbot@example.com
telephonenumber: +1 408 555 9228
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1415
userpassword: currant

dn: uid=jbrown, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Judy Brown
sn: Brown
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: jbrown
mail: jbrown@example.com
telephonenumber: +1 408 555 6885
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4224
userpassword: militiamen

dn: uid=jjensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jody Jensen
sn: Jensen
givenname: Jody
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: jjensen
mail: jjensen@example.com
telephonenumber: +1 408 555 7587
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 4882
userpassword: borderland

dn: uid=mcarter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Mike Carter
sn: Carter
givenname: Mike
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: mcarter
mail: mcarter@example.com
telephonenumber: +1 408 555 1846
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3819
userpassword: mainland

dn: uid=dakers, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: David Akers
sn: Akers
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: dakers
mail: dakers@example.com
telephonenumber: +1 408 555 4812
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 4944
userpassword: integument

dn: uid=sfarmer, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Scott Farmer
sn: Farmer
givenname: Scott
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: sfarmer
mail: sfarmer@example.com
telephonenumber: +1 408 555 4228
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 0019
userpassword: triumphal

dn: uid=dward, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Daniel Ward
sn: Ward
givenname: Daniel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: dward
mail: dward@example.com
telephonenumber: +1 408 555 5322
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3927
userpassword: armload

dn: uid=tward, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Ward
sn: Ward
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: tward
mail: tward@example.com
telephonenumber: +1 408 555 7202
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2238
userpassword: cedilla

dn: uid=pshelton, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Patricia Shelton
sn: Shelton
givenname: Patricia
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Cupertino
uid: pshelton
mail: pshelton@example.com
telephonenumber: +1 408 555 6442
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2918
userpassword: nosedive

dn: uid=jrentz, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jody Rentz
sn: Rentz
givenname: Jody
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jrentz
mail: jrentz@example.com
telephonenumber: +1 408 555 5829
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3025
userpassword: meander

dn: uid=plorig, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Peter Lorig
sn: Lorig
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: plorig
mail: plorig@example.com
telephonenumber: +1 408 555 0624
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1276
userpassword: calorimeter

dn: uid=ajensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Allison Jensen
sn: Jensen
givenname: Allison
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: ajensen
mail: ajensen@example.com
telephonenumber: +1 408 555 7892
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 0784
userpassword: coltsfoot

dn: uid=kschmith, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Kelly Schmith
sn: Schmith
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: kschmith
mail: kschmith@example.com
telephonenumber: +1 408 555 9749
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 2221
userpassword: purvey

dn: uid=pworrell, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Pete Worrell
sn: Worrell
givenname: Pete
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: pworrell
mail: pworrell@example.com
telephonenumber: +1 408 555 1637
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 2449
userpassword: solicitous

dn: uid=mreuter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Matthew Reuter
sn: Reuter
givenname: Matthew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: mreuter
mail: mreuter@example.com
telephonenumber: +1 408 555 6879
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 1356
userpassword: oblivious

dn: uid=gtyler, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Gern Tyler
sn: Tyler
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: gtyler
mail: gtyler@example.com
telephonenumber: +1 408 555 1020
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0312
userpassword: typology

dn: uid=tschmith, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Schmith
sn: Schmith
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: tschmith
mail: tschmith@example.com
telephonenumber: +1 408 555 9626
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4607
userpassword: compost

dn: uid=bjense2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Jensen
sn: Jensen
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: bjense2
mail: bjense2@example.com
telephonenumber: +1 408 555 5655
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4294
userpassword: mortgage

dn: uid=dswain, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Dietrich Swain
sn: Swain
givenname: Dietrich
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Sunnyvale
uid: dswain
mail: dswain@example.com
telephonenumber: +1 408 555 9222
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4396
userpassword: freedom

dn: uid=ahall, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Andy Hall
sn: Hall
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ahall
mail: ahall@example.com
telephonenumber: +1 408 555 6169
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 3050
userpassword: slater

dn: uid=jmuffly, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jeff Muffly
sn: Muffly
givenname: Jeff
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: jmuffly
mail: jmuffly@example.com
telephonenumber: +1 408 555 5287
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 0997
userpassword: dictate

dn: uid=tjensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Ted Jensen
sn: Jensen
givenname: Ted
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tjensen
mail: tjensen@example.com
telephonenumber: +1 408 555 8622
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4717
userpassword: ecosystem

dn: uid=ahunter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Allison Hunter
sn: Hunter
givenname: Allison
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Sunnyvale
uid: ahunter
mail: ahunter@example.com
telephonenumber: +1 408 555 7713
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1213
userpassword: egregious

dn: uid=jgoldste, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jon Goldstein
sn: Goldstein
givenname: Jon
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jgoldste
mail: jgoldste@example.com
telephonenumber: +1 408 555 5769
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1454
userpassword: yellow

dn: uid=aworrell, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Alan Worrell
sn: Worrell
givenname: Alan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: aworrell
mail: aworrell@example.com
telephonenumber: +1 408 555 1591
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 3966
userpassword: gargoyle

dn: uid=wlutz, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Wendy Lutz
sn: Lutz
givenname: Wendy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: wlutz
mail: wlutz@example.com
telephonenumber: +1 408 555 3358
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4912
userpassword: bassinet

dn: uid=jlutz, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Janet Lutz
sn: Lutz
givenname: Janet
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: jlutz
mail: jlutz@example.com
telephonenumber: +1 408 555 4902
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 2544
userpassword: autumn

dn: uid=dlangdon, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Dan Langdon
sn: Langdon
givenname: Dan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: dlangdon
mail: dlangdon@example.com
telephonenumber: +1 408 555 7044
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3263
userpassword: botulin

dn: uid=aknutson, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Ashley Knutson
sn: Knutson
givenname: Ashley
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: aknutson
mail: aknutson@example.com
telephonenumber: +1 408 555 2169
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4736
userpassword: maltose

dn: uid=kmcinnis, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Kelly Mcinnis
sn: Mcinnis
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: kmcinnis
mail: kmcinnis@example.com
telephonenumber: +1 408 555 8596
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4312
userpassword: stargaze

dn: uid=tcouzens, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Trent Couzens
sn: Couzens
givenname: Trent
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: tcouzens
mail: tcouzens@example.com
telephonenumber: +1 408 555 8401
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3994
userpassword: tambourine

dn: uid=lstockto, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Lee Stockton
sn: Stockton
givenname: Lee
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: lstockto
mail: lstockto@example.com
telephonenumber: +1 408 555 0518
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0169
userpassword: brooklyn

dn: uid=jbourke, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jon Bourke
sn: Bourke
givenname: Jon
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: jbourke
mail: jbourke@example.com
telephonenumber: +1 408 555 8541
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0034
userpassword: brainwash

dn: uid=dlanoway, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Dan Lanoway
sn: Lanoway
givenname: Dan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: dlanoway
mail: dlanoway@example.com
telephonenumber: +1 408 555 2017
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3540
userpassword: manhattan

dn: uid=kcope, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Karl Cope
sn: Cope
givenname: Karl
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: kcope
mail: kcope@example.com
telephonenumber: +1 408 555 2709
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 3040
userpassword: forfeiture

dn: uid=abarnes, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Anne-Louise Barnes
sn: Barnes
givenname: Anne-Louise
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: abarnes
mail: abarnes@example.com
telephonenumber: +1 408 555 9445
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2290
userpassword: chevron

dn: uid=rjensen, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Richard Jensen
sn: Jensen
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: rjensen
mail: rjensen@example.com
telephonenumber: +1 408 555 5957
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 2631
userpassword: disciplinarian

dn: uid=phun2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Pete Hunt
sn: Hunt
givenname: Pete
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: phun2
mail: phun2@example.com
telephonenumber: +1 408 555 0342
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 0087
userpassword: absorb

dn: uid=mvaughan, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Matthew Vaughan
sn: Vaughan
givenname: Matthew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: mvaughan
mail: mvaughan@example.com
telephonenumber: +1 408 555 4692
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4508
userpassword: submitted

dn: uid=jlut2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: James Lutz
sn: Lutz
givenname: James
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jlut2
mail: jlut2@example.com
telephonenumber: +1 408 555 9689
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 3541
userpassword: shrank

dn: uid=mjablons, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Morgan Jablonski
sn: Jablonski
givenname: Morgan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: mjablons
mail: mjablons@example.com
telephonenumber: +1 408 555 0813
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3160
userpassword: minimal

dn: uid=pchassin, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Peter Chassin
sn: Chassin
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: pchassin
mail: pchassin@example.com
telephonenumber: +1 408 555 2816
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 4524
userpassword: barbital

dn: uid=dcope, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Dan Cope
sn: Cope
givenname: Dan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: dcope
mail: dcope@example.com
telephonenumber: +1 408 555 9813
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1737
userpassword: snifter

dn: uid=jrent2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Judy Rentz
sn: Rentz
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: jrent2
mail: jrent2@example.com
telephonenumber: +1 408 555 2523
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4405
userpassword: tachistoscope

dn: uid=tcruse, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Cruse
sn: Cruse
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: tcruse
mail: tcruse@example.com
telephonenumber: +1 408 555 5980
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4191
userpassword: flinty

dn: uid=eward, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Eric Ward
sn: Ward
givenname: Eric
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: eward
mail: eward@example.com
telephonenumber: +1 408 555 2320
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 4874
userpassword: episcopal

dn: uid=ttully, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Tully
sn: Tully
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: ttully
mail: ttully@example.com
telephonenumber: +1 408 555 2274
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 3924
userpassword: schooner

dn: uid=charvey, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Cecil Harvey
sn: Harvey
givenname: Cecil
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: charvey
mail: charvey@example.com
telephonenumber: +1 408 555 1815
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4583
userpassword: journalese

dn: uid=rfisher, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Randy Fisher
sn: Fisher
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: rfisher
mail: rfisher@example.com
telephonenumber: +1 408 555 1506
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1579
userpassword: pomegranate

dn: uid=alangdon, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Andrew Langdon
sn: Langdon
givenname: Andrew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: alangdon
mail: alangdon@example.com
telephonenumber: +1 408 555 8289
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 2254
userpassword: muzzle

dn: uid=drose, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: David Rose
sn: Rose
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: drose
mail: drose@example.com
telephonenumber: +1 408 555 3963
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4012
userpassword: gubernatorial

dn: uid=polfield, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Peter Olfield
sn: Olfield
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: polfield
mail: polfield@example.com
telephonenumber: +1 408 555 8231
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1376
userpassword: monologue

dn: uid=awalker, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Andy Walker
sn: Walker
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: awalker
mail: awalker@example.com
telephonenumber: +1 408 555 9199
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 0061
userpassword: detonable

dn: uid=lrentz, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Lex Rentz
sn: Rentz
givenname: Lex
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: lrentz
mail: lrentz@example.com
telephonenumber: +1 408 555 2019
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2203
userpassword: calcium

dn: uid=jvaughan, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jeff Vaughan
sn: Vaughan
givenname: Jeff
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: jvaughan
mail: jvaughan@example.com
telephonenumber: +1 408 555 4543
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1734
userpassword: appoint

dn: uid=bfrancis, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Francis
sn: Francis
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: bfrancis
mail: bfrancis@example.com
telephonenumber: +1 408 555 9111
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 3743
userpassword: holystone

dn: uid=ewalker, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Eric Walker
sn: Walker
givenname: Eric
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Cupertino
uid: ewalker
mail: ewalker@example.com
telephonenumber: +1 408 555 6387
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 2295
userpassword: beguile

dn: uid=tjames, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Tobias James
sn: James
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tjames
mail: tjames@example.com
telephonenumber: +1 408 555 2458
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 0730
userpassword: turtle

dn: uid=brigden, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Rigden
sn: Rigden
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: brigden
mail: brigden@example.com
telephonenumber: +1 408 555 5263
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1643
userpassword: purple

dn: uid=ecruse, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Eric Cruse
sn: Cruse
givenname: Eric
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: ecruse
mail: ecruse@example.com
telephonenumber: +1 408 555 0648
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4233
userpassword: platelet

dn: uid=rjense2, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Randy Jensen
sn: Jensen
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: rjense2
mail: rjense2@example.com
telephonenumber: +1 408 555 9045
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1984
userpassword: transpose

dn: uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Richard Hunt
sn: Hunt
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: rhunt
mail: rhunt@example.com
telephonenumber: +1 408 555 0139
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 0718
userpassword: becloud

dn: uid=bparker, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Barry Parker
sn: Parker
givenname: Barry
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: bparker
mail: bparker@example.com
telephonenumber: +1 408 555 4647
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 1148
userpassword: lenticular

dn: uid=ealexand, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Erin Alexander
sn: Alexander
givenname: Erin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: ealexand
mail: ealexand@example.com
telephonenumber: +1 408 555 5563
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 2434
userpassword: galactose

dn: uid=mtyler, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Matthew Tyler
sn: Tyler
givenname: Matthew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: mtyler
mail: mtyler@example.com
telephonenumber: +1 408 555 7907
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2701
userpassword: instantiate

dn: uid=elott, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Emanuel Lott
sn: Lott
givenname: Emanuel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: elott
mail: elott@example.com
telephonenumber: +1 408 555 0932
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 3906
userpassword: holdout

dn: uid=cnewport, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Christoph Newport
sn: Newport
givenname: Christoph
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: cnewport
mail: cnewport@example.com
telephonenumber: +1 408 555 0066
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 0056
userpassword: expertise

dn: uid=jvedder, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
cn: Jeff Vedder
sn: Vedder
givenname: Jeff
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: jvedder
mail: jvedder@example.com
telephonenumber: +1 408 555 4668
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 3445
userpassword: befitting

dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
uniquemember: uid=scarter, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=tmorris, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
description: People who can manage accounting entries

dn: cn=HR Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: HR Managers
ou: groups
uniquemember: uid=kvaughan, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=cschmith, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
description: People who can manage HR entries

dn: cn=QA Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: QA Managers
ou: groups
uniquemember: uid=abergin, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=jwalker, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
description: People who can manage QA entries

dn: cn=PD Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: PD Managers
ou: groups
uniquemember: uid=kwinters, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=trigden, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com
description: People who can manage engineer entries

dn: ou=Company Servers,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Company Servers
description: Standard branch for Company Server registration

 opends/tests/functional-tests/shared/data/privileges/privileges_restore_task/del_entry.ldif

New file
@@ -0,0 +1,27 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com
changetype: delete

 opends/tests/functional-tests/shared/data/privileges/privileges_restore_task/restore_task.ldif

New file
@@ -0,0 +1,2829 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2006-2007 Sun Microsystems, Inc.
#
#
dn: dc=com
objectclass: top
objectclass: domain
dc: com

dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example

dn: o=Privileges Tests, dc=example,dc=com
objectclass: top
objectclass: organization
o: Privileges Tests

dn: uid=auser, o=Privileges Tests, dc=example,dc=com
cn: Aci User
sn: User
givenname: Aci
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: auser
mail: auser@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: ACIRules

dn: ou=restore task, o=Privileges Tests,dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: restore task

dn: ou=Groups, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: Groups

dn: cn=Directory Administrators, ou=Groups, dc=example,dc=com
cn: Directory Administrators
objectclass: top
objectclass: groupofuniquenames
ou: Groups
uniquemember: uid=kvaughan, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=rdaugherty, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=hmiller, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com

dn: ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: People

dn: ou=Special Users,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts

dn: uid=scarter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Sam Carter
sn: Carter
givenname: Sam
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: scarter
mail: scarter@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: sprain

dn: uid=tmorris, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Ted Morris
sn: Morris
givenname: Ted
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tmorris
mail: tmorris@example.com
telephonenumber: +1 408 555 9187
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4117
userpassword: irrefutable

dn: uid=kvaughan, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Kirsten Vaughan
sn: Vaughan
givenname: Kirsten
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: kvaughan
mail: kvaughan@example.com
telephonenumber: +1 408 555 5625
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 2871
userpassword: bribery

dn: uid=abergin, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Andy Bergin
sn: Bergin
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: abergin
mail: abergin@example.com
telephonenumber: +1 408 555 8585
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3472
userpassword: inflict

dn: uid=dmiller, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: David Miller
sn: Miller
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: dmiller
mail: dmiller@example.com
telephonenumber: +1 408 555 9423
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4135
userpassword: gosling

dn: uid=gfarmer, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Gern Farmer
sn: Farmer
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: gfarmer
mail: gfarmer@example.com
telephonenumber: +1 408 555 6201
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1269
userpassword: ruling

dn: uid=kwinters, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Kelly Winters
sn: Winters
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: kwinters
mail: kwinters@example.com
telephonenumber: +1 408 555 9069
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4178
userpassword: forsook

dn: uid=trigden, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Rigden
sn: Rigden
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: trigden
mail: trigden@example.com
telephonenumber: +1 408 555 9280
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3584
userpassword: sensitive

dn: uid=cschmith, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Chris Schmith
sn: Schmith
givenname: Chris
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: cschmith
mail: cschmith@example.com
telephonenumber: +1 408 555 8011
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0416
userpassword: hypotenuse

dn: uid=jwallace, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Judy Wallace
sn: Wallace
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: jwallace
mail: jwallace@example.com
telephonenumber: +1 408 555 0319
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1033
userpassword: linear

dn: uid=jwalker, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: John Walker
sn: Walker
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: jwalker
mail: jwalker@example.com
telephonenumber: +1 408 555 1476
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3915
userpassword: dogleg

dn: uid=tclow, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Clow
sn: Clow
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: tclow
mail: tclow@example.com
telephonenumber: +1 408 555 8825
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4376
userpassword: cardreader

dn: uid=rdaugherty, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Robert Daugherty
sn: Daugherty
givenname: Robert
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: rdaugherty
mail: rdaugherty@example.com
telephonenumber: +1 408 555 1296
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0194
userpassword: apples

dn: uid=jreuter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jayne Reuter
sn: Reuter
givenname: Jayne
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: jreuter
mail: jreuter@example.com
telephonenumber: +1 408 555 1122
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 2942
userpassword: destroy

dn: uid=tmason, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Mason
sn: Mason
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: tmason
mail: tmason@example.com
telephonenumber: +1 408 555 1596
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1124
userpassword: squatted

dn: uid=bhall, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Benjamin Hall
sn: Hall
givenname: Benjamin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: bhall
mail: bhall@example.com
telephonenumber: +1 408 555 6067
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 2511
userpassword: oranges

dn: uid=btalbot, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Brad Talbot
sn: Talbot
givenname: Brad
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: btalbot
mail: btalbot@example.com
telephonenumber: +1 408 555 4992
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3532
userpassword: trident

dn: uid=mward, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Marcus Ward
sn: Ward
givenname: Marcus
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: mward
mail: mward@example.com
telephonenumber: +1 408 555 5688
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 1707
userpassword: normal

dn: uid=bjablons, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Jablonski
sn: Jablonski
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: bjablons
mail: bjablons@example.com
telephonenumber: +1 408 555 8815
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0906
userpassword: strawberry

dn: uid=jmcFarla, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Judy McFarland
sn: McFarland
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: jmcFarla
mail: jmcFarla@example.com
telephonenumber: +1 408 555 2567
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 2359
userpassword: walnut

dn: uid=llabonte, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Lee Labonte
sn: Labonte
givenname: Lee
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: llabonte
mail: llabonte@example.com
telephonenumber: +1 408 555 0957
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2854
userpassword: sourdough

dn: uid=jcampaig, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jody Campaigne
sn: Campaigne
givenname: Jody
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: jcampaig
mail: jcampaig@example.com
telephonenumber: +1 408 555 1660
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4385
userpassword: grapevine

dn: uid=bhal2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Hall
sn: Hall
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: bhal2
mail: bhal2@example.com
telephonenumber: +1 408 555 4491
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2758
userpassword: truths

dn: uid=alutz, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Alexander Lutz
sn: Lutz
givenname: Alexander
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: alutz
mail: alutz@example.com
telephonenumber: +1 408 555 6505
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 1327
userpassword: northward

dn: uid=btalbo2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Talbot
sn: Talbot
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: btalbo2
mail: btalbo2@example.com
telephonenumber: +1 408 555 4234
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 1205
userpassword: corduroy

dn: uid=achassin, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Ashley Chassin
sn: Chassin
givenname: Ashley
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: achassin
mail: achassin@example.com
telephonenumber: +1 408 555 9972
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 0466
userpassword: duopolist

dn: uid=hmiller, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Harry Miller
sn: Miller
givenname: Harry
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: hmiller
mail: hmiller@example.com
telephonenumber: +1 408 555 9804
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4304
userpassword: hillock

dn: uid=jcampai2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jeffrey Campaigne
sn: Campaigne
givenname: Jeffrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jcampai2
mail: jcampai2@example.com
telephonenumber: +1 408 555 7393
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 1377
userpassword: nominee

dn: uid=lulrich, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Lee Ulrich
sn: Ulrich
givenname: Lee
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: lulrich
mail: lulrich@example.com
telephonenumber: +1 408 555 8652
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 0985
userpassword: attribution

dn: uid=mlangdon, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Marcus Langdon
sn: Langdon
givenname: Marcus
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: mlangdon
mail: mlangdon@example.com
telephonenumber: +1 408 555 6249
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4471
userpassword: threat

dn: uid=striplet, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Stephen Triplett
sn: Triplett
givenname: Stephen
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: striplet
mail: striplet@example.com
telephonenumber: +1 408 555 4519
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3083
userpassword: compactify

dn: uid=gtriplet, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Gern Triplett
sn: Triplett
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: gtriplet
mail: gtriplet@example.com
telephonenumber: +1 408 555 2582
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 4023
userpassword: placeable

dn: uid=jfalena, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: John Falena
sn: Falena
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jfalena
mail: jfalena@example.com
telephonenumber: +1 408 555 8133
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1917
userpassword: nightly

dn: uid=speterso, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Sue Peterson
sn: Peterson
givenname: Sue
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: speterso
mail: speterso@example.com
telephonenumber: +1 408 555 3613
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 3073
userpassword: quinine

dn: uid=ejohnson, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Emanuel Johnson
sn: Johnson
givenname: Emanuel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ejohnson
mail: ejohnson@example.com
telephonenumber: +1 408 555 3287
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 3737
userpassword: marketwise

dn: uid=prigden, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Peter Rigden
sn: Rigden
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: prigden
mail: prigden@example.com
telephonenumber: +1 408 555 5099
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1271
userpassword: epiphyseal

dn: uid=bwalker, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Brad Walker
sn: Walker
givenname: Brad
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: bwalker
mail: bwalker@example.com
telephonenumber: +1 408 555 5476
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 3529
userpassword: interruptible

dn: uid=kjensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Kurt Jensen
sn: Jensen
givenname: Kurt
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: kjensen
mail: kjensen@example.com
telephonenumber: +1 408 555 6127
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1944
userpassword: regulatory

dn: uid=mlott, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Mike Lott
sn: Lott
givenname: Mike
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: mlott
mail: mlott@example.com
telephonenumber: +1 408 555 2234
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 0498
userpassword: cognac

dn: uid=cwallace, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Cecil Wallace
sn: Wallace
givenname: Cecil
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: cwallace
mail: cwallace@example.com
telephonenumber: +1 408 555 6438
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 0349
userpassword: quintus

dn: uid=tpierce, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Pierce
sn: Pierce
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: tpierce
mail: tpierce@example.com
telephonenumber: +1 408 555 1531
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 1383
userpassword: rascal

dn: uid=rbannist, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Richard Bannister
sn: Bannister
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: rbannist
mail: rbannist@example.com
telephonenumber: +1 408 555 1833
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 0983
userpassword: demonstrate

dn: uid=bplante, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Brian Plante
sn: Plante
givenname: Brian
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: bplante
mail: bplante@example.com
telephonenumber: +1 408 555 3550
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4654
userpassword: tangerine

dn: uid=rmills, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Randy Mills
sn: Mills
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: rmills
mail: rmills@example.com
telephonenumber: +1 408 555 2072
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 3823
userpassword: condescend

dn: uid=bschneid, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Benjamin Schneider
sn: Schneider
givenname: Benjamin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: bschneid
mail: bschneid@example.com
telephonenumber: +1 408 555 1012
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 4471
userpassword: biblical

dn: uid=skellehe, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Sue Kelleher
sn: Kelleher
givenname: Sue
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: skellehe
mail: skellehe@example.com
telephonenumber: +1 408 555 3480
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1608
userpassword: sweltering

dn: uid=brentz, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Bertram Rentz
sn: Rentz
givenname: Bertram
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: brentz
mail: brentz@example.com
telephonenumber: +1 408 555 5526
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0617
userpassword: diachronic

dn: uid=dsmith, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Daniel Smith
sn: Smith
givenname: Daniel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: dsmith
mail: dsmith@example.com
telephonenumber: +1 408 555 9519
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 0368
userpassword: quantitative

dn: uid=scarte2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Stephen Carter
sn: Carter
givenname: Stephen
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: scarte2
mail: scarte2@example.com
telephonenumber: +1 408 555 6022
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 2013
userpassword: scooter

dn: uid=dthorud, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: David Thorud
sn: Thorud
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: dthorud
mail: dthorud@example.com
telephonenumber: +1 408 555 6185
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1128
userpassword: fulcrum

dn: uid=ekohler, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Elba Kohler
sn: Kohler
givenname: Elba
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: ekohler
mail: ekohler@example.com
telephonenumber: +1 408 555 1926
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 2721
userpassword: guildhall

dn: uid=lcampbel, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Laurel Campbell
sn: Campbell
givenname: Laurel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: lcampbel
mail: lcampbel@example.com
telephonenumber: +1 408 555 2537
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 2073
userpassword: impress

dn: uid=tlabonte, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Tim Labonte
sn: Labonte
givenname: Tim
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: tlabonte
mail: tlabonte@example.com
telephonenumber: +1 408 555 0058
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1426
userpassword: express

dn: uid=slee, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Scott Lee
sn: Lee
givenname: Scott
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: slee
mail: slee@example.com
telephonenumber: +1 408 555 2335
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 1806
userpassword: revertive

dn: uid=bfree, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Free
sn: Free
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: bfree
mail: bfree@example.com
telephonenumber: +1 408 555 8588
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 3307
userpassword: etiquette

dn: uid=tschneid, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Schneider
sn: Schneider
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: tschneid
mail: tschneid@example.com
telephonenumber: +1 408 555 7086
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2292
userpassword: chaperone

dn: uid=prose, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Paula Rose
sn: Rose
givenname: Paula
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: prose
mail: prose@example.com
telephonenumber: +1 408 555 9998
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 0542
userpassword: regatta

dn: uid=jhunter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Janet Hunter
sn: Hunter
givenname: Janet
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: jhunter
mail: jhunter@example.com
telephonenumber: +1 408 555 7665
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4856
userpassword: nanometer

dn: uid=ashelton, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Alexander Shelton
sn: Shelton
givenname: Alexander
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: ashelton
mail: ashelton@example.com
telephonenumber: +1 408 555 1081
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1987
userpassword: appointe

dn: uid=mmcinnis, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Marcus Mcinnis
sn: Mcinnis
givenname: Marcus
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: mmcinnis
mail: mmcinnis@example.com
telephonenumber: +1 408 555 9655
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 4818
userpassword: calcify

dn: uid=falbers, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Frank Albers
sn: Albers
givenname: Frank
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: falbers
mail: falbers@example.com
telephonenumber: +1 408 555 3094
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1439
userpassword: degradation

dn: uid=mschneid, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Martin Schneider
sn: Schneider
givenname: Martin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: mschneid
mail: mschneid@example.com
telephonenumber: +1 408 555 5017
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 3153
userpassword: motorcycle

dn: uid=pcruse, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Patricia Cruse
sn: Cruse
givenname: Patricia
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: pcruse
mail: pcruse@example.com
telephonenumber: +1 408 555 8641
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 3967
userpassword: pauper

dn: uid=tkelly, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Timothy Kelly
sn: Kelly
givenname: Timothy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
l: Santa Clara
uid: tkelly
mail: tkelly@example.com
telephonenumber: +1 408 555 4295
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3107
userpassword: risible

dn: uid=ahel, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Andrew Hel
sn: Hel
givenname: Andrew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ahel
mail: ahel@example.com
telephonenumber: +1 408 555 2666
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 0572
userpassword: sarsaparilla

dn: uid=jburrell, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: James Burrell
sn: Burrell
givenname: James
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: jburrell
mail: jburrell@example.com
telephonenumber: +1 408 555 0751
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4926
userpassword: degrease

dn: uid=smason, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Sue Mason
sn: Mason
givenname: Sue
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: smason
mail: smason@example.com
telephonenumber: +1 408 555 9780
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4971
userpassword: sensible

dn: uid=ptyler, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Pete Tyler
sn: Tyler
givenname: Pete
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ptyler
mail: ptyler@example.com
telephonenumber: +1 408 555 3335
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0327
userpassword: vinegar

dn: uid=calexand, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Chris Alexander
sn: Alexander
givenname: Chris
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: calexand
mail: calexand@example.com
telephonenumber: +1 408 555 9438
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 2884
userpassword: dauphin

dn: uid=jcruse, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jim Cruse
sn: Cruse
givenname: Jim
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: jcruse
mail: jcruse@example.com
telephonenumber: +1 408 555 9482
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 0083
userpassword: bridgework

dn: uid=kcarter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Karen Carter
sn: Carter
givenname: Karen
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: kcarter
mail: kcarter@example.com
telephonenumber: +1 408 555 4675
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 2320
userpassword: radiosonde

dn: uid=rfish, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Randy Fish
sn: Fish
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: rfish
mail: rfish@example.com
telephonenumber: +1 408 555 9865
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2317
userpassword: mailbox

dn: uid=phunt, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Philip Hunt
sn: Hunt
givenname: Philip
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: phunt
mail: phunt@example.com
telephonenumber: +1 408 555 1242
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 1183
userpassword: wastewater

dn: uid=rschneid, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Rachel Schneider
sn: Schneider
givenname: Rachel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: rschneid
mail: rschneid@example.com
telephonenumber: +1 408 555 9908
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4183
userpassword: decorous

dn: uid=bjensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: bjensen
mail: bjensen@example.com
telephonenumber: +1 408 555 1862
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0209
userpassword: hifalutin

dn: uid=jlange, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jim Lange
sn: Lange
givenname: Jim
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: jlange
mail: jlange@example.com
telephonenumber: +1 408 555 0488
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3798
userpassword: chastity

dn: uid=rulrich, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Randy Ulrich
sn: Ulrich
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: rulrich
mail: rulrich@example.com
telephonenumber: +1 408 555 5311
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1282
userpassword: twinkle

dn: uid=rfrancis, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Richard Francis
sn: Francis
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: rfrancis
mail: rfrancis@example.com
telephonenumber: +1 408 555 8157
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 3482
userpassword: hacienda

dn: uid=mwhite, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Morgan White
sn: White
givenname: Morgan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: mwhite
mail: mwhite@example.com
telephonenumber: +1 408 555 9620
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3088
userpassword: staple

dn: uid=gjensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Gern Jensen
sn: Jensen
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: gjensen
mail: gjensen@example.com
telephonenumber: +1 408 555 3299
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4609
userpassword: primitive

dn: uid=awhite, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Alan White
sn: White
givenname: Alan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: awhite
mail: awhite@example.com
telephonenumber: +1 408 555 3232
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 0142
userpassword: placeholder

dn: uid=bmaddox, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Maddox
sn: Maddox
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: bmaddox
mail: bmaddox@example.com
telephonenumber: +1 408 555 7783
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 2207
userpassword: feedback

dn: uid=mtalbot, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Martin Talbot
sn: Talbot
givenname: Martin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: mtalbot
mail: mtalbot@example.com
telephonenumber: +1 408 555 9228
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1415
userpassword: currant

dn: uid=jbrown, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Judy Brown
sn: Brown
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: jbrown
mail: jbrown@example.com
telephonenumber: +1 408 555 6885
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4224
userpassword: militiamen

dn: uid=jjensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jody Jensen
sn: Jensen
givenname: Jody
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: jjensen
mail: jjensen@example.com
telephonenumber: +1 408 555 7587
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 4882
userpassword: borderland

dn: uid=mcarter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Mike Carter
sn: Carter
givenname: Mike
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: mcarter
mail: mcarter@example.com
telephonenumber: +1 408 555 1846
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3819
userpassword: mainland

dn: uid=dakers, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: David Akers
sn: Akers
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: dakers
mail: dakers@example.com
telephonenumber: +1 408 555 4812
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 4944
userpassword: integument

dn: uid=sfarmer, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Scott Farmer
sn: Farmer
givenname: Scott
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: sfarmer
mail: sfarmer@example.com
telephonenumber: +1 408 555 4228
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 0019
userpassword: triumphal

dn: uid=dward, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Daniel Ward
sn: Ward
givenname: Daniel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: dward
mail: dward@example.com
telephonenumber: +1 408 555 5322
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3927
userpassword: armload

dn: uid=tward, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Ward
sn: Ward
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: tward
mail: tward@example.com
telephonenumber: +1 408 555 7202
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2238
userpassword: cedilla

dn: uid=pshelton, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Patricia Shelton
sn: Shelton
givenname: Patricia
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Cupertino
uid: pshelton
mail: pshelton@example.com
telephonenumber: +1 408 555 6442
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2918
userpassword: nosedive

dn: uid=jrentz, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jody Rentz
sn: Rentz
givenname: Jody
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jrentz
mail: jrentz@example.com
telephonenumber: +1 408 555 5829
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3025
userpassword: meander

dn: uid=plorig, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Peter Lorig
sn: Lorig
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: plorig
mail: plorig@example.com
telephonenumber: +1 408 555 0624
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1276
userpassword: calorimeter

dn: uid=ajensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Allison Jensen
sn: Jensen
givenname: Allison
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: ajensen
mail: ajensen@example.com
telephonenumber: +1 408 555 7892
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 0784
userpassword: coltsfoot

dn: uid=kschmith, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Kelly Schmith
sn: Schmith
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: kschmith
mail: kschmith@example.com
telephonenumber: +1 408 555 9749
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 2221
userpassword: purvey

dn: uid=pworrell, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Pete Worrell
sn: Worrell
givenname: Pete
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: pworrell
mail: pworrell@example.com
telephonenumber: +1 408 555 1637
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 2449
userpassword: solicitous

dn: uid=mreuter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Matthew Reuter
sn: Reuter
givenname: Matthew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: mreuter
mail: mreuter@example.com
telephonenumber: +1 408 555 6879
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 1356
userpassword: oblivious

dn: uid=gtyler, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Gern Tyler
sn: Tyler
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: gtyler
mail: gtyler@example.com
telephonenumber: +1 408 555 1020
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0312
userpassword: typology

dn: uid=tschmith, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Schmith
sn: Schmith
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: tschmith
mail: tschmith@example.com
telephonenumber: +1 408 555 9626
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4607
userpassword: compost

dn: uid=bjense2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Jensen
sn: Jensen
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: bjense2
mail: bjense2@example.com
telephonenumber: +1 408 555 5655
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4294
userpassword: mortgage

dn: uid=dswain, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Dietrich Swain
sn: Swain
givenname: Dietrich
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Sunnyvale
uid: dswain
mail: dswain@example.com
telephonenumber: +1 408 555 9222
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4396
userpassword: freedom

dn: uid=ahall, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Andy Hall
sn: Hall
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: ahall
mail: ahall@example.com
telephonenumber: +1 408 555 6169
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 3050
userpassword: slater

dn: uid=jmuffly, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jeff Muffly
sn: Muffly
givenname: Jeff
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: jmuffly
mail: jmuffly@example.com
telephonenumber: +1 408 555 5287
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 0997
userpassword: dictate

dn: uid=tjensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Ted Jensen
sn: Jensen
givenname: Ted
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tjensen
mail: tjensen@example.com
telephonenumber: +1 408 555 8622
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4717
userpassword: ecosystem

dn: uid=ahunter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Allison Hunter
sn: Hunter
givenname: Allison
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Sunnyvale
uid: ahunter
mail: ahunter@example.com
telephonenumber: +1 408 555 7713
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1213
userpassword: egregious

dn: uid=jgoldste, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jon Goldstein
sn: Goldstein
givenname: Jon
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jgoldste
mail: jgoldste@example.com
telephonenumber: +1 408 555 5769
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 1454
userpassword: yellow

dn: uid=aworrell, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Alan Worrell
sn: Worrell
givenname: Alan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: aworrell
mail: aworrell@example.com
telephonenumber: +1 408 555 1591
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 3966
userpassword: gargoyle

dn: uid=wlutz, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Wendy Lutz
sn: Lutz
givenname: Wendy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: wlutz
mail: wlutz@example.com
telephonenumber: +1 408 555 3358
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4912
userpassword: bassinet

dn: uid=jlutz, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Janet Lutz
sn: Lutz
givenname: Janet
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: jlutz
mail: jlutz@example.com
telephonenumber: +1 408 555 4902
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 2544
userpassword: autumn

dn: uid=dlangdon, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Dan Langdon
sn: Langdon
givenname: Dan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: dlangdon
mail: dlangdon@example.com
telephonenumber: +1 408 555 7044
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3263
userpassword: botulin

dn: uid=aknutson, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Ashley Knutson
sn: Knutson
givenname: Ashley
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: aknutson
mail: aknutson@example.com
telephonenumber: +1 408 555 2169
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4736
userpassword: maltose

dn: uid=kmcinnis, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Kelly Mcinnis
sn: Mcinnis
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: kmcinnis
mail: kmcinnis@example.com
telephonenumber: +1 408 555 8596
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4312
userpassword: stargaze

dn: uid=tcouzens, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Trent Couzens
sn: Couzens
givenname: Trent
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: tcouzens
mail: tcouzens@example.com
telephonenumber: +1 408 555 8401
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 3994
userpassword: tambourine

dn: uid=lstockto, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Lee Stockton
sn: Stockton
givenname: Lee
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: lstockto
mail: lstockto@example.com
telephonenumber: +1 408 555 0518
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0169
userpassword: brooklyn

dn: uid=jbourke, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jon Bourke
sn: Bourke
givenname: Jon
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: jbourke
mail: jbourke@example.com
telephonenumber: +1 408 555 8541
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0034
userpassword: brainwash

dn: uid=dlanoway, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Dan Lanoway
sn: Lanoway
givenname: Dan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: dlanoway
mail: dlanoway@example.com
telephonenumber: +1 408 555 2017
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3540
userpassword: manhattan

dn: uid=kcope, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Karl Cope
sn: Cope
givenname: Karl
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: kcope
mail: kcope@example.com
telephonenumber: +1 408 555 2709
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 3040
userpassword: forfeiture

dn: uid=abarnes, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Anne-Louise Barnes
sn: Barnes
givenname: Anne-Louise
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: abarnes
mail: abarnes@example.com
telephonenumber: +1 408 555 9445
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2290
userpassword: chevron

dn: uid=rjensen, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Richard Jensen
sn: Jensen
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: rjensen
mail: rjensen@example.com
telephonenumber: +1 408 555 5957
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 2631
userpassword: disciplinarian

dn: uid=phun2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Pete Hunt
sn: Hunt
givenname: Pete
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: phun2
mail: phun2@example.com
telephonenumber: +1 408 555 0342
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 0087
userpassword: absorb

dn: uid=mvaughan, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Matthew Vaughan
sn: Vaughan
givenname: Matthew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: mvaughan
mail: mvaughan@example.com
telephonenumber: +1 408 555 4692
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4508
userpassword: submitted

dn: uid=jlut2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: James Lutz
sn: Lutz
givenname: James
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: jlut2
mail: jlut2@example.com
telephonenumber: +1 408 555 9689
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 3541
userpassword: shrank

dn: uid=mjablons, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Morgan Jablonski
sn: Jablonski
givenname: Morgan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: mjablons
mail: mjablons@example.com
telephonenumber: +1 408 555 0813
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3160
userpassword: minimal

dn: uid=pchassin, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Peter Chassin
sn: Chassin
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: pchassin
mail: pchassin@example.com
telephonenumber: +1 408 555 2816
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 4524
userpassword: barbital

dn: uid=dcope, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Dan Cope
sn: Cope
givenname: Dan
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: dcope
mail: dcope@example.com
telephonenumber: +1 408 555 9813
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 1737
userpassword: snifter

dn: uid=jrent2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Judy Rentz
sn: Rentz
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Santa Clara
uid: jrent2
mail: jrent2@example.com
telephonenumber: +1 408 555 2523
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4405
userpassword: tachistoscope

dn: uid=tcruse, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Tobias Cruse
sn: Cruse
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: tcruse
mail: tcruse@example.com
telephonenumber: +1 408 555 5980
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 4191
userpassword: flinty

dn: uid=eward, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Eric Ward
sn: Ward
givenname: Eric
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: eward
mail: eward@example.com
telephonenumber: +1 408 555 2320
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 4874
userpassword: episcopal

dn: uid=ttully, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Torrey Tully
sn: Tully
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: ttully
mail: ttully@example.com
telephonenumber: +1 408 555 2274
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 3924
userpassword: schooner

dn: uid=charvey, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Cecil Harvey
sn: Harvey
givenname: Cecil
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: charvey
mail: charvey@example.com
telephonenumber: +1 408 555 1815
facsimiletelephonenumber: +1 408 555 3825
roomnumber: 4583
userpassword: journalese

dn: uid=rfisher, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Randy Fisher
sn: Fisher
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: rfisher
mail: rfisher@example.com
telephonenumber: +1 408 555 1506
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1579
userpassword: pomegranate

dn: uid=alangdon, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Andrew Langdon
sn: Langdon
givenname: Andrew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: alangdon
mail: alangdon@example.com
telephonenumber: +1 408 555 8289
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 2254
userpassword: muzzle

dn: uid=drose, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: David Rose
sn: Rose
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: drose
mail: drose@example.com
telephonenumber: +1 408 555 3963
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4012
userpassword: gubernatorial

dn: uid=polfield, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Peter Olfield
sn: Olfield
givenname: Peter
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: polfield
mail: polfield@example.com
telephonenumber: +1 408 555 8231
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1376
userpassword: monologue

dn: uid=awalker, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Andy Walker
sn: Walker
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: awalker
mail: awalker@example.com
telephonenumber: +1 408 555 9199
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 0061
userpassword: detonable

dn: uid=lrentz, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Lex Rentz
sn: Rentz
givenname: Lex
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: lrentz
mail: lrentz@example.com
telephonenumber: +1 408 555 2019
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2203
userpassword: calcium

dn: uid=jvaughan, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jeff Vaughan
sn: Vaughan
givenname: Jeff
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: jvaughan
mail: jvaughan@example.com
telephonenumber: +1 408 555 4543
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1734
userpassword: appoint

dn: uid=bfrancis, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Barbara Francis
sn: Francis
givenname: Barbara
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: bfrancis
mail: bfrancis@example.com
telephonenumber: +1 408 555 9111
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 3743
userpassword: holystone

dn: uid=ewalker, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Eric Walker
sn: Walker
givenname: Eric
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Payroll
ou: People
l: Cupertino
uid: ewalker
mail: ewalker@example.com
telephonenumber: +1 408 555 6387
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 2295
userpassword: beguile

dn: uid=tjames, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Tobias James
sn: James
givenname: Tobias
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tjames
mail: tjames@example.com
telephonenumber: +1 408 555 2458
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 0730
userpassword: turtle

dn: uid=brigden, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Bjorn Rigden
sn: Rigden
givenname: Bjorn
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: brigden
mail: brigden@example.com
telephonenumber: +1 408 555 5263
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1643
userpassword: purple

dn: uid=ecruse, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Eric Cruse
sn: Cruse
givenname: Eric
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: ecruse
mail: ecruse@example.com
telephonenumber: +1 408 555 0648
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4233
userpassword: platelet

dn: uid=rjense2, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Randy Jensen
sn: Jensen
givenname: Randy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Sunnyvale
uid: rjense2
mail: rjense2@example.com
telephonenumber: +1 408 555 9045
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1984
userpassword: transpose

dn: uid=rhunt, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Richard Hunt
sn: Hunt
givenname: Richard
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: rhunt
mail: rhunt@example.com
telephonenumber: +1 408 555 0139
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 0718
userpassword: becloud

dn: uid=bparker, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Barry Parker
sn: Parker
givenname: Barry
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: bparker
mail: bparker@example.com
telephonenumber: +1 408 555 4647
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 1148
userpassword: lenticular

dn: uid=ealexand, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Erin Alexander
sn: Alexander
givenname: Erin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: ealexand
mail: ealexand@example.com
telephonenumber: +1 408 555 5563
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 2434
userpassword: galactose

dn: uid=mtyler, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Matthew Tyler
sn: Tyler
givenname: Matthew
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Cupertino
uid: mtyler
mail: mtyler@example.com
telephonenumber: +1 408 555 7907
facsimiletelephonenumber: +1 408 555 4661
roomnumber: 2701
userpassword: instantiate

dn: uid=elott, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Emanuel Lott
sn: Lott
givenname: Emanuel
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Santa Clara
uid: elott
mail: elott@example.com
telephonenumber: +1 408 555 0932
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 3906
userpassword: holdout

dn: uid=cnewport, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Christoph Newport
sn: Newport
givenname: Christoph
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Sunnyvale
uid: cnewport
mail: cnewport@example.com
telephonenumber: +1 408 555 0066
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 0056
userpassword: expertise

dn: uid=jvedder, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
cn: Jeff Vedder
sn: Vedder
givenname: Jeff
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: jvedder
mail: jvedder@example.com
telephonenumber: +1 408 555 4668
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 3445
userpassword: befitting

dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
uniquemember: uid=scarter, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=tmorris, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
description: People who can manage accounting entries

dn: cn=HR Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: HR Managers
ou: groups
uniquemember: uid=kvaughan, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=cschmith, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
description: People who can manage HR entries

dn: cn=QA Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: QA Managers
ou: groups
uniquemember: uid=abergin, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=jwalker, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
description: People who can manage QA entries

dn: cn=PD Managers,ou=groups,dc=example,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: PD Managers
ou: groups
uniquemember: uid=kwinters, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
uniquemember: uid=trigden, ou=People, ou=restore task, o=Privileges Tests,dc=example,dc=com
description: People who can manage engineer entries

dn: ou=Company Servers,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Company Servers
description: Standard branch for Company Server registration

 opends/tests/functional-tests/shared/data/privileges/privileges_startup.ldif

New file
@@ -0,0 +1,401 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Portions Copyright 2007 Sun Microsystems, Inc.
#

dn: cn=Aroot Manager,cn=Root DNs,cn=config
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ds-cfg-root-dn
objectClass: top
ds-cfg-alternate-bind-dn: cn=Aroot
givenName: Aroot
cn: Aroot Manager
sn: Manager
userpassword: PrivsRule
ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config
ds-rlim-lookthrough-limit: 0
ds-rlim-time-limit: 0
ds-rlim-size-limit: 0

dn: o=Privileges Tests, dc=example,dc=com
o: Privileges Tests
objectclass: top
objectclass: organization

dn: uid=auser, o=Privileges Tests, dc=example,dc=com
cn: Aci User
sn: User
givenname: Aci
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: auser
mail: auser@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: ACIRules

dn: uid=buser, o=Privileges Tests, dc=example,dc=com
cn: Baci User
sn: User
givenname: Baci
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: buser
mail: buser@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: ACIRules

dn: uid=aproxy, o=Privileges Tests, dc=example,dc=com
cn: Ana Proxy
sn: proxy
givenname: Ana
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Development
ou: People
l: Grenoble
uid: aproxy
mail: aproxy@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: ProxyRules
ds-privilege-name: proxied-auth

dn: uid=bproxy, o=Privileges Tests, dc=example,dc=com
cn: Bana Proxy
sn: proxy
givenname: Bana
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Development
ou: People
l: Grenoble
uid: bproxy
mail: bproxy@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: ProxyRules

dn: ou=People, o=Privileges Tests, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
ou: People

dn: uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Sam Carter
sn: Carter
givenname: Sam
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: scarter
mail: scarter@example.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: sprain

dn: uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Ted Morris
sn: Morris
givenname: Ted
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Santa Clara
uid: tmorris
mail: tmorris@example.com
telephonenumber: +1 408 555 9187
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 4117
userpassword: irrefutable
aci: (targetattr="*")(version 3.0; acl "rep_search_aci_tmorris"; allow (write) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

dn: uid=abergin, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Andy Bergin
sn: Bergin
givenname: Andy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: abergin
mail: abergin@example.com
telephonenumber: +1 408 555 8585
facsimiletelephonenumber: +1 408 555 7472
roomnumber: 3472
userpassword: inflict
aci: (targetattr="*")(version 3.0; acl "del_search_aci_abergin"; allow (search,read) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

dn: uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com
cn: David Miller
sn: Miller
givenname: David
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: dmiller
mail: dmiller@example.com
telephonenumber: +1 408 555 9423
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 4135
userpassword: gosling
aci: (targetattr="*")(version 3.0; acl "del_search_aci_dmiller"; allow (write) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

dn: uid=gfarmer, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Gern Farmer
sn: Farmer
givenname: Gern
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Cupertino
uid: gfarmer
mail: gfarmer@example.com
telephonenumber: +1 408 555 6201
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1269
userpassword: ruling
title: Engineer
title: architect
title: sweeper
aci: (targetattr="*")(version 3.0; acl "del_search_aci_gfarmer"; allow (write) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

dn: uid=kwinters, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Kelly Winters
sn: Winters
givenname: Kelly
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: kwinters
mail: kwinters@example.com
telephonenumber: +1 408 555 9069
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4178
userpassword: forsook

dn: uid=trigden, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Torrey Rigden
sn: Rigden
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: trigden
mail: trigden@example.com
telephonenumber: +1 408 555 9280
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 3584
userpassword: sensitive

dn: uid=cschmith, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Chris Schmith
sn: Schmith
givenname: Chris
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: cschmith
mail: cschmith@example.com
telephonenumber: +1 408 555 8011
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0416
userpassword: hypotenuse

dn: uid=jwallace, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Judy Wallace
sn: Wallace
givenname: Judy
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: jwallace
mail: jwallace@example.com
telephonenumber: +1 408 555 0319
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1033
userpassword: linear

dn: uid=jcrawler, ou=People, o=Privileges Tests, dc=example,dc=com
cn: John Crawler
sn: Crawler
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: jcrawler
mail: jcrawler@example.com
telephonenumber: +1 408 555 1476
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 3915
userpassword: dogleg

dn: uid=tclow, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Torrey Clow
sn: Clow
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Santa Clara
uid: tclow
mail: tclow@example.com
telephonenumber: +1 408 555 8825
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 4376
userpassword: cardreader

dn: uid=rdaugherty, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Robert Daugherty
sn: Daugherty
givenname: Robert
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: rdaugherty
mail: rdaugherty@example.com
telephonenumber: +1 408 555 1296
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0194
userpassword: apples

dn: uid=jreuter, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Jayne Reuter
sn: Reuter
givenname: Jayne
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Testing
ou: People
l: Cupertino
uid: jreuter
mail: jreuter@example.com
telephonenumber: +1 408 555 1122
facsimiletelephonenumber: +1 408 555 8721
roomnumber: 2942
userpassword: destroy

dn: uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Torrey Mason
sn: Mason
givenname: Torrey
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Sunnyvale
uid: tmason
mail: tmason@example.com
telephonenumber: +1 408 555 1596
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 1124
userpassword: squatted

dn: uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com
cn: Benjamin Hall
sn: Hall
givenname: Benjamin
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Product Development
ou: People
l: Santa Clara
uid: bhall
mail: bhall@example.com
telephonenumber: +1 408 555 6067
facsimiletelephonenumber: +1 408 555 0111
roomnumber: 2511
userpassword: oranges


 opends/tests/functional-tests/testcases/privileges/privileges.xml

New file
@@ -0,0 +1,86 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2006-2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="main_privileges"/>

  <function name="main_privileges">

    <sequence>

      <block name="'privileges'">
      
        <sequence>
    
          <script>
            CurrentTestPath['group']='privileges'
          </script>
      
          <call function="'testGroup_Preamble'"/>
			        											
   
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_users.xml' % (TESTS_DIR)"/>
          <call function="'privileges_users'" />
  
         <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_directory_manager.xml' % (TESTS_DIR)"/>
          <call function="'privileges_directory_manager'" />
  
         <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_new_root_user.xml' % (TESTS_DIR)"/>
          <call function="'privileges_new_root_user'" />
  
         <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_import_task.xml' % (TESTS_DIR)"/>
          <call function="'privileges_import_task'" />
  
         <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_export_task.xml' % (TESTS_DIR)"/>
          <call function="'privileges_export_task'" />
  
         <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_backup_task.xml' % (TESTS_DIR)"/>
          <call function="'privileges_backup_task'" />
  
         <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_restore_task.xml' % (TESTS_DIR)"/>
          <call function="'privileges_restore_task'" />
  
         											
          <call function="'testGroup_Postamble'"/>
        
        </sequence>
     
      </block>
     
    </sequence>

  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_backup_task.xml

New file
@@ -0,0 +1,522 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_backup_task"/>

  <function name="privileges_backup_task">

    <sequence>

      <block name="'privileges-backup-task'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Backup Tasks Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regard to basic users.
                #@TestSuiteGroup            Basic Privileges Backup Tasks Tests
                #@TestScript                privileges_backup_task.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

        <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Backup Tasks Tests
                #@TestName                  backend-backup
                #@TestIssue                 475
                #@TestPurpose               Privileges for regular users to add backup tasks
                #@TestPreamble              none
                #@TestStep                  User adding backup task.
                #@TestStep                  Admin adding privilege.
                #@TestStep                  User adding backup task.
                #@TestStep                  Admin adding global ACI.
                #@TestStep                  User adding backup task.
                #@TestStep                  Admin deleting privilege.
                #@TestStep                  Admin deleting global ACI.
                #@TestStep                  User adding backup task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, and 8 and 0
                                            for all other ldap operations.
            -->
          <testcase name="'Privileges: Backup Tasks: backend-backup'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Backup Tasks: backend-backup, user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '3' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'backend-backup' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '3' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Admin adding global ACI'
                </message>
    
                <script>
                    aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-backup-id || ds-task-backup-backend-id || ds-backup-directory-path\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

               <message>
                   'Privileges: Backup Tasks: backend-backup, user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '3' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'backend-backup' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Admin deleting global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

               <message>
                   'Privileges: Backup Tasks: backend-backup, user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '3.1' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult ,
                    'expected'   : 50 }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
      <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Backup Tasks Tests
                #@TestName                  backend-backup, Directory Manager
                #@TestIssue                 475
                #@TestPurpose               Privileges for Directory Manager to add backup tasks
                #@TestPreamble              none
                #@TestStep                  Directory Manager adding backup task.
                #@TestStep                  Alternative root user removing privilege.
                #@TestStep                  Directory Manager adding backup task.
                #@TestStep                  Alternative root user putting back privilege.
                #@TestStep                  Directory Manager adding backup task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1 and 5 and 0
                                            for all other ldap operations.
            -->
          <testcase name="'Privileges: Backup Tasks: backend-backup Directory Manager'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Backup Tasks: backend-backup, Directory Manager, DM adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : '3.2' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Directory Manager, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-backup' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Directory Manager, DM adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD  ,
                  'taskID'           : '3.3' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Directory Manager, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-backup' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, Directory Manager, DM adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : '3.4' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : STAFCmdRC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Backup Tasks Tests
                #@TestName                  backend-backup, New Root User
                #@TestIssue                 475
                #@TestPurpose               Privileges for new root user to add backup tasks
                #@TestPreamble              Admin adds new root user.
                #@TestStep                  New root user adding backup task.
                #@TestStep                  Alternative root user removing privilege.
                #@TestStep                  New root user adding backup task.
                #@TestStep                  Alternative root user putting back privilege.
                #@TestStep                  New root user adding backup task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1 and 5 and 0
                                            for all other ldap operations.
            -->
          <testcase name="'Privileges: Backup Tasks: backend-backup New Root User'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Backup Tasks: backend-backup, New Root User, preamble, alternative root user adding new root user'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'cn=Aroot' ,
                    'dsInstancePswd'      : 'PrivsRule' ,
                    'entryToBeAdded'      : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, New Root User, new root user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : '3.5' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, New Root User, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-backup' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, New Root User, new root user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : '3.6' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, New Root User, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-backup' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Backup Tasks: backend-backup, New Root User, new root user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule'  ,
                  'taskID'           : '3.7' ,
                  'backupDir'        : '%s/privileges/' % logsRemoteDataDir
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : STAFCmdRC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_cleanup.xml

New file
@@ -0,0 +1,92 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_cleanup"/>

  <function name="privileges_cleanup">

    <sequence>

      <block name="'cleanup'">
      
        <sequence>

			
          <block name="'Block DS Process Stop'">				
          <!--- Stop DS -->
            <sequence>
              <message>
                 'Stop DS running on port %s' % (DIRECTORY_INSTANCE_PORT)
              </message>

              <call function="'StopDsWithScript'">
                { 'location'  : STAF_REMOTE_HOSTNAME,
                  'dsHost'    : DIRECTORY_INSTANCE_HOST,
                  'dsPort'    : DIRECTORY_INSTANCE_PORT,
                  'dsBindDN'  : DIRECTORY_INSTANCE_DN,
                  'dsBindPwd' : DIRECTORY_INSTANCE_PSWD }
              </call>

              <call function="'checkRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult }
              </call>

            </sequence>			  
          <!--- End Block DS Process Stop -->
          </block>

      <block name="'Block Remove DS Topology'">
              <!-- Remove  the topology created for the test suite -->
              <sequence>
				
                <message>
                 'Remove DS topology created for the Test Suite'
                </message>				  

                <call function="'removeTopology'"/>
				
                <call function="'checkRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult }
                </call>
			
              </sequence>			  
             <!-- End Block Remove DS Topology-->  
            </block>	  														  
			        
			
        </sequence>        
      </block>
            
     </sequence>

  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_directory_manager.xml

New file
@@ -0,0 +1,2206 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_directory_manager"/>

  <function name="privileges_directory_manager">

    <sequence>

      <block name="'privileges-directory-manager'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Directory Manager Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regard to basic Directory Manager.
                #@TestSuiteGroup            Basic Privileges Users Tests
                #@TestScript                privileges_directory_manager.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

												    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  bypass-acl 
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for Directory Manager
                #@TestPreamble              Alternate root user removes global search ACI.
                #@TestStep                  Directory Manager searches entry.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager searches entry.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager searches entry.
                #@TestStep                  Alternate root user puts back global search ACI.
                #@TestStep                  Directory Manager searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Directory Manager: bypass-acl'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: bypass-acl, preamble, alternate root user removing global search ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: bypass-acl, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'sn: Carter' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: bypass-acl, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: bypass-acl, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: bypass-acl, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'          : 'cn=Aroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                    'DNToModify'            : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'         : 'ds-privilege-name' ,
                    'newAttributeValue'     : '-bypass-acl' ,
                    'changetype'            : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: bypass-acl, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'sn: Carter' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: bypass-acl, alternate root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
               <message>
                   'Privileges: Directory Manager: bypass-acl, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
            
           <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  bypass-acl, alternate bind DN
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for Directory Manager using alternate bind dn
                #@TestPreamble              Alternate root user removes global search ACI.
                #@TestStep                  Directory Manager searches entry.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Alternate root user puts back global search ACI.
                #@TestStep                  Directory Manager searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 32
                                            for step 2, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Directory Manager: bypass-acl, alternate bind DN'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: bypass-acl, alternate bind DN, alternate root user removing global search ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: bypass-acl, alternate bind DN, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'sn: Carter' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: bypass-acl, alternate bind DN, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'add'  ,
                    'expectedErrorCode'      : '32' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager:  bypass-acl, alternate bind DN, alternate root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
               <message>
                   'Privileges: Directory Manager: bypass-acl, alternate bind DN, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
            
           <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  modify-acl - add aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for Directory Manager - add aci
                #@TestPreamble              none
                #@TestStep                  Directory Manager adds ACI, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager adds second ACI.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager adds second ACI.
                #@TestStep                  Alternate root removes first DM-added ACI.
                #@TestStep                  Alternate root removes second DM-added ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: modify-acl - add aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, check default, DM adding ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, DM adding ACI'
                </message>
    
                <script>
                    search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, DM adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, alternate root user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - add aci, alternate root user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  modify-acl - replace aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for Directory Manager - replace aci
                #@TestPreamble              none
                #@TestStep                  Directory Manager replaces ACI, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager replaces second ACI.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager replaces second ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: modify-acl - replace aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: modify-acl - replace aci, check default, DM replacing ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: modify-acl - replace aci, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - replace aci, DM replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: modify-acl - replace aci, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - replace aci, DM replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  modify-acl - delete aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for Directory Manager - delete aci
                #@TestPreamble              none
                #@TestStep                  Directory Manager deletes ACI, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager deletes second ACI.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: modify-acl - delete aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: modify-acl - delete aci, check default, DM deleting ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_gfarmer\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=gfarmer, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: modify-acl - delete aci, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: modify-acl - delete aci, DM delete ACI'
                </message>
    
                <script>
                    search2_aci="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_abergin\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=abergin, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'delete' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: modify-acl - delete aci, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  config-read 
                #@TestIssue                 472
                #@TestPurpose               config-read privilege for Directory Manager
                #@TestPreamble              none
                #@TestStep                  Directory Manager searches cn=config, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager searches cn=config.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager searches cn=config.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Directory Manager: config-read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: config-read, check default privilege, DM searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: cn=config' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'ds-cfg-check-schema:' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-read, alternate root removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'          : 'cn=Aroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                    'DNToModify'            : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'         : 'ds-privilege-name' ,
                    'newAttributeValue'     : '-config-read' ,
                    'changetype'            : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Directory Manager: config-read, DM searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-read, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'          : 'cn=Aroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                    'DNToModify'            : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'         : 'ds-privilege-name' ,
                    'newAttributeValue'     : '-config-read' ,
                    'changetype'            : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Directory Manager: config-read, DM searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: cn=config' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  config-write 
                #@TestIssue                 472
                #@TestPurpose               config-write privilege for Directory Manager
                #@TestPreamble              none
                #@TestStep                  Directory Manager modifies cn=config, default behavior.
                #@TestStep                  Alternate root user removes read privilege.
                #@TestStep                  Directory Manager modifies cn=config.
                #@TestStep                  Alternate root user removes write privilege.
                #@TestStep                  Directory Manager modifies cn=config.
                #@TestStep                  Alternate root user puts back read privilege.
                #@TestStep                  Directory Manager modifies cn=config.
                #@TestStep                  Alternate root user puts back write privilege.
                #@TestStep                  Directory Manager modifies cn=config.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, 5, and 7 and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: config-write'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: config-write, check default privilege, DM modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Directory Manager: config-write, alternate root user removing read privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write, DM modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write, alternate root user removing write privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write, DM modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write, alternate root user putting back read privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write, DM modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write, alternate root user putting back write privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write, DM modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' }
                </call>

                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  config-write - add global aci
                #@TestIssue                 472
                #@TestPurpose               config-write privilege for Directory Manager - add global aci
                #@TestPreamble              none
                #@TestStep                  Directory Manager adds global ACI, default behavior.
                #@TestStep                  Alternate root user removes read privilege.
                #@TestStep                  Directory Manager adds global ACI.
                #@TestStep                  Alternate root user removes write privilege.
                #@TestStep                  Alternate root user puts back read privilege.
                #@TestStep                  Directory Manager modifies cn=config.
                #@TestStep                  Alternate root user puts back write privilege.
                #@TestStep                  Directory Manager modifies cn=config.
                #@TestStep                  Alternate root deletes first DM-added global aci.
                #@TestStep                  Alternate root deletes second DM-added global aci.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, 6, and 8, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: config-write - add global aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, check default, DM adding global ACI'
                </message>
    
                <script>
                    global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, alternate root user removing config-read privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, DM adding ACI'
                </message>
    
                <script>
                    global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, alternate user removing config-write privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, alternate root user putting back config-read privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, DM  adding global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, alternate root user putting back config-write privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, DM adding global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: config-write - add global aci, alternate root user deleting write global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Directory Manager: config-write - add global aci, alternate root user deleting write global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  password-reset 
                #@TestIssue                 479
                #@TestPurpose               password-reset privilege for Directory Manager
                #@TestPreamble              none
                #@TestStep                  Directory Manager resets user password, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager resets user password.
                #@TestStep                  Alternate root user puts privilege.
                #@TestStep                  Directory Manager resets user password.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: password-reset'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: password-reset, check default privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'pickles' ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: password-reset, alternate root user removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-password-reset' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: password-reset, DM resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'pickles' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: password-reset, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-password-reset' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: password-reset, DM resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'pickles' ,
                    'changetype'             : 'replace' }
                </call>
                
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  update-schema 
                #@TestIssue                 468
                #@TestPurpose               update-schema privilege for Directory Manager
                #@TestPreamble              none
                #@TestStep                  Alternate root user adds entry that uses new object class.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager adds new schema object.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager adds new schema object.
                #@TestStep                  Alternate root user adds entry that uses new object class.
                #@TestStep                  Alternate root user searches new entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, 65 for step 1, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: update-schema'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: update-schema, alternate root user adding entry that users new object class'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'entryToBeAdded'   : '%s/privileges/add_entry_with_new_objclass.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 65">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: update-schema, alternate root user removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-update-schema' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: update-schema, DM adding new schema object'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
                    'entryToBeModified'   : '%s/privileges/addmozobj.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: update-schema, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-update-schema' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: update-schema, DM adding new schema object'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
                    'entryToBeModified'   : '%s/privileges/addmozobj.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: update-schema, alternate root user adding entry that users new object class'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'entryToBeAdded'   : '%s/privileges/add_entry_with_new_objclass.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: update-schema, alternate root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=sfish,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                 <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'uid: sfish' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  privilege-change
                #@TestIssue                 1213
                #@TestPurpose               privilege-change privilege for Directory Manager
                #@TestPreamble              Alternate root user adding write ACI
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager adds modify-acl privilege to second user.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager adds modify-acl privilege to second user.
                #@TestStep                  Second user adds an ACI.
                #@TestStep                  Directory Manager removes modify-acl privilege from second user.
                #@TestStep                  Alternate root user deletes user-added ACI.
                #@TestStep                  Alternate root user deletes write ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: privilege-change'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Directory Manager: privilege-change, preamble, alternate root user adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Directory Manager: privilege-change, alternate root user removing privilege from DM'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-privilege-change' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: privilege-change, DM adding privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD  ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Directory Manager: privilege-change, alternate root user putting back privilege to DM'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-privilege-change' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: privilege-change, DM adding privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD  ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: privilege-change, second user adding ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Directory Manager: privilege-change, DM removing privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD  ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: privilege-change, alternate root user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: privilege-change, alternate root user deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
    
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  server-shutdown
                #@TestIssue                 477
                #@TestPurpose               server-shutdown privilege for Directory Manager
                #@TestPreamble              none
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager adds shutdown task.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager adds shutdown task.
                #@TestStep                  Directory Manager searches for an entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: server-shutdown'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Directory Manager: server-shutdown, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-shutdown' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: server-shutdown, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-shutdown' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                <else>
                        <!--- Start DS -->
                        <sequence>
				
                        <message>
                        'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
                        </message>
  
                        <!--- Start DS -->
                        <call function="'StartDsWithScript'">
                        { 'location'  : STAF_REMOTE_HOSTNAME }
                        </call>
  
                        <call function="'checkRC'">
                        { 'returncode' : RC ,
                          'result'     : STAXResult }
                        </call>
  
                        <!--- Check that DS started -->
                        <call function="'isAlive'">
                        { 'noOfLoops'        : 5 ,
                          'noOfMilliSeconds' : 2000 }
                        </call>			
                        </sequence>
                        <!--- End Block DS Process Active -->
                </else>
        </if>
                
                <message>
                   'Privileges: Directory Manager: server-shutdown, DM searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    		
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Directory Manager Tests
                #@TestName                  server-restart
                #@TestIssue                 477
                #@TestPurpose               server-restart privilege for Directory Manager
                #@TestPreamble              none
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Directory Manager adds restart task.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  Directory Manager adds restart task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Directory Manager: server-restart'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Directory Manager: server-restart, alternate root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-restart' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: server-restart, DM adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: server-restart, alternate root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-restart' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Directory Manager: server-restart, DM adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : STAXCurrentTestcase
                }
                </call>
                
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    		
           
         
            
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_export_task.xml

New file
@@ -0,0 +1,524 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_export_task"/>

  <function name="privileges_export_task">

    <sequence>

      <block name="'privileges-export-task'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Export Tasks Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regard to basic users.
                #@TestSuiteGroup            Basic Privileges Export Tasks Tests
                #@TestScript                privileges_export_task.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

												    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Export Tasks Tests
                #@TestName                  ldif-export
                #@TestIssue                 474
                #@TestPurpose               Privileges for regular users to add export tasks
                #@TestPreamble              none
                #@TestStep                  User adding export task.
                #@TestStep                  Admin adding privilege.
                #@TestStep                  User adding export task.
                #@TestStep                  Admin adding global ACI.
                #@TestStep                  User adding export task.
                #@TestStep                  Admin deleting privilege.
                #@TestStep                  Admin deleting global ACI.
                #@TestStep                  User adding export task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3 and 8, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
            -->
          <testcase name="'Privileges: Export Tasks: export-ldif'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Export Tasks: export-ldif, user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '1' ,
                  'ldifFile'         : '%s/privileges/export_task_out.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'ldif-export' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '1' ,
                  'ldifFile'         : '%s/privileges/export_task_out.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Admin adding global ACI'
                </message>
    
                <script>
                    aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Export Tasks: export-ldif, user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '1' ,
                  'ldifFile'         : '%s/privileges/export_task_out.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'ldif-export' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Admin deleting global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Export Tasks: export-ldif, user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : '1.1' ,
                  'ldifFile'         : '%s/privileges/export_task_out2.ldif' % logsRemoteDataDir
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult ,
                    'expected'   : 50 }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
      <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Export Tasks Tests
                #@TestName                  ldif-export, Directory Manager
                #@TestIssue                 474
                #@TestPurpose               Privileges for Directory Manager to add export tasks
                #@TestPreamble              none
                #@TestStep                  Directory Manager adding export task.
                #@TestStep                  Alternative root user removing privilege from Directory Manager.
                #@TestStep                  Directory Manager adding export task.
                #@TestStep                  Alternative root user putting back privilege to Directory Manager.
                #@TestStep                  Directory Manager adding export task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations. 
            -->
          <testcase name="'Privileges: Export Tasks: export-ldif Directory Manager'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Export Tasks: export-ldif, Directory Manager, DM adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : '1.1' ,
                  'ldifFile'         : '%s/privileges/export_task_out3.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Directory Manager, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-export' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Directory Manager, DM adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : '1.2' ,
                  'ldifFile'         : '%s/privileges/export_task_out4.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Directory Manager, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-export' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, Directory Manager, DM adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'           : '1.3' ,
                  'ldifFile'         : '%s/privileges/export_task_out5.ldif' % logsRemoteDataDir
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : STAFCmdRC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Export Tasks Tests
                #@TestName                  ldif-export, New Root User
                #@TestIssue                 474
                #@TestPurpose               Privileges for new root user to add export tasks
                #@TestPreamble              Admin adds new root user.
                #@TestStep                  New root user adding export task.
                #@TestStep                  Alternative root user removing privilege from new root user.
                #@TestStep                  New root user adding export task.
                #@TestStep                  Alternative root user putting back privilege to new root user.
                #@TestStep                  New root user adding export task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
           -->
          <testcase name="'Privileges: Export Tasks: export-ldif New Root User'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Export Tasks: export-ldif, New Root User, preamble, alternative root user adding new root user'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'cn=Aroot' ,
                    'dsInstancePswd'      : 'PrivsRule' ,
                    'entryToBeAdded'      : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif, New Root User, new root user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : '1.4' ,
                  'ldifFile'         : '%s/privileges/export_task_out6.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif,  New Root User, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-export' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif,  New Root User, new root user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : '1.5' ,
                  'ldifFile'         : '%s/privileges/export_task_out7.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif,  New Root User, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-export' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Export Tasks: export-ldif,  New Root User, new root user adding export task'
                </message>
    
                <call function="'exportLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : '1.6' ,
                  'ldifFile'         : '%s/privileges/export_task_out8.ldif' % logsRemoteDataDir
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : STAFCmdRC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_import_task.xml

New file
@@ -0,0 +1,519 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_import_task"/>

  <function name="privileges_import_task">

    <sequence>

      <block name="'privileges-import-task'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Import Tasks Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regrad to basic users.
                #@TestSuiteGroup            Basic Privileges Import Tasks Tests
                #@TestScript                privileges_import_task.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

        <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Import Tasks Tests
                #@TestName                  ldif-import
                #@TestIssue                 474
                #@TestPurpose               Privileges for regular users to add import tasks
                #@TestPreamble              none
                #@TestStep                  User adding import task.
                #@TestStep                  Admin adding privilege.
                #@TestStep                  User adding import task.
                #@TestStep                  Admin adding global ACI.
                #@TestStep                  User adding import task.
                #@TestStep                  Admin deleting global ACI.
                #@TestStep                  Admin searching an entry that was imported.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1 and 3, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
            -->
          <testcase name="'Privileges: Import Tasks: import-ldif'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Import Tasks: import-ldif, user adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                  'ldifFile'         : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'ldif-import' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, user adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                  'ldifFile'         : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Admin adding ACI'
                </message>
    
                <script>
                    aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-import-backend-id || ds-task-import-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Import Tasks: import-ldif, user adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules' ,
                  'taskID'           : STAXCurrentTestcase,
                  'ldifFile'         : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Admin deleting global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Import Tasks: bypass-acl, Admin searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=rhunt,ou=People,ou=import task,o=Privileges Tests' }
                </call>
               
                
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Import Tasks Tests
                #@TestName                  ldif-import, Directory Manager
                #@TestIssue                 474
                #@TestPurpose               Privileges for Directory Manager to add import tasks
                #@TestPreamble              none
                #@TestStep                  Alternative root user removing privilege from Directory Manager.
                #@TestStep                  Directory Manager adding import task.
                #@TestStep                  Alternative root user putting back privilege to Directory Manager.
                #@TestStep                  Directory Manager adding import task.
                #@TestStep                  Alternative root user searching an entry that was imported.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
            -->
          <testcase name="'Privileges: Import Tasks: import-ldif Directory Manager'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Import Tasks: import-ldif, Directory Manager, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-import' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Directory Manager, DM adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'          : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'            : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'          : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'                  : STAXCurrentTestcase,
                  'ldifFile'                : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Directory Manager, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-import' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Directory Manager, DM adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'          : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'            : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'          : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'                  : STAXCurrentTestcase,
                  'ldifFile'                : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, Directory Manager, alternative root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=rhunt,ou=People,ou=import task,o=Privileges Tests' }
                </call>
               
                
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Import Task Tests
                #@TestName                  ldif-import, New Root User
                #@TestIssue                 474
                #@TestPurpose               Privileges for new root user to add import tasks
                #@TestPreamble              Admin adds new root user.
                #@TestStep                  Alternative root user removing privilege from new root user.
                #@TestStep                  New root user adding import task.
                #@TestStep                  Alternative root user putting back privilege to new root user.
                #@TestStep                  New root user adding import task.
                #@TestStep                  Alternative root user searching an entry that was imported.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
           -->
          <testcase name="'Privileges: Import Tasks: import-ldif New Root User'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Import Tasks: import-ldif, New Root User, preamble, Admin adding new root user'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
                    'entryToBeAdded'      : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, New Root User, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-import' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, New Root User, new root user adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'          : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'            : 'cn=Zroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                  'taskID'                  : STAXCurrentTestcase,
                  'ldifFile'                : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, New Root User, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-ldif-import' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, New Root User, new root user adding import task'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'          : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'          : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'            : 'cn=Zroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                  'taskID'                  : STAXCurrentTestcase,
                  'ldifFile'                : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Import Tasks: import-ldif, New Root User, alternative root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=rhunt,ou=People,ou=import task,o=Privileges Tests' }
                </call>
               
                
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_new_root_user.xml

New file
@@ -0,0 +1,2244 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_new_root_user"/>

  <function name="privileges_new_root_user">

    <sequence>

      <block name="'privileges-new-root-user'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Directory Manager Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regard to basic Directory Manager.
                #@TestSuiteGroup            Basic Privileges Users Tests
                #@TestScript                privileges_directory_manager.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

												    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  preamble 
                #@TestIssue                 468
                #@TestPurpose               Preamble - add a new root user
                #@TestPreamble              none
                #@TestStep                  Admin adds a new root user.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations, and
                                            and entry is returned only for step 1.
            -->
            <testcase name="'Privileges: New Root User: preamble'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: preamble, Admin adding new root user'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
                    'entryToBeAdded'      : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
                </call>
    
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
            
           <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  bypass-acl 
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for new root user
                #@TestPreamble              Alternate root user removes global search ACI.
                #@TestStep                  New root user searches entry.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user searches entry.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user searches entry.
                #@TestStep                  Alternate root user puts back global search ACI.
                #@TestStep                  New root user searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: New Root User: bypass-acl'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: bypass-acl, alternative root user removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: bypass-acl, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'sn: Carter' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: bypass-acl, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: bypass-acl, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: bypass-acl, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: bypass-acl, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'sn: Carter' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: bypass-acl, alternative root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
               <message>
                   'Privileges: New Root User: bypass-acl, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
            
           <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  bypass-acl, alternate bind DN
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for new root user using alternate bind dn
                #@TestPreamble              Alternate root user removes global search ACI.
                #@TestStep                  New root user searches entry.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  Alternate root user puts back global search ACI.
                #@TestStep                  New root user searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 32
                                            for step 2, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: New Root User: bypass-acl, alternate bind DN'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: bypass-acl, alternate bind DN, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'sn: Carter' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: bypass-acl, alternate bind DN, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '32' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User:  bypass-acl, alternate bind DN, alternative root user putting back global search ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
               <message>
                   'Privileges: New Root User: bypass-acl, alternate bind DN, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
            
           <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  modify-acl - add aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for new root user - add aci
                #@TestPreamble              none
                #@TestStep                  New root user adds ACI, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user adds second ACI.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user adds second ACI.
                #@TestStep                  Alternate root removes first ACI.
                #@TestStep                  Alternate root removes second ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: modify-acl - add aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: modify-acl - add aci, check default, new root user adding ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: modify-acl - add aci, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - add aci, new root user adding second ACI'
                </message>
    
                <script>
                    search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: modify-acl - add aci, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - add aci, new root user adding second ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - add aci, alternative root user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - add aci, alternative root user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  modify-acl - replace aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for new root user - replace aci
                #@TestPreamble              none
                #@TestStep                  New root user replaces ACI, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user replaces second ACI.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user replaces second ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: modify-acl - replace aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: modify-acl - replace aci, preamble, check default, new root user replacing ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: modify-acl - replace aci, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - replace aci, new root user replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: modify-acl - replace aci, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - replace aci, new root user replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  modify-acl - delete aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for new root user - delete aci
                #@TestPreamble              none
                #@TestStep                  New root user deletes ACI, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user deletes second ACI.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: modify-acl - delete aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: modify-acl - delete aci, preamble, check default, new root user deleting ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_gfarmer\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=gfarmer, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: modify-acl - delete aci, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: modify-acl - delete aci, new root user delete ACI'
                </message>
    
                <script>
                    search2_aci="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_abergin\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=abergin, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'delete' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: modify-acl - delete aci, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  config-read 
                #@TestIssue                 472
                #@TestPurpose               config-read privilege for new root user
                #@TestPreamble              none
                #@TestStep                  New root user searches cn=config, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user searches cn=config.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user searches cn=config.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: New Root User: config-read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: config-read, new root user searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: cn=config' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'ds-cfg-check-schema:' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-read, alternative root removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: New Root User: config-read, new root user searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-read, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: New Root User: config-read, new root user searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: cn=config' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  config-write 
                #@TestIssue                 472
                #@TestPurpose               config-write privilege for new root user
                #@TestPreamble              none
                #@TestStep                  New root user modifies cn=config, default behavior.
                #@TestStep                  Alternate root user removes read privilege.
                #@TestStep                  New root user modifies cn=config.
                #@TestStep                  Alternate root user removes write privilege.
                #@TestStep                  New root user modifies cn=config.
                #@TestStep                  Alternate root user puts back read privilege.
                #@TestStep                  New root user modifies cn=config.
                #@TestStep                  Alternate root user puts back write privilege.
                #@TestStep                  New root user modifies cn=config.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, 5, and 7 and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: config-write'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: config-write, new root user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: New Root User: config-write, alternative root user removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write, new root user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write, alternative root user removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write, new root user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write, altrnative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write, new root user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write, new root user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' }
                </call>

                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  config-write - add global aci
                #@TestIssue                 472
                #@TestPurpose               config-write privilege for new root user - add global aci
                #@TestPreamble              none
                #@TestStep                  New root user adds global ACI, default behavior.
                #@TestStep                  Alternate root user removes read privilege.
                #@TestStep                  New root user adds global ACI.
                #@TestStep                  Alternate root user removes write privilege.
                #@TestStep                  Alternate root user puts back read privilege.
                #@TestStep                  New root user modifies cn=config.
                #@TestStep                  Alternate root user puts back write privilege.
                #@TestStep                  New root user modifies cn=config.
                #@TestStep                  Alternate root deletes first added global aci.
                #@TestStep                  Alternate root deletes second added global aci.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, 6, and 8, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: config-write - add global aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: config-write - add global aci, new root user adding global ACI'
                </message>
    
                <script>
                    global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write - add global aci, alternative root user removing config-read privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write - add global aci, new root user adding ACI'
                </message>
    
                <script>
                    global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write - add global aci, altrnative user removing config-write privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write - add global aci, alternative root user putting back config-read privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write - add global aci, new root user adding global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write - add global aci, alternative root user putting back config-write privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-config-write' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: config-write - add global aci, new root user adding global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: config-write - add global aci, new root user deleting write global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: New Root User: config-write - add global aci, new root user deleting write global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  password-reset 
                #@TestIssue                 479
                #@TestPurpose               password-reset privilege for new root user
                #@TestPreamble              none
                #@TestStep                  New root user resets user password, default behavior.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user resets user password.
                #@TestStep                  Alternate root user puts privilege.
                #@TestStep                  New root user resets user password.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: password-reset'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: password-reset, new root user resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'pickles' ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: password-reset, alternative root user adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-password-reset' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: password-reset, new root user resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'pickles' ,
                    'changetype'             : 'replace',
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: password-reset, alternative root user deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-password-reset' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: password-reset, new root user resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'pickles' ,
                    'changetype'             : 'replace' }
                </call>
                
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  update-schema 
                #@TestIssue                 468
                #@TestPurpose               update-schema privilege for new root user
                #@TestPreamble              none
                #@TestStep                  Alternate root user adds entry that uses new object class.
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user adds new schema object.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user adds new schema object.
                #@TestStep                  Alternate root user adds entry that uses new object class.
                #@TestStep                  Alternate root user searches new entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 3, 65 for step 1, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: update-schema'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: update-schema, alternate root user adding entry that users new object class'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'entryToBeAdded'   : '%s/privileges/add_entry_with_new_objclass.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 65">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: update-schema, alternative root user removing privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-update-schema' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: update-schema, new root user adding new schema object'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'cn=Zroot' ,
                    'dsInstancePswd'      : 'PrivsRule' ,
                    'entryToBeModified'   : '%s/privileges/addmozobj.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: update-schema, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-update-schema' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: update-schema, new root user adding new schema object'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'cn=Zroot' ,
                    'dsInstancePswd'      : 'PrivsRule' ,
                    'entryToBeModified'   : '%s/privileges/addmozobj.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: update-schema, alternate root user adding entry that users new object class'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'entryToBeAdded'   : '%s/privileges/add_entry_with_new_objclass.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: update-schema, alternate root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=sfish,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                 <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'uid: sfish' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  privilege-change
                #@TestIssue                 1213
                #@TestPurpose               privilege-change privilege for new root user
                #@TestPreamble              Alternate root user adding write ACI
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user adds modify-acl privilege to second user.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user adds modify-acl privilege to second user.
                #@TestStep                  Second user adds an ACI.
                #@TestStep                  New root user removes modify-acl privilege from second user.
                #@TestStep                  Alternate root user deletes user-added ACI.
                #@TestStep                  Alternate root user deletes write ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: privilege-change'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: New Root User: privilege-change, alternative root user adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule'  ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: New Root User: privilege-change, alternative root user removing privilege from new root user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-privilege-change' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: privilege-change, new root user adding privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: New Root User: privilege-change, alternative root user putting back privilege to new root user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-privilege-change' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: privilege-change, new root user adding privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: privilege-change, second user adding ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: New Root User: privilege-change, new root user removing privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Zroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: privilege-change, alternative root user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: privilege-change, alternative root user deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'         : 'dc=example,dc=com' ,
                    'attributeName'  : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
    
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  server-shutdown
                #@TestIssue                 477
                #@TestPurpose               server-shutdown privilege for new root user
                #@TestPreamble              none
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user adds shutdown task.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user adds shutdown task.
                #@TestStep                  New root user searches for an entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: server-shutdown'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: New Root User: server-shutdown, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-shutdown' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: server-shutdown, new root user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: server-shutdown, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-shutdown' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: server-shutdown, new root user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule'  ,
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                <else>
                        <!--- Start DS -->
                        <sequence>
				
                        <message>
                        'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
                        </message>
  
                        <!--- Start DS -->
                        <call function="'StartDsWithScript'">
                        { 'location'  : STAF_REMOTE_HOSTNAME }
                        </call>
  
                        <call function="'checkRC'">
                        { 'returncode' : RC ,
                          'result'     : STAXResult }
                        </call>
  
                        <!--- Check that DS started -->
                        <call function="'isAlive'">
                        { 'noOfLoops'        : 5 ,
                          'noOfMilliSeconds' : 2000 }
                        </call>			
                        </sequence>
                        <!--- End Block DS Process Active -->
                </else>
        </if>
                
                <message>
                   'Privileges: New Root User: server-shutdown, new root user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    		
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges New Root User Tests
                #@TestName                  server-restart
                #@TestIssue                 477
                #@TestPurpose               server-restart privilege for new root user
                #@TestPreamble              none
                #@TestStep                  Alternate root user removes privilege.
                #@TestStep                  New root user adds restart task.
                #@TestStep                  Alternate root user puts back privilege.
                #@TestStep                  New root user adds restart task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 2, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: New Root User: server-restart'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: New Root User: server-restart, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-restart' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: server-restart, new root user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: server-restart, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-server-restart' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: New Root User: server-restart, new root user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'cn=Zroot' ,
                  'dsInstancePswd'   : 'PrivsRule' ,
                  'taskID'           : STAXCurrentTestcase
                }
                </call>
                
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	 
            
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_restore_task.xml

New file
@@ -0,0 +1,718 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_restore_task"/>

  <function name="privileges_restore_task">

    <sequence>

      <block name="'privileges-restore-task'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Restore Tasks Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regard to basic users.
                #@TestSuiteGroup            Basic Privileges Restore Tasks Tests
                #@TestScript                privileges_restore_task.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

												    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Restore Tasks Tests
                #@TestName                  backend-restore
                #@TestIssue                 475
                #@TestPurpose               Privileges for regular users to add restore tasks
                #@TestPreamble              Admin add import task to add entries.
                #@TestStep                  Admin adding backup task.
                #@TestStep                  Admin delete entry.
                #@TestStep                  Admin search entry that was deleted.
                #@TestStep                  Admin adding privilege.
                #@TestStep                  User adding restore task.
                #@TestStep                  Admin adding global ACI.
                #@TestStep                  User adding restore task.
                #@TestStep                  Admin deleting global ACI.
                #@TestStep                  Admin searching deleted entry that was restored.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 5, 32 for step 3, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
            -->
          <testcase name="'Privileges: Restore Tasks: backend-restore'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Restore Tasks: backend-restore, Admin adding import task to create entries'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                  'taskID'              : STAXCurrentTestcase,
                  'ldifFile'            : '%s/privileges/privileges_restore_task/restore_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Admin adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                  'taskID'              : '6' ,
                  'backupDir'           : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Admin deleting entry'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'          : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'        : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeModified'     : '%s/privileges/privileges_restore_task/del_entry.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                  'Privileges: Restore Tasks: backend-restore, Admin searching entry'
                </message>
                
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <if expr="RC != 32">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Restore Tasks: backend-restore, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'backend-restore' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, user adding restore task'
                </message>
                
                <call function="'restoreTask'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules',
                    'taskID'           : '6.1',
                    'backupDir'        : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                  }
                </call>
      
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Admin adding global ACI'
                </message>
    
                <script>
                    aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-id || ds-backup-directory-path || ds-task-restore-verify-only\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                  'Privileges: Restore Tasks: backend-restore, user adding restore task'
                </message>
                
                <call function="'restoreTask'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules',
                    'taskID'           : '6.2',
                    'backupDir'        : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                  }
                </call>
      
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Admin deleting global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                  'Privileges: Restore Tasks: backend-restore, Admin searching entry'
                </message>
                
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=tmorris,ou=People,ou=restore task,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Restore Tasks Tests
                #@TestName                  backend-restore, Directory Manager
                #@TestIssue                 475
                #@TestPurpose               Privileges for Directory Manager to add restore tasks
                #@TestPreamble              Alternative root user add import task to add entries.
                #@TestStep                  Alternative root user adding backup task.
                #@TestStep                  Alternative root user delete entry.
                #@TestStep                  Alternative root user search entry that was deleted.
                #@TestStep                  Alternative root user removing privilege from Directory Manager.
                #@TestStep                  Directory Manager adding restore task.
                #@TestStep                  Alternative root user putting back privilege to Directory Manager.
                #@TestStep                  Directory Manager adding restore task.
                #@TestStep                  Alternative root user searching deleted entry that was restored.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 5, 32 for step 3, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
            -->
          <testcase name="'Privileges: Restore Tasks: backend-restore Directory Manager'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                 <message>
                   'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user adding import task to create entries'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'        : 'cn=Aroot' ,
                  'dsInstancePswd'      : 'PrivsRule' ,
                  'taskID'              : STAXCurrentTestcase,
                  'ldifFile'            : '%s/privileges/privileges_restore_task/restore_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'        : 'cn=Aroot' ,
                  'dsInstancePswd'      : 'PrivsRule' ,
                  'taskID'              : '6.3' ,
                  'backupDir'           : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user deleting entry'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'          : 'cn=Aroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                    'entryToBeModified'     : '%s/privileges/privileges_restore_task/del_entry.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                  'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user searching entry'
                </message>
                
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <if expr="RC != 32">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-restore' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, Directory Manager, DM adding restore task'
                </message>
                
                <call function="'restoreTask'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD,
                    'taskID'           : '6.4',
                    'backupDir'        : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                  }
                </call>
      
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-restore' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, Directory Manager, DM adding restore task'
                </message>
                
                <call function="'restoreTask'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD,
                    'taskID'           : '6.5',
                    'backupDir'        : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                  }
                </call>
      
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, Directory Manager, alternative root user searching entry'
                </message>
                
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=tmorris,ou=People,ou=restore task,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Restore Tasks Tests
                #@TestName                  backend-restore, New User Root
                #@TestIssue                 475
                #@TestPurpose               Privileges for new root user to add restore tasks
                #@TestPreamble              Alternative root user adding new root user.
                #@TestStep                  Alternative root user add import task to add entries.
                #@TestStep                  Alternative root user adding backup task.
                #@TestStep                  Alternative root user delete entry.
                #@TestStep                  Alternative root user search entry that was deleted.
                #@TestStep                  Alternative root user removing privilege from new root user.
                #@TestStep                  New root user adding restore task.
                #@TestStep                  Alternative root user putting back privilege to new root user.
                #@TestStep                  New root user adding restore task.
                #@TestStep                  Alternative root user searching deleted entry that was restored.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 6, 32 for step 4, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for searches.
            -->
          <testcase name="'Privileges: Restore Tasks: backend-restore New User Root'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Restore Tasks: backend-restore, New User Root, preamble, alternative root user adding new root user'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'cn=Aroot' ,
                    'dsInstancePswd'      : 'PrivsRule' ,
                    'entryToBeAdded'      : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, New User Root, alternative root user adding import task to create entries'
                </message>
    
                <call function="'importLdifTask'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'        : 'cn=Aroot' ,
                  'dsInstancePswd'      : 'PrivsRule' ,
                  'taskID'              : STAXCurrentTestcase,
                  'ldifFile'            : '%s/privileges/privileges_restore_task/restore_task.ldif' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, New User Root, new root user adding backup task'
                </message>
    
                <call function="'backupTask'">
                { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'      : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'        : 'cn=Zroot' ,
                  'dsInstancePswd'      : 'PrivsRule' ,
                  'taskID'              : '6.6' ,
                  'backupDir'           : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, New User Root, alternative root user deleting entry'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'        : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'        : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'          : 'cn=Aroot' ,
                    'dsInstancePswd'        : 'PrivsRule' ,
                    'entryToBeModified'     : '%s/privileges/privileges_restore_task/del_entry.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                  'Privileges: Restore Tasks: backend-restore, New User Root, alternative root user searching entry'
                </message>
                
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'dsBaseDN'         : 'uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <if expr="RC != 32">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Restore Tasks: backend-restore, New User Root, alternative root user removing privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-restore' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, New User Root, new root user adding restore task'
                </message>
                
                <call function="'restoreTask'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'taskID'           : '6.7',
                    'backupDir'        : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                  }
                </call>
      
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Restore Tasks: backend-restore, New User Root, alternative root user putting back privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'cn=Aroot' ,
                    'dsInstancePswd'         : 'PrivsRule' ,
                    'DNToModify'             : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-backend-restore' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, New User Root, new root user adding restore task'
                </message>
                
                <call function="'restoreTask'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                    'dsInstanceDn'     : 'cn=Zroot' ,
                    'dsInstancePswd'   : 'PrivsRule' ,
                    'taskID'           : '6.8',
                    'backupDir'        : '%s/privileges/privileges_restore_task/' % logsRemoteDataDir
                  }
                </call>
      
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                  'Privileges: Restore Tasks: backend-restore, New User Root, alternative root user searching entry'
                </message>
                
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'cn=Aroot' ,
                    'dsInstancePswd'   : 'PrivsRule'  ,
                    'dsBaseDN'         : 'uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=tmorris,ou=People,ou=restore task,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    	
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_setup.xml

New file
@@ -0,0 +1,128 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_setup"/>

  <function name="privileges_setup">

    <sequence>

      <block name="'setup'">
      
        <sequence>

          <script>
            CurrentTestPath['group']='privileges'
          </script>
						  
				  
      <block name="'Block Create DS Topology'">
            <!-- Create the topology necessary to the test group/suite -->
            <sequence>
								
              <message>
                 'Create DS topology as described in config.py'
              </message>
				  
          <call function="'createTopology'">
                { 'initialiseInstance' : True }
              </call>
				    				
              <call function="'checkRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult }
              </call>
      
            </sequence>      
          <!--- End Block Create DS Topology -->	
          </block>				  				  


      <block name="'Block DS Process Active'">	  	
          <!--- Start DS -->
              <sequence>
				
              <message>
                 'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
              </message>
  
              <!--- Start DS -->
              <call function="'StartDsWithScript'">
               { 'location'  : STAF_REMOTE_HOSTNAME }
              </call>
  
              <call function="'checkRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult }
              </call>
  
              <!--- Check that DS started -->
              <call function="'isAlive'">
                { 'noOfLoops'        : 5 ,
                  'noOfMilliSeconds' : 2000 }
              </call>			
				
            </sequence>
          <!--- End Block DS Process Active -->
          </block>			  			
						
          <block name="'Block DS Load Data'">
              <!-- Load the data needed by the test suite -->			
              <sequence>
														  				  
              <message>
                'Privileges: Privileges Setup: Adding Initial Entries'
              </message>
    
              <call function="'addEntry'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'entryToBeAdded'   : '%s/privileges/privileges_startup.ldif' % logsRemoteDataDir }
              </call>
    
              <call function="'checkRC'">
                { 'returncode' : RC ,
                  'result'     : STAXResult }
              </call>
    
            </sequence>      
          <!--- End Block DS Load Data -->	
          </block>		
							
			        
        </sequence>        
      </block>
            
     </sequence>

  </function>

</stax>

 opends/tests/functional-tests/testcases/privileges/privileges_users.xml

New file
@@ -0,0 +1,3490 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->
<stax>

  <defaultcall function="privileges_users"/>

  <function name="privileges_users">

    <sequence>

      <block name="'privileges-users'">
      
        <sequence>
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='privileges'			  			  
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
      
          <call function="'testSuite_Preamble'"/>
          
          <!---
                Place suite-specific test information here.
                #@TestSuiteName             Privileges Users Tests
                #@TestSuitePurpose          Test the basic Privileges Support in regrad to basic users.
                #@TestSuiteGroup            Basic Privileges Users Tests
                #@TestScript                privileges_users.xml
          -->


          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_setup'" />

      <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  bypass-acl 
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for normal users
                #@TestPreamble              User searches entry.
                #@TestStep                  Admin removes global search ACI.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin puts back global search ACI.
                #@TestStep                  User searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Users: bypass-acl'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: bypass-acl, preamble check default privilege'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'delete' }
                </call>
   
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
               
               <message>
                   'Privileges: Users: bypass-acl, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
              
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
               
                <message>
                   'Privileges: Users:  Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                  
                <message>
                   'Privileges: Users: bypass-acl, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  bypass-acl with proxy 
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for normal users with proxy permission
                #@TestPreamble              Admin removes global search ACI.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User searches entry.
                #@TestStep                  Proxied user searches entry.
                #@TestStep                  Admin adds proxy ACI.
                #@TestStep                  Proxied user searches entry.
                #@TestStep                  Admin deletes proxy ACI.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin puts back global search ACI.
                #@TestStep                  User searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Users: bypass-acl with proxy'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: bypass-acl with proxy, preamble, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl with proxy, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with proxy, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                 'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
                </message>
  
                <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ProxyRules' ,
                  'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'attributes'       : 'cn sn uid' }
                </call>
  
                <script> 
                    returnString = STAXResult[0][1]
                </script> 
  
                <call function="'searchStringForSubstring'">
                  { 'returnString'       : returnString ,
                    'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
              
                <if expr="returnCode != '0'">
                  <tcstatus result="'fail'"/>
                </if>
  
                <message>
                 'Privileges: Users: bypass-acl with proxy, adding proxy aci'
                </message>
  
                <script>
                    proxy_aci="(target=\"ldap:///ou=People, o=Privileges Tests, dc=example,dc=com\")(targetattr=\"*\")(version 3.0; acl \"add_proxy_aci\"; allow (proxy) userdn=\"ldap:///uid=aproxy, ou=People, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : proxy_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                  <tcstatus result="'fail'"/>
                </if>
  
                <message>
                 'Privileges: Users: bypass-acl with proxy, proxied user searching targeted entry'
                </message>
  
                <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=aproxy,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ProxyRules' ,
                  'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'attributes'       : 'cn sn uid' }
                </call>
  
                <script> 
                    returnString = STAXResult[0][1]
                </script> 
  
                <call function="'searchStringForSubstring'">
                  { 'returnString'       : returnString ,
                    'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
              
                <if expr="returnCode != '0'">
                  <tcstatus result="'fail'"/>
                </if>
  
                <message>
                   'Privileges: Users: bypass-acl with proxy, Admin deleting ACI'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : proxy_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'         : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with proxy, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users:  bypass-acl with proxy, Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl with proxy, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  bypass-acl removal with minus notation
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for normal users with minus notation
                #@TestPreamble              Admin removes global search ACI.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin adds privilege with minus notation.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin removes privilege with minus notation.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin puts back global search ACI.
                #@TestStep                  User searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Users: bypass-acl with minus notation'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: bypass-acl with minus notation, preamble, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl with minus notation, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with minus notation, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with minus notation, Admin adding privilege with minus notation'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with minus notation, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with minus notation, Admin deleting privilege with minus notation'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : '-bypass-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with minus notation, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with proxy, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: bypass-acl with minus notation, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users:  bypass-acl with minus notation, Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl with minus notation, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  bypass-acl self-modify add
                #@TestIssue                 471
                #@TestPurpose               bypass-acl privilege for normal users with self-modify add
                #@TestPreamble              Admin removes global search ACI.
                #@TestStep                  User adds ACI to itself.
                #@TestStep                  User searches entry.
                #@TestStep                  Admin puts back global search ACI.
                #@TestStep                  User searches entry.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 1, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Users: bypass-acl self-modify add'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: bypass-acl self-modify add, preamble, removing search global ACI'
                </message>
    
                <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl self-modify add, user adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'bypass-acl' ,
                    'changetype'             : 'add' ,
                    'expectedErrorCode'      : '50' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl self-modify add, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users:  bypass-acl self-modify add, Putting Back Search Global ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: bypass-acl self-modify add, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'cn sn uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'dn: uid=scarter,ou=People,o=Privileges Tests' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  modify-acl - add aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for normal users - add aci
                #@TestPreamble              none
                #@TestStep                  User adds ACI, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User adds ACI.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User adds ACI.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User adds second ACI.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  Admin deletes user-added ACI.
                #@TestStep                  User adds second ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, 7 and 10, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Users: modify-acl - add aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: modify-acl - add aci, check default, user adding ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - add aci, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: modify-acl - add aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - add aci, Admin adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - add aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - add aci, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: modify-acl - add aci, user adding second ACI'
                </message>
    
                <script>
                    search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search2_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - add aci, Admin deleting user-added ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - add aci, user adding second ACI'
                </message>
    
                <script>
                    search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search3_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  modify-acl - replace aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for normal users - replace aci
                #@TestPreamble              none
                #@TestStep                  User replaces ACI, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User replaces ACI.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User replaces ACI.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  User replaces ACI.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User replaces ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, 7 and 9, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Users: modify-acl - replace aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: modify-acl - replace aci, check default, user replacing ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"rep_search_aci_tmorris\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - replace aci, Admin adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - replace aci, user replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - replace aci, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: modify-acl - replace aci, user replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - replace aci, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - replace aci, user replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - replace aci, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: modify-acl - replace aci, user replacing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!--
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  modify-acl - delete aci
                #@TestIssue                 471
                #@TestPurpose               modify-acl privilege for normal users - delete aci
                #@TestPreamble              none
                #@TestStep                  User deletes ACI, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User deletes ACI.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User deletes ACI.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  Admin removes privilege.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1 and 3, and 0
                                            for all other ldap operations.
            -->
            <testcase name="'Privileges: Users: modify-acl - delete aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: modify-acl - delete aci, preamble, check default, user deleting ACI'
                </message>
    
                <script>
                    write_aci_dmiller="(targetattr=\"*\")(version 3.0; acl \"del_search_aci_dmiller\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci_dmiller ,
                    'changetype'             : 'delete' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - delete aci, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: modify-acl - delete aci, user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci_dmiller ,
                    'changetype'             : 'delete' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - delete aci, Admin adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - delete aci, user deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci_dmiller ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - delete aci, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: modify-acl - delete aci, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  config-read 
                #@TestIssue                 472
                #@TestPurpose               config-read privilege for normal users
                #@TestPreamble              none
                #@TestStep                  User searches cn=config, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User searches cn=config.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User searches cn=config.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1 and 5, and 0
                                            for all other ldap operations. 
                                            Proper entries returned for allowed searches.
            -->
            <testcase name="'Privileges: Users: config-read'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: config-read, check default privilege, user searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-read, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-read, user searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: cn=config' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'ds-cfg-check-schema:' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-read, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-read, user searching cn=config'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'ACIRules' ,
                    'dsBaseDN'         : 'cn=config' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'ds-cfg-check-schema' ,
                    'extraParams'      : '-s base' }
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'checktestStringNotPresent'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: cn=config' }
                </call>
               
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
             
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  config-write 
                #@TestIssue                 472
                #@TestPurpose               config-write privilege for normal users
                #@TestPreamble              none
                #@TestStep                  User modifies cn=config, check default behavior.
                #@TestStep                  Admin adds write privilege.
                #@TestStep                  User modifies cn=config.
                #@TestStep                  Admin adds read privilege.
                #@TestStep                  User modifies cn=config.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User modifies cn=config.
                #@TestStep                  Admin removes read privilege.
                #@TestStep                  User modifies cn=config.
                #@TestStep                  Admin removes write privilege.
                #@TestStep                  User modifies cn=config.
                #@TestStep                  Admin removes write ACI.
                #@TestStep                  User modifies cn=config.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, 5, 9, 11, and 13, and 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: config-write'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: config-write, check default privilege, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-write' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write, Admin adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"ds-cfg-check-schema\")(version 3.0; acl \"add_write_config\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-write' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: modify-acl - add aci, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write, user modifying cn=config'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'ds-cfg-check-schema' ,
                    'newAttributeValue'      : 'true' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  config-write - add global aci
                #@TestIssue                 472
                #@TestPurpose               config-write privilege for normal users - add global aci
                #@TestPreamble              none
                #@TestStep                  User adds global ACI, check default behavior.
                #@TestStep                  Admin adds read privilege.
                #@TestStep                  User adds global ACI.
                #@TestStep                  Admin adds write privilege.
                #@TestStep                  User adds global ACI.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User adds global ACI.
                #@TestStep                  Admin removes write privilege.
                #@TestStep                  User adds second global ACI.
                #@TestStep                  Admin removes read privilege.
                #@TestStep                  User adds second global ACI.
                #@TestStep                  Admin removes write ACI.
                #@TestStep                  Admin removes user-added global ACI.
                #@TestStep                  User adds second global ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, 5, 9, 11, and 14, and 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: config-write - add global aci'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: config-write - add global aci, check default, user adding ACI'
                </message>
    
                <script>
                    global_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write - add global aci, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-read' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write - add global aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write - add global aci, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-write' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write - add global aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write - add global aci, Admin adding write ACI'
                </message>

                <script>
                    write_aci="(targetattr=\"ds-cfg-global-aci\")(version 3.0; acl \"add_allow_global_aci\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write - add global aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write - add global aci, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-write' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write - add global aci, user adding ACI'
                </message>
    
                <script>
                    global2_aci="(target=\"ldap:///ou=People,o=Privileges Tests,dc=example,dc=com\")(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous write access\"; allow (write) userdn=\"ldap:///anyone\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write - add global aci, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'config-read' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: config-write - add global aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=config' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write - add global aci, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci',
                    'newAttributeValue'      : global_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: config-write - add global aci, user adding ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : global2_aci ,
                    'changetype'             : 'add' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  password-reset 
                #@TestIssue                 479
                #@TestPurpose               config-write privilege for normal users
                #@TestPreamble              Admin adds write ACI
                #@TestStep                  User resets another users password, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User resets another users password.
                #@TestStep                  Other user binds with search operation.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  User resets another users password.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User resets another users password.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 6, and 8, and 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: password-reset'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: password-reset, preamble, Admin adding ACI'
                </message>

                <script>
                    write_aci="(targetattr=\"userpassword\")(version 3.0; acl \"add_modify_acl\"; allow (write,add,delete) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: password-reset, check default privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'bananas' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: password-reset, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'password-reset' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: password-reset, user resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'bananas' ,
                    'changetype'             : 'replace' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: password-reset, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : 'uid=bhall,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'   : 'bananas' ,
                    'dsBaseDN'         : 'ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=bhall,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid: bhall' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: password-reset - delete aci, Admin deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: password-reset, user resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'bananas' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: password-reset, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'password-reset' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: password-reset, user resetting password'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'bananas' ,
                    'changetype'             : 'replace' , 
                    'expectedErrorCode'      : '50' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult  }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  update-schema 
                #@TestIssue                 468
                #@TestPurpose               update-schema privilege for normal users
                #@TestPreamble              Admin adds write ACI
                #@TestStep                  User adds new schema object, check default behavior.
                #@TestStep                  Admin adds new entry that uses new object class.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User adds new schema object.
                #@TestStep                  Admin adds new entry that uses new object class.
                #@TestStep                  Admin searches new entry.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  Admin removes privilege.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for step 1, 65 for step 2, and 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: update-schema'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: update-schema, preamble, Admin adding ACI'
                </message>
    
                <script>
                    write_aci="(target=\"ldap:///cn=schema\")(targetattr=\"objectclasses\")(version 3.0; acl \"add_global_write_schema\"; allow (all) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: update-schema, check default privilege, user adding new schema object'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'      : 'ACIRules'  ,
                    'entryToBeModified'   : '%s/privileges/addmozobj.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: update-schema, Admin adding entry that uses new object class'
                </message>
    
                <call function="'addEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeAdded'   : '%s/privileges/add_entry_with_new_objclass.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 65">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: update-schema, Admin adding privilege'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'update-schema' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: update-schema, user adding new schema object'
                </message>
    
                <call function="'modifyEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'      : 'ACIRules'  ,
                    'entryToBeModified'   : '%s/privileges/addmozobj.ldif' % logsRemoteDataDir }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: update-schema, Admin adding entry that users new object class'
                </message>
    
                <!--
                <script>
                    listAttr=[]
                    listAttr.append('objectclass: top')
                    listAttr.append('objectclass: person')
                    listAttr.append('objectclass: mozillaobject')
                    listAttr.append('cn: Salmon Fish')
                    listAttr.append('sn: Fish')
                    listAttr.append('givenname: Salmon')
                    listAttr.append('l: Cupertino')
                    listAttr.append('uid: sfish')
                </script>
    
                <call function="'addAnEntry'">
                  { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD  ,
                    'DNToAdd'             : 'uid=sfish, ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributesToAdd'     : listAttr }
                </call>
                -->
                
                <call function="'addEntry'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'entryToBeAdded'   : '%s/privileges/add_entry_with_new_objclass.ldif' % logsRemoteDataDir }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: password-reset, user searching entry'
                </message>
    
                <call function="'SearchObject'">
                  { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                    'dsBaseDN'         : 'uid=sfish,ou=People,o=Privileges Tests,dc=example,dc=com' ,
                    'dsFilter'         : 'objectclass=*'  ,
                    'attributes'       : 'uid'}
                </call>
    
                <script> 
                 returnString = STAXResult[0][1]
                </script> 
    
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=sfish,ou=People,o=Privileges Tests' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'uid: sfish' }
                </call>
                
                <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: update-schema, Admin deleting ACI'
                </message>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
    
                <message>
                   'Privileges: Users: update-schema, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'update-schema' ,
                    'changetype'             : 'delete' }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult  }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  privilege-change
                #@TestIssue                 1213
                #@TestPurpose               privilege-change privilege for normal users
                #@TestPreamble              Admin adds write ACI
                #@TestStep                  Admin adds privilege-change privilege to first user.
                #@TestStep                  First user adds modify-acl privilege to second user.
                #@TestStep                  Second user adds an ACI.
                #@TestStep                  Admin removes modify-acl privilege.
                #@TestStep                  Admin removes privilege-change privilege.
                #@TestStep                  Admin deletes user-added ACI.
                #@TestStep                  Admin deletes write ACI.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: privilege-change'">
              <sequence>
                <call function="'testCase_Preamble'"/>
                          
                <message>
                   'Privileges: Users: privilege-change, Admin adding write ACI'
                </message>
    
                <script>
                    write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: privilege-change, Admin adding privilege to first user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'privilege-change' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: privilege-change, first user adding privilege to second user'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: privilege-change, second user adding ACI'
                </message>
    
                <script>
                    search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
                </script>
                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'dsInstancePswd'         : 'ACIRules' ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: privilege-change, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=buser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'modify-acl' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: privilege-change, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'privilege-change' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: privilege-change, Admin deleting ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: privilege-change, Admin deleting write ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : write_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <call function="'checktestRC'">
                    { 'returncode' : RC ,
                      'result'     : STAXResult }
                </call>
              
                <call function="'testCase_Postamble'"/>
    
              </sequence>
            </testcase>
    
            <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  server-shutdown
                #@TestIssue                 477
                #@TestPurpose               server-shutdown privilege for normal users
                #@TestPreamble              none
                #@TestStep                  User adds shutdown task, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User adds shutdown task.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User adds shutdown task.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User adds shutdown task.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  User adds shutdown task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, 7, and 9, and 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: server-shutdown'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Users: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
               
                <message>
                   'Privileges: Users: server-shutdown, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'server-shutdown' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: server-shutdown, Admin adding ACI'
                </message>
    
                <script>
                    search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                <else>
                        <!--- Start DS -->
                        <sequence>
				
                        <message>
                        'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
                        </message>
  
                        <!--- Start DS -->
                        <call function="'StartDsWithScript'">
                        { 'location'  : STAF_REMOTE_HOSTNAME }
                        </call>
  
                        <call function="'checkRC'">
                        { 'returncode' : RC ,
                          'result'     : STAXResult }
                        </call>
  
                        <!--- Check that DS started -->
                        <call function="'isAlive'">
                        { 'noOfLoops'        : 5 ,
                          'noOfMilliSeconds' : 2000 }
                        </call>			
                        </sequence>
                        <!--- End Block DS Process Active -->
                </else>
        </if>
                
                <message>
                   'Privileges: Users: server-shutdown, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'server-shutdown' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
               
                <message>
                   'Privileges: Users: server-shutdown, Admin removing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: server-shutdown, user adding server shutdown task'
                </message>
    
                <call function="'shutdownTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult ,
                    'expected'   : 50 }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    		
          <!---
                Place test-specific test information here.
                The tag, TestMarker, must be the same as the tag, TestSuiteName.
                #@TestMarker                Privileges Users Tests
                #@TestName                  server-restart
                #@TestIssue                 477
                #@TestPurpose               server-restart privilege for normal users
                #@TestPreamble              none
                #@TestStep                  User adds restart task, check default behavior.
                #@TestStep                  Admin adds privilege.
                #@TestStep                  User adds restart task.
                #@TestStep                  Admin adds write ACI.
                #@TestStep                  User adds restart task.
                #@TestStep                  Admin removes privilege.
                #@TestStep                  User adds restart task.
                #@TestStep                  Admin deletes write ACI.
                #@TestStep                  User adds restart task.
                #@TestPostamble             none
                #@TestResult                Success if OpenDS returns 50
                                            for steps 1, 3, 7, and 9, and 0
                                            for all other ldap operations. 
            -->
            <testcase name="'Privileges: Users: server-restart'">
    
            <sequence>
    
                <call function="'testCase_Preamble'"/>
    
                <message>
                   'Privileges: Users: server-restart, user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
               
                <message>
                   'Privileges: Users: server-restart, Admin adding privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'server-restart' ,
                    'changetype'             : 'add' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: server-restart, user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: server-restart, Admin adding ACI'
                </message>
    
                <script>
                    search_aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name || ds-task-export-backend-id || ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
                </script>
                                
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'add' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: server-restart, user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="STAFCmdRC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: server-restart, Admin deleting privilege'
                </message>
 
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                    'attributeName'          : 'ds-privilege-name' ,
                    'newAttributeValue'      : 'server-restart' ,
                    'changetype'             : 'delete' }
                </call>
    
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>
                
                <message>
                   'Privileges: Users: server-restart, user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <if expr="RC != 50">
                    <tcstatus result="'fail'"/>
                </if>
               
                <message>
                   'Privileges: Users: server-restart, Admin removing ACI'
                </message>
    
                <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Access Control Handler,cn=config' ,
                    'attributeName'          : 'ds-cfg-global-aci' ,
                    'newAttributeValue'      : search_aci ,
                    'changetype'             : 'delete' }
                </call>
                
                <if expr="RC != 0">
                    <tcstatus result="'fail'"/>
                </if>

                <message>
                   'Privileges: Users: server-restart, user adding server restart task'
                </message>
    
                <call function="'restartTask'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                  'dsInstanceDn'     : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
                  'dsInstancePswd'   : 'ACIRules',
                  'taskID'           : STAXCurrentTestcase,
                }
                </call>
    
                <call function="'checktestRC'">
                  { 'returncode' : RC ,
                    'result'     : STAXResult ,
                    'expected'   : 50 }
                </call>
                     
                <call function="'testCase_Postamble'"/>
    
            </sequence>
          </testcase>
    		
           
          <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
            file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
          <call function="'privileges_cleanup'" />

						  
          <call function="'testSuite_Postamble'"/>
            
        </sequence>
       
      </block>
       
    </sequence>
      
  </function>

</stax>

 opends/tests/functional-tests/testcases/runFuncTests.xml

@@ -49,6 +49,10 @@
      <call function="'main_aci'" />

      <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
        file="'%s/testcases/privileges/privileges.xml' % (TESTS_DIR)" />
      <call function="'main_privileges'" />

      <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
        file="'%s/testcases/backends/backends.xml' % (TESTS_DIR)" />
      <call function="'main_backends'" />

New file
			@@ -0,0 +1,43 @@
			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE
			# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Portions Copyright 2007 Sun Microsystems, Inc.
			#

			dn: uid=sfish, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Salmon Fish
			sn: Fish
			givenname: Salmon
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			objectclass: mozillaobject
			ou: Accounting
			ou: People
			l: Cupertino
			uid: sfish
			mail: sfish@example.com
			telephonenumber: +1 408 555 6201
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 1269
			userpassword: deepsea

New file
			@@ -0,0 +1,41 @@
			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE
			# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Portions Copyright 2007 Sun Microsystems, Inc.
			#

			dn: cn=Zroot Manager,cn=Root DNs,cn=config
			objectClass: person
			objectClass: organizationalPerson
			objectClass: inetOrgPerson
			objectClass: ds-cfg-root-dn
			objectClass: top
			ds-cfg-alternate-bind-dn: cn=Zroot
			givenName: Zroot
			cn: Zroot Manager
			sn: Manager
			userpassword: PrivsRule
			ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config
			ds-rlim-lookthrough-limit: 0
			ds-rlim-time-limit: 0
			ds-rlim-size-limit: 0

New file
			@@ -0,0 +1,29 @@
			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE
			# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Portions Copyright 2007 Sun Microsystems, Inc.
			#

			dn: cn=schema
			changetype: modify
			add: objectclasses
			objectclasses: ( 1.2.3.4.5.6.7 NAME 'MozillaObject' SUP top MUST ( objectclass $ cn ) MAY ( givenName $ sn ) X-ORIGIN 'user defined' )

New file
			@@ -0,0 +1,27 @@
			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE
			# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Portions Copyright 2007 Sun Microsystems, Inc.
			#

			dn: uid=tmorris,ou=People,ou=restore task,o=Privileges Tests,dc=example,dc=com
			changetype: delete

New file
			@@ -0,0 +1,401 @@
			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE
			# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Portions Copyright 2007 Sun Microsystems, Inc.
			#

			dn: cn=Aroot Manager,cn=Root DNs,cn=config
			objectClass: person
			objectClass: organizationalPerson
			objectClass: inetOrgPerson
			objectClass: ds-cfg-root-dn
			objectClass: top
			ds-cfg-alternate-bind-dn: cn=Aroot
			givenName: Aroot
			cn: Aroot Manager
			sn: Manager
			userpassword: PrivsRule
			ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config
			ds-rlim-lookthrough-limit: 0
			ds-rlim-time-limit: 0
			ds-rlim-size-limit: 0

			dn: o=Privileges Tests, dc=example,dc=com
			o: Privileges Tests
			objectclass: top
			objectclass: organization

			dn: uid=auser, o=Privileges Tests, dc=example,dc=com
			cn: Aci User
			sn: User
			givenname: Aci
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Sunnyvale
			uid: auser
			mail: auser@example.com
			telephonenumber: +1 408 555 4798
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 4612
			userpassword: ACIRules

			dn: uid=buser, o=Privileges Tests, dc=example,dc=com
			cn: Baci User
			sn: User
			givenname: Baci
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Sunnyvale
			uid: buser
			mail: buser@example.com
			telephonenumber: +1 408 555 4798
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 4612
			userpassword: ACIRules

			dn: uid=aproxy, o=Privileges Tests, dc=example,dc=com
			cn: Ana Proxy
			sn: proxy
			givenname: Ana
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Development
			ou: People
			l: Grenoble
			uid: aproxy
			mail: aproxy@example.com
			telephonenumber: +1 408 555 4798
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 4612
			userpassword: ProxyRules
			ds-privilege-name: proxied-auth

			dn: uid=bproxy, o=Privileges Tests, dc=example,dc=com
			cn: Bana Proxy
			sn: proxy
			givenname: Bana
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Development
			ou: People
			l: Grenoble
			uid: bproxy
			mail: bproxy@example.com
			telephonenumber: +1 408 555 4798
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 4612
			userpassword: ProxyRules

			dn: ou=People, o=Privileges Tests, dc=example,dc=com
			objectclass: top
			objectclass: organizationalunit
			ou: People

			dn: uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Sam Carter
			sn: Carter
			givenname: Sam
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Sunnyvale
			uid: scarter
			mail: scarter@example.com
			telephonenumber: +1 408 555 4798
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 4612
			userpassword: sprain

			dn: uid=tmorris, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Ted Morris
			sn: Morris
			givenname: Ted
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Santa Clara
			uid: tmorris
			mail: tmorris@example.com
			telephonenumber: +1 408 555 9187
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 4117
			userpassword: irrefutable
			aci: (targetattr="*")(version 3.0; acl "rep_search_aci_tmorris"; allow (write) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

			dn: uid=abergin, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Andy Bergin
			sn: Bergin
			givenname: Andy
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Product Testing
			ou: People
			l: Cupertino
			uid: abergin
			mail: abergin@example.com
			telephonenumber: +1 408 555 8585
			facsimiletelephonenumber: +1 408 555 7472
			roomnumber: 3472
			userpassword: inflict
			aci: (targetattr="*")(version 3.0; acl "del_search_aci_abergin"; allow (search,read) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

			dn: uid=dmiller, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: David Miller
			sn: Miller
			givenname: David
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Sunnyvale
			uid: dmiller
			mail: dmiller@example.com
			telephonenumber: +1 408 555 9423
			facsimiletelephonenumber: +1 408 555 0111
			roomnumber: 4135
			userpassword: gosling
			aci: (targetattr="*")(version 3.0; acl "del_search_aci_dmiller"; allow (write) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

			dn: uid=gfarmer, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Gern Farmer
			sn: Farmer
			givenname: Gern
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Cupertino
			uid: gfarmer
			mail: gfarmer@example.com
			telephonenumber: +1 408 555 6201
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 1269
			userpassword: ruling
			title: Engineer
			title: architect
			title: sweeper
			aci: (targetattr="*")(version 3.0; acl "del_search_aci_gfarmer"; allow (write) userdn="ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com";)

			dn: uid=kwinters, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Kelly Winters
			sn: Winters
			givenname: Kelly
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Product Development
			ou: People
			l: Santa Clara
			uid: kwinters
			mail: kwinters@example.com
			telephonenumber: +1 408 555 9069
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 4178
			userpassword: forsook

			dn: uid=trigden, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Torrey Rigden
			sn: Rigden
			givenname: Torrey
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Product Development
			ou: People
			l: Santa Clara
			uid: trigden
			mail: trigden@example.com
			telephonenumber: +1 408 555 9280
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 3584
			userpassword: sensitive

			dn: uid=cschmith, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Chris Schmith
			sn: Schmith
			givenname: Chris
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Human Resources
			ou: People
			l: Santa Clara
			uid: cschmith
			mail: cschmith@example.com
			telephonenumber: +1 408 555 8011
			facsimiletelephonenumber: +1 408 555 4774
			roomnumber: 0416
			userpassword: hypotenuse

			dn: uid=jwallace, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Judy Wallace
			sn: Wallace
			givenname: Judy
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Accounting
			ou: People
			l: Sunnyvale
			uid: jwallace
			mail: jwallace@example.com
			telephonenumber: +1 408 555 0319
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 1033
			userpassword: linear

			dn: uid=jcrawler, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: John Crawler
			sn: Crawler
			givenname: John
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Product Testing
			ou: People
			l: Cupertino
			uid: jcrawler
			mail: jcrawler@example.com
			telephonenumber: +1 408 555 1476
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 3915
			userpassword: dogleg

			dn: uid=tclow, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Torrey Clow
			sn: Clow
			givenname: Torrey
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Human Resources
			ou: People
			l: Santa Clara
			uid: tclow
			mail: tclow@example.com
			telephonenumber: +1 408 555 8825
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 4376
			userpassword: cardreader

			dn: uid=rdaugherty, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Robert Daugherty
			sn: Daugherty
			givenname: Robert
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Human Resources
			ou: People
			l: Sunnyvale
			uid: rdaugherty
			mail: rdaugherty@example.com
			telephonenumber: +1 408 555 1296
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 0194
			userpassword: apples

			dn: uid=jreuter, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Jayne Reuter
			sn: Reuter
			givenname: Jayne
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Product Testing
			ou: People
			l: Cupertino
			uid: jreuter
			mail: jreuter@example.com
			telephonenumber: +1 408 555 1122
			facsimiletelephonenumber: +1 408 555 8721
			roomnumber: 2942
			userpassword: destroy

			dn: uid=tmason, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Torrey Mason
			sn: Mason
			givenname: Torrey
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Human Resources
			ou: People
			l: Sunnyvale
			uid: tmason
			mail: tmason@example.com
			telephonenumber: +1 408 555 1596
			facsimiletelephonenumber: +1 408 555 9751
			roomnumber: 1124
			userpassword: squatted

			dn: uid=bhall, ou=People, o=Privileges Tests, dc=example,dc=com
			cn: Benjamin Hall
			sn: Hall
			givenname: Benjamin
			objectclass: top
			objectclass: person
			objectclass: organizationalPerson
			objectclass: inetOrgPerson
			ou: Product Development
			ou: People
			l: Santa Clara
			uid: bhall
			mail: bhall@example.com
			telephonenumber: +1 408 555 6067
			facsimiletelephonenumber: +1 408 555 0111
			roomnumber: 2511
			userpassword: oranges

New file
			@@ -0,0 +1,86 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			! The contents of this file are subject to the terms of the
			! Common Development and Distribution License, Version 1.0 only
			! (the "License"). You may not use this file except in compliance
			! with the License.
			!
			! You can obtain a copy of the license at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE
			! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			! See the License for the specific language governing permissions
			! and limitations under the License.
			!
			! When distributing Covered Code, include this CDDL HEADER in each
			! file and include the License file at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			! add the following below this CDDL HEADER, with the fields enclosed
			! by brackets "[]" replaced with your own identifying information:
			! Portions Copyright [yyyy] [name of copyright owner]
			!
			! CDDL HEADER END
			!
			! Portions Copyright 2006-2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="main_privileges"/>

			<function name="main_privileges">

			<sequence>

			<block name="'privileges'">

			<sequence>

			<script>
			CurrentTestPath['group']='privileges'
			</script>

			<call function="'testGroup_Preamble'"/>


			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_users.xml' % (TESTS_DIR)"/>
			<call function="'privileges_users'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_directory_manager.xml' % (TESTS_DIR)"/>
			<call function="'privileges_directory_manager'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_new_root_user.xml' % (TESTS_DIR)"/>
			<call function="'privileges_new_root_user'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_import_task.xml' % (TESTS_DIR)"/>
			<call function="'privileges_import_task'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_export_task.xml' % (TESTS_DIR)"/>
			<call function="'privileges_export_task'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_backup_task.xml' % (TESTS_DIR)"/>
			<call function="'privileges_backup_task'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_restore_task.xml' % (TESTS_DIR)"/>
			<call function="'privileges_restore_task'" />


			<call function="'testGroup_Postamble'"/>

			</sequence>

			</block>

			</sequence>

			</function>

			</stax>

New file
			@@ -0,0 +1,522 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			! The contents of this file are subject to the terms of the
			! Common Development and Distribution License, Version 1.0 only
			! (the "License"). You may not use this file except in compliance
			! with the License.
			!
			! You can obtain a copy of the license at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE
			! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			! See the License for the specific language governing permissions
			! and limitations under the License.
			!
			! When distributing Covered Code, include this CDDL HEADER in each
			! file and include the License file at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			! add the following below this CDDL HEADER, with the fields enclosed
			! by brackets "[]" replaced with your own identifying information:
			! Portions Copyright [yyyy] [name of copyright owner]
			!
			! CDDL HEADER END
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="privileges_backup_task"/>

			<function name="privileges_backup_task">

			<sequence>

			<block name="'privileges-backup-task'">

			<sequence>

			<script>
			if not CurrentTestPath.has_key('group'):
			CurrentTestPath['group']='privileges'
			CurrentTestPath['suite']=STAXCurrentBlock
			</script>

			<call function="'testSuite_Preamble'"/>

			<!---
			Place suite-specific test information here.
			#@TestSuiteName Privileges Backup Tasks Tests
			#@TestSuitePurpose Test the basic Privileges Support in regard to basic users.
			#@TestSuiteGroup Basic Privileges Backup Tasks Tests
			#@TestScript privileges_backup_task.xml
			-->


			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_setup'" />

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Backup Tasks Tests
			#@TestName backend-backup
			#@TestIssue 475
			#@TestPurpose Privileges for regular users to add backup tasks
			#@TestPreamble none
			#@TestStep User adding backup task.
			#@TestStep Admin adding privilege.
			#@TestStep User adding backup task.
			#@TestStep Admin adding global ACI.
			#@TestStep User adding backup task.
			#@TestStep Admin deleting privilege.
			#@TestStep Admin deleting global ACI.
			#@TestStep User adding backup task.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 1, 3, and 8 and 0
			for all other ldap operations.
			-->
			<testcase name="'Privileges: Backup Tasks: backend-backup'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Backup Tasks: backend-backup, user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '3' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Admin adding privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : 'backend-backup' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '3' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Admin adding global ACI'
			</message>

			<script>
			aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name \|\| ds-backup-id \|\| ds-task-backup-backend-id \|\| ds-backup-directory-path\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : aci ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '3' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Admin deleting privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : 'backend-backup' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Admin deleting global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : aci ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '3.1' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult ,
			'expected' : 50 }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Backup Tasks Tests
			#@TestName backend-backup, Directory Manager
			#@TestIssue 475
			#@TestPurpose Privileges for Directory Manager to add backup tasks
			#@TestPreamble none
			#@TestStep Directory Manager adding backup task.
			#@TestStep Alternative root user removing privilege.
			#@TestStep Directory Manager adding backup task.
			#@TestStep Alternative root user putting back privilege.
			#@TestStep Directory Manager adding backup task.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 1 and 5 and 0
			for all other ldap operations.
			-->
			<testcase name="'Privileges: Backup Tasks: backend-backup Directory Manager'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Backup Tasks: backend-backup, Directory Manager, DM adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : '3.2' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Directory Manager, alternative root user removing privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-backend-backup' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Directory Manager, DM adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : '3.3' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Directory Manager, alternative root user putting back privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-backend-backup' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, Directory Manager, DM adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : '3.4' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : STAFCmdRC ,
			'result' : STAXResult }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Backup Tasks Tests
			#@TestName backend-backup, New Root User
			#@TestIssue 475
			#@TestPurpose Privileges for new root user to add backup tasks
			#@TestPreamble Admin adds new root user.
			#@TestStep New root user adding backup task.
			#@TestStep Alternative root user removing privilege.
			#@TestStep New root user adding backup task.
			#@TestStep Alternative root user putting back privilege.
			#@TestStep New root user adding backup task.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 1 and 5 and 0
			for all other ldap operations.
			-->
			<testcase name="'Privileges: Backup Tasks: backend-backup New Root User'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Backup Tasks: backend-backup, New Root User, preamble, alternative root user adding new root user'
			</message>

			<call function="'addEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'entryToBeAdded' : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, New Root User, new root user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : '3.5' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, New Root User, alternative root user removing privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-backend-backup' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, New Root User, new root user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : '3.6' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, New Root User, alternative root user putting back privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-backend-backup' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Backup Tasks: backend-backup, New Root User, new root user adding backup task'
			</message>

			<call function="'backupTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : '3.7' ,
			'backupDir' : '%s/privileges/' % logsRemoteDataDir
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : STAFCmdRC ,
			'result' : STAXResult }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_cleanup'" />


			<call function="'testSuite_Postamble'"/>

			</sequence>

			</block>

			</sequence>

			</function>

			</stax>

New file
			@@ -0,0 +1,92 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			! The contents of this file are subject to the terms of the
			! Common Development and Distribution License, Version 1.0 only
			! (the "License"). You may not use this file except in compliance
			! with the License.
			!
			! You can obtain a copy of the license at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE
			! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			! See the License for the specific language governing permissions
			! and limitations under the License.
			!
			! When distributing Covered Code, include this CDDL HEADER in each
			! file and include the License file at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			! add the following below this CDDL HEADER, with the fields enclosed
			! by brackets "[]" replaced with your own identifying information:
			! Portions Copyright [yyyy] [name of copyright owner]
			!
			! CDDL HEADER END
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="privileges_cleanup"/>

			<function name="privileges_cleanup">

			<sequence>

			<block name="'cleanup'">

			<sequence>


			<block name="'Block DS Process Stop'">
			<!--- Stop DS -->
			<sequence>
			<message>
			'Stop DS running on port %s' % (DIRECTORY_INSTANCE_PORT)
			</message>

			<call function="'StopDsWithScript'">
			{ 'location' : STAF_REMOTE_HOSTNAME,
			'dsHost' : DIRECTORY_INSTANCE_HOST,
			'dsPort' : DIRECTORY_INSTANCE_PORT,
			'dsBindDN' : DIRECTORY_INSTANCE_DN,
			'dsBindPwd' : DIRECTORY_INSTANCE_PSWD }
			</call>

			<call function="'checkRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult }
			</call>

			</sequence>
			<!--- End Block DS Process Stop -->
			</block>

			<block name="'Block Remove DS Topology'">
			<!-- Remove the topology created for the test suite -->
			<sequence>

			<message>
			'Remove DS topology created for the Test Suite'
			</message>

			<call function="'removeTopology'"/>

			<call function="'checkRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult }
			</call>

			</sequence>
			<!-- End Block Remove DS Topology-->
			</block>


			</sequence>
			</block>

			</sequence>

			</function>

			</stax>

New file
			@@ -0,0 +1,524 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			! The contents of this file are subject to the terms of the
			! Common Development and Distribution License, Version 1.0 only
			! (the "License"). You may not use this file except in compliance
			! with the License.
			!
			! You can obtain a copy of the license at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE
			! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			! See the License for the specific language governing permissions
			! and limitations under the License.
			!
			! When distributing Covered Code, include this CDDL HEADER in each
			! file and include the License file at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			! add the following below this CDDL HEADER, with the fields enclosed
			! by brackets "[]" replaced with your own identifying information:
			! Portions Copyright [yyyy] [name of copyright owner]
			!
			! CDDL HEADER END
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="privileges_export_task"/>

			<function name="privileges_export_task">

			<sequence>

			<block name="'privileges-export-task'">

			<sequence>

			<script>
			if not CurrentTestPath.has_key('group'):
			CurrentTestPath['group']='privileges'
			CurrentTestPath['suite']=STAXCurrentBlock
			</script>

			<call function="'testSuite_Preamble'"/>

			<!---
			Place suite-specific test information here.
			#@TestSuiteName Privileges Export Tasks Tests
			#@TestSuitePurpose Test the basic Privileges Support in regard to basic users.
			#@TestSuiteGroup Basic Privileges Export Tasks Tests
			#@TestScript privileges_export_task.xml
			-->


			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_setup'" />


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Export Tasks Tests
			#@TestName ldif-export
			#@TestIssue 474
			#@TestPurpose Privileges for regular users to add export tasks
			#@TestPreamble none
			#@TestStep User adding export task.
			#@TestStep Admin adding privilege.
			#@TestStep User adding export task.
			#@TestStep Admin adding global ACI.
			#@TestStep User adding export task.
			#@TestStep Admin deleting privilege.
			#@TestStep Admin deleting global ACI.
			#@TestStep User adding export task.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 1, 3 and 8, and 0
			for all other ldap operations.
			Proper entries returned for searches.
			-->
			<testcase name="'Privileges: Export Tasks: export-ldif'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Export Tasks: export-ldif, user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '1' ,
			'ldifFile' : '%s/privileges/export_task_out.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Admin adding privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : 'ldif-export' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '1' ,
			'ldifFile' : '%s/privileges/export_task_out.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Admin adding global ACI'
			</message>

			<script>
			aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name \|\| ds-task-export-backend-id \|\| ds-task-export-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : aci ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '1' ,
			'ldifFile' : '%s/privileges/export_task_out.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Admin deleting privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : 'ldif-export' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Admin deleting global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : aci ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : '1.1' ,
			'ldifFile' : '%s/privileges/export_task_out2.ldif' % logsRemoteDataDir
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult ,
			'expected' : 50 }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Export Tasks Tests
			#@TestName ldif-export, Directory Manager
			#@TestIssue 474
			#@TestPurpose Privileges for Directory Manager to add export tasks
			#@TestPreamble none
			#@TestStep Directory Manager adding export task.
			#@TestStep Alternative root user removing privilege from Directory Manager.
			#@TestStep Directory Manager adding export task.
			#@TestStep Alternative root user putting back privilege to Directory Manager.
			#@TestStep Directory Manager adding export task.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for step 3, and 0
			for all other ldap operations.
			-->
			<testcase name="'Privileges: Export Tasks: export-ldif Directory Manager'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Export Tasks: export-ldif, Directory Manager, DM adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : '1.1' ,
			'ldifFile' : '%s/privileges/export_task_out3.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Directory Manager, alternative root user removing privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-export' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Directory Manager, DM adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : '1.2' ,
			'ldifFile' : '%s/privileges/export_task_out4.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Directory Manager, alternative root user putting back privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-export' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, Directory Manager, DM adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : '1.3' ,
			'ldifFile' : '%s/privileges/export_task_out5.ldif' % logsRemoteDataDir
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : STAFCmdRC ,
			'result' : STAXResult }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Export Tasks Tests
			#@TestName ldif-export, New Root User
			#@TestIssue 474
			#@TestPurpose Privileges for new root user to add export tasks
			#@TestPreamble Admin adds new root user.
			#@TestStep New root user adding export task.
			#@TestStep Alternative root user removing privilege from new root user.
			#@TestStep New root user adding export task.
			#@TestStep Alternative root user putting back privilege to new root user.
			#@TestStep New root user adding export task.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for step 3, and 0
			for all other ldap operations.
			-->
			<testcase name="'Privileges: Export Tasks: export-ldif New Root User'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Export Tasks: export-ldif, New Root User, preamble, alternative root user adding new root user'
			</message>

			<call function="'addEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'entryToBeAdded' : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, New Root User, new root user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : '1.4' ,
			'ldifFile' : '%s/privileges/export_task_out6.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, New Root User, alternative root user removing privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-export' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, New Root User, new root user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : '1.5' ,
			'ldifFile' : '%s/privileges/export_task_out7.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, New Root User, alternative root user putting back privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-export' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Export Tasks: export-ldif, New Root User, new root user adding export task'
			</message>

			<call function="'exportLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : '1.6' ,
			'ldifFile' : '%s/privileges/export_task_out8.ldif' % logsRemoteDataDir
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : STAFCmdRC ,
			'result' : STAXResult }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_cleanup'" />


			<call function="'testSuite_Postamble'"/>

			</sequence>

			</block>

			</sequence>

			</function>

			</stax>

New file
			@@ -0,0 +1,519 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			! The contents of this file are subject to the terms of the
			! Common Development and Distribution License, Version 1.0 only
			! (the "License"). You may not use this file except in compliance
			! with the License.
			!
			! You can obtain a copy of the license at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE
			! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			! See the License for the specific language governing permissions
			! and limitations under the License.
			!
			! When distributing Covered Code, include this CDDL HEADER in each
			! file and include the License file at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			! add the following below this CDDL HEADER, with the fields enclosed
			! by brackets "[]" replaced with your own identifying information:
			! Portions Copyright [yyyy] [name of copyright owner]
			!
			! CDDL HEADER END
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="privileges_import_task"/>

			<function name="privileges_import_task">

			<sequence>

			<block name="'privileges-import-task'">

			<sequence>

			<script>
			if not CurrentTestPath.has_key('group'):
			CurrentTestPath['group']='privileges'
			CurrentTestPath['suite']=STAXCurrentBlock
			</script>

			<call function="'testSuite_Preamble'"/>

			<!---
			Place suite-specific test information here.
			#@TestSuiteName Privileges Import Tasks Tests
			#@TestSuitePurpose Test the basic Privileges Support in regrad to basic users.
			#@TestSuiteGroup Basic Privileges Import Tasks Tests
			#@TestScript privileges_import_task.xml
			-->


			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_setup'" />

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Import Tasks Tests
			#@TestName ldif-import
			#@TestIssue 474
			#@TestPurpose Privileges for regular users to add import tasks
			#@TestPreamble none
			#@TestStep User adding import task.
			#@TestStep Admin adding privilege.
			#@TestStep User adding import task.
			#@TestStep Admin adding global ACI.
			#@TestStep User adding import task.
			#@TestStep Admin deleting global ACI.
			#@TestStep Admin searching an entry that was imported.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 1 and 3, and 0
			for all other ldap operations.
			Proper entries returned for searches.
			-->
			<testcase name="'Privileges: Import Tasks: import-ldif'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Import Tasks: import-ldif, user adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules',
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Admin adding privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : 'ldif-import' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, user adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules',
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Admin adding ACI'
			</message>

			<script>
			aci="(target=\"ldap:///cn=Scheduled Tasks,cn=Tasks\")(targetattr=\"ds-task-class-name \|\| ds-task-import-backend-id \|\| ds-task-import-ldif-file\")(version 3.0; acl \"Allows writes for tasks\"; allow (write,add,delete) userdn=\"ldap:///anyone\";)"
			</script>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : aci ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, user adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Admin deleting global ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Access Control Handler,cn=config' ,
			'attributeName' : 'ds-cfg-global-aci' ,
			'newAttributeValue' : aci ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: bypass-acl, Admin searching entry'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'dsBaseDN' : 'uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'cn sn uid'}
			</call>

			<script>
			returnString = STAXResult[0][1]
			</script>

			<call function="'checktestString'">
			{ 'returnString' : returnString ,
			'expectedString' : 'dn: uid=rhunt,ou=People,ou=import task,o=Privileges Tests' }
			</call>


			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Import Tasks Tests
			#@TestName ldif-import, Directory Manager
			#@TestIssue 474
			#@TestPurpose Privileges for Directory Manager to add import tasks
			#@TestPreamble none
			#@TestStep Alternative root user removing privilege from Directory Manager.
			#@TestStep Directory Manager adding import task.
			#@TestStep Alternative root user putting back privilege to Directory Manager.
			#@TestStep Directory Manager adding import task.
			#@TestStep Alternative root user searching an entry that was imported.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for step 2, and 0
			for all other ldap operations.
			Proper entries returned for searches.
			-->
			<testcase name="'Privileges: Import Tasks: import-ldif Directory Manager'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Import Tasks: import-ldif, Directory Manager, alternative root user removing privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-import' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Directory Manager, DM adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Directory Manager, alternative root user putting back privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-import' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Directory Manager, DM adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, Directory Manager, alternative root user searching entry'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'dsBaseDN' : 'uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'cn sn uid'}
			</call>

			<script>
			returnString = STAXResult[0][1]
			</script>

			<call function="'checktestString'">
			{ 'returnString' : returnString ,
			'expectedString' : 'dn: uid=rhunt,ou=People,ou=import task,o=Privileges Tests' }
			</call>


			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Import Task Tests
			#@TestName ldif-import, New Root User
			#@TestIssue 474
			#@TestPurpose Privileges for new root user to add import tasks
			#@TestPreamble Admin adds new root user.
			#@TestStep Alternative root user removing privilege from new root user.
			#@TestStep New root user adding import task.
			#@TestStep Alternative root user putting back privilege to new root user.
			#@TestStep New root user adding import task.
			#@TestStep Alternative root user searching an entry that was imported.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for step 2, and 0
			for all other ldap operations.
			Proper entries returned for searches.
			-->
			<testcase name="'Privileges: Import Tasks: import-ldif New Root User'">

			<sequence>

			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Import Tasks: import-ldif, New Root User, preamble, Admin adding new root user'
			</message>

			<call function="'addEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeAdded' : '%s/privileges/add_new_root_user.ldif' % logsRemoteDataDir }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, New Root User, alternative root user removing privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-import' ,
			'changetype' : 'add' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, New Root User, new root user adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="RC != 50">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, New Root User, alternative root user putting back privilege'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Aroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'DNToModify' : 'cn=Zroot Manager,cn=Root DNs,cn=config' ,
			'attributeName' : 'ds-privilege-name' ,
			'newAttributeValue' : '-ldif-import' ,
			'changetype' : 'delete' }
			</call>

			<if expr="RC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, New Root User, new root user adding import task'
			</message>

			<call function="'importLdifTask'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'taskID' : STAXCurrentTestcase,
			'ldifFile' : '%s/privileges/privileges_import_task/import_task.ldif' % logsRemoteDataDir
			}
			</call>

			<if expr="STAFCmdRC != 0">
			<tcstatus result="'fail'"/>
			</if>

			<message>
			'Privileges: Import Tasks: import-ldif, New Root User, alternative root user searching entry'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'cn=Zroot' ,
			'dsInstancePswd' : 'PrivsRule' ,
			'dsBaseDN' : 'uid=rhunt, ou=People, ou=import task, o=Privileges Tests,dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'cn sn uid'}
			</call>

			<script>
			returnString = STAXResult[0][1]
			</script>

			<call function="'checktestString'">
			{ 'returnString' : returnString ,
			'expectedString' : 'dn: uid=rhunt,ou=People,ou=import task,o=Privileges Tests' }
			</call>


			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges_cleanup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_cleanup'" />


			<call function="'testSuite_Postamble'"/>

			</sequence>

			</block>

			</sequence>

			</function>

			</stax>

New file
			@@ -0,0 +1,128 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			! The contents of this file are subject to the terms of the
			! Common Development and Distribution License, Version 1.0 only
			! (the "License"). You may not use this file except in compliance
			! with the License.
			!
			! You can obtain a copy of the license at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE
			! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			! See the License for the specific language governing permissions
			! and limitations under the License.
			!
			! When distributing Covered Code, include this CDDL HEADER in each
			! file and include the License file at
			! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			! add the following below this CDDL HEADER, with the fields enclosed
			! by brackets "[]" replaced with your own identifying information:
			! Portions Copyright [yyyy] [name of copyright owner]
			!
			! CDDL HEADER END
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="privileges_setup"/>

			<function name="privileges_setup">

			<sequence>

			<block name="'setup'">

			<sequence>

			<script>
			CurrentTestPath['group']='privileges'
			</script>


			<block name="'Block Create DS Topology'">
			<!-- Create the topology necessary to the test group/suite -->
			<sequence>

			<message>
			'Create DS topology as described in config.py'
			</message>

			<call function="'createTopology'">
			{ 'initialiseInstance' : True }
			</call>

			<call function="'checkRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult }
			</call>

			</sequence>
			<!--- End Block Create DS Topology -->
			</block>


			<block name="'Block DS Process Active'">
			<!--- Start DS -->
			<sequence>

			<message>
			'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
			</message>

			<!--- Start DS -->
			<call function="'StartDsWithScript'">
			{ 'location' : STAF_REMOTE_HOSTNAME }
			</call>

			<call function="'checkRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult }
			</call>

			<!--- Check that DS started -->
			<call function="'isAlive'">
			{ 'noOfLoops' : 5 ,
			'noOfMilliSeconds' : 2000 }
			</call>

			</sequence>
			<!--- End Block DS Process Active -->
			</block>

			<block name="'Block DS Load Data'">
			<!-- Load the data needed by the test suite -->
			<sequence>

			<message>
			'Privileges: Privileges Setup: Adding Initial Entries'
			</message>

			<call function="'addEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeAdded' : '%s/privileges/privileges_startup.ldif' % logsRemoteDataDir }
			</call>

			<call function="'checkRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult }
			</call>

			</sequence>
			<!--- End Block DS Load Data -->
			</block>


			</sequence>
			</block>

			</sequence>

			</function>

			</stax>

			@@ -49,6 +49,10 @@
			<call function="'main_aci'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/privileges/privileges.xml' % (TESTS_DIR)" />
			<call function="'main_privileges'" />

			<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
			file="'%s/testcases/backends/backends.xml' % (TESTS_DIR)" />
			<call function="'main_backends'" />