external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 4bf7d7c4 | patch | commit | show whitespace

Add basic mapped-bind PTA functional test

Gary Williams

19.20.2011 8a46b10042c84061dc5f65862faa60136a82e049

Add basic mapped-bind PTA functional test

4 files modified

	opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif	22 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml	3 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml	314 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml	8 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif

@@ -422,7 +422,7 @@
telephonenumber: +1 408 555 2567
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 2359
userpassword: walnut
seealso: uid=jmcFarla, ou=People, dc=AD, dc=com

dn: uid=llabonte, ou=People, o=example
cn: Lee Labonte
@@ -476,7 +476,7 @@
telephonenumber: +1 408 555 4491
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2758
userpassword: truths
seealso: uid=bhal2, ou=People, dc=AD, dc=com

dn: uid=alutz, ou=People, o=example
cn: Alexander Lutz
@@ -548,7 +548,7 @@
telephonenumber: +1 408 555 9804
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4304
userpassword: hillock
seealso: uid=hmiller, ou=People, dc=AD, dc=com

dn: uid=jcampai2, ou=People, o=example
cn: Jeffrey Campaigne
@@ -638,7 +638,7 @@
telephonenumber: +1 408 555 2582
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 4023
userpassword: placeable
seealso: uid=gtriplet, ou=People, dc=AD, dc=com

dn: uid=jfalena, ou=People, o=example
cn: John Falena
@@ -710,7 +710,7 @@
telephonenumber: +1 408 555 5099
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1271
userpassword: epiphyseal
seealso: uid=prigden, ou=People, dc=AD, dc=com

dn: uid=bwalker, ou=People, o=example
cn: Brad Walker
@@ -907,7 +907,7 @@
telephonenumber: +1 408 555 5526
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0617
userpassword: diachronic
seealso: uid=brentz, ou=People, dc=AD, dc=com

dn: uid=dsmith, ou=People, o=example
cn: Daniel Smith
@@ -979,7 +979,7 @@
telephonenumber: +1 408 555 1926
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 2721
userpassword: guildhall
seealso: uid=jmcFarla, ou=People, dc=AD, dc=com

dn: uid=lcampbel, ou=People, o=example
cn: Laurel Campbell
@@ -2003,7 +2003,7 @@
telephonenumber: +1 408 555 3358
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4912
userpassword: bassinet
seealso: uid=wlutz, ou=People, dc=AD,dc=com

dn: uid=jlutz, ou=People, o=example
cn: Janet Lutz
@@ -2128,7 +2128,7 @@
telephonenumber: +1 408 555 8541
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0034
userpassword: brainwash
seealso: uid=jbourke, ou=People, dc=AD, dc=com

dn: uid=dlanoway, ou=People, o=example
cn: Dan Lanoway
@@ -2629,7 +2629,7 @@
telephonenumber: +1 408 555 9045
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1984
userpassword: transpose
seealso: uid=rjense2, ou=People, dc=AD, dc=com

dn: uid=rhunt, ou=People, o=example
cn: Richard Hunt
@@ -2767,7 +2767,7 @@
dn: cn=PTA Remote Users,ou=groups,o=example
objectclass: top
objectclass: groupOfUniqueNames
cn: Accounting Managers
cn: PTA Remote Users
ou: groups
uniquemember: uid=jvedder, ou=People, o=example
uniquemember: uid=tmorris, ou=People, o=example

 opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../shared/stax.dtd">
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
@@ -78,6 +78,7 @@
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('basic_pta_002')
                  testsList.append('basic_pta_003')
                </script>


 opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml

@@ -47,20 +47,240 @@
  #@TestName            Basic: PTA mapped-bind
  #@TestID              basic_pta_002
  #@TestPurpose         Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
  #@TestPreamble
  #@TestSteps           Configure LDAP PTA Policy
  #@TestPostamble
  #@TestPreamble        Setup PTS
  #@TestStep            Configure LDAP PTA Policy for mapped-bind
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            Delete ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->   
   <function name="basic_pta_002" scope="local">
    <testcase name="getTestCaseName('PTA mapped-bind')">                     
      <sequence> 
        <try>
          <sequence>                
            <call function="'testCase_Preamble'"/>
            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'On primary server configure LDAP PTA.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
              options.append('--set mapped-attribute:seealso')
              options.append('--set mapping-policy:mapped-bind')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
              options.append('--type ldap-pass-through')
              options.append('--policy-name "LDAP PTA"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'create-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Read back the "authentication policy" object.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "LDAP PTA"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
            </call>

            <script>
              remotePTAuserName='uid=jmcFarla, ou=People, o=example'
              remotePTAuserPSWD='walnut'
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'add'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*' ,
                'dsAttributes'    : '+'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as self.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD ,
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Modify the users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('description: i am now a remote LDAP PTA user')
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD,
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'replace'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'delete'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "LDAP PTA"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
                        
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <call function="'testCase_Postamble'"/>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
      
  <!--- Test Case information
  #@TestMarker          Basic: PTA mapped-search
  #@TestName            Basic: PTA mapped-search
  #@TestID              basic_pta_003
  #@TestPurpose         Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
  #@TestPreamble
  #@TestSteps           Configure LDAP PTA Policy
  #@TestPostamble
  #@TestPreamble        Setup PTS
  #@TestStep            Configure LDAP PTA Policy for mapped-search
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->                           
  <function name="basic_pta_003" scope="local">
@@ -73,13 +293,11 @@
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <!-- On primary server configure LDAP PTA -->
            <script>
              primaryHost   = primary_remote_ldap_server.getHostname()
              primaryPort   = primary_remote_ldap_server.getPort()
              secondaryHost = secondary_remote_ldap_server.getHostname()
              secondaryPort = secondary_remote_ldap_server.getPort()
            <call function="'testStep'">
              { 'stepMessage' : 'On primary server configure LDAP PTA.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
              options.append('--set mapped-attribute:cn')
@@ -104,10 +322,13 @@
              }
            </call>

            <!-- Read back the "authentication policy" object -->
            <call function="'testStep'">
              { 'stepMessage' : 'Read back the "authentication policy" object.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "LDAP PTA"')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

@@ -124,14 +345,16 @@
              }
            </call>

            <!-- Add ds-pwp-password-policy-dn: 
              cn=LDAP PTA,cn=Password Policies,cn=config 
              to users entry -->
            <call function="'testStep'">
              { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
            </call>

            <script>
              remotePTAuserName='uid=jvedder, ou=People, o=example'
              remotePTAuserPSWD='befitting'
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: cn=LDAP PTA,cn=Password Policies,cn=config')
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
@@ -144,10 +367,14 @@
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'add' }
                'changetype'      : 'add'
              }
            </call>

            <!-- Search users entry as Directory Manager for operational attributes -->
            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
@@ -162,7 +389,10 @@
              }
            </call>

            <!-- Search users entry as himself -->
            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as self.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
@@ -176,7 +406,10 @@
              }
            </call>

            <!-- Modify the users entry -->
            <call function="'testStep'">
              { 'stepMessage' : 'Modify the users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('description: i am now a remote LDAP PTA user')
@@ -192,13 +425,18 @@
                'dsInstancePswd'  : remotePTAuserPSWD,
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'replace' }
                'changetype'      : 'replace'
              }
            </call>

            <!-- Delete LDAP PTA (authentication) password policy attribute -->
            <call function="'testStep'">
              { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: cn=LDAP PTA,cn=Password Policies,cn=config')
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
@@ -211,7 +449,31 @@
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'delete' }
                'changetype'      : 'delete'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
                        
          </sequence>

 opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml

@@ -69,6 +69,9 @@
              </call>
    
              <script>
                ldapPtaPolicyName     = 'LDAP PTA'
                ldapPtaPolicyDn       = 'cn=%s,cn=Password Policies,cn=config' % ldapPtaPolicyName

                local_ldap            = 0
                primary_remote_ldap   = 1
                secondary_remote_ldap = 2
@@ -76,6 +79,11 @@
                local_ldap_server = _topologyServerList[local_ldap]
                primary_remote_ldap_server = _topologyServerList[primary_remote_ldap]
                secondary_remote_ldap_server = _topologyServerList[secondary_remote_ldap]
                
                primaryHost   = primary_remote_ldap_server.getHostname()
                primaryPort   = primary_remote_ldap_server.getPort()
                secondaryHost = secondary_remote_ldap_server.getHostname()
                secondaryPort = secondary_remote_ldap_server.getPort()
              </script>
    
              <!-- On remote servers create suffixes -->

			@@ -422,7 +422,7 @@
			telephonenumber: +1 408 555 2567
			facsimiletelephonenumber: +1 408 555 4774
			roomnumber: 2359
			userpassword: walnut
			seealso: uid=jmcFarla, ou=People, dc=AD, dc=com

			dn: uid=llabonte, ou=People, o=example
			cn: Lee Labonte
			@@ -476,7 +476,7 @@
			telephonenumber: +1 408 555 4491
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 2758
			userpassword: truths
			seealso: uid=bhal2, ou=People, dc=AD, dc=com

			dn: uid=alutz, ou=People, o=example
			cn: Alexander Lutz
			@@ -548,7 +548,7 @@
			telephonenumber: +1 408 555 9804
			facsimiletelephonenumber: +1 408 555 9332
			roomnumber: 4304
			userpassword: hillock
			seealso: uid=hmiller, ou=People, dc=AD, dc=com

			dn: uid=jcampai2, ou=People, o=example
			cn: Jeffrey Campaigne
			@@ -638,7 +638,7 @@
			telephonenumber: +1 408 555 2582
			facsimiletelephonenumber: +1 408 555 3372
			roomnumber: 4023
			userpassword: placeable
			seealso: uid=gtriplet, ou=People, dc=AD, dc=com

			dn: uid=jfalena, ou=People, o=example
			cn: John Falena
			@@ -710,7 +710,7 @@
			telephonenumber: +1 408 555 5099
			facsimiletelephonenumber: +1 408 555 8473
			roomnumber: 1271
			userpassword: epiphyseal
			seealso: uid=prigden, ou=People, dc=AD, dc=com

			dn: uid=bwalker, ou=People, o=example
			cn: Brad Walker
			@@ -907,7 +907,7 @@
			telephonenumber: +1 408 555 5526
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 0617
			userpassword: diachronic
			seealso: uid=brentz, ou=People, dc=AD, dc=com

			dn: uid=dsmith, ou=People, o=example
			cn: Daniel Smith
			@@ -979,7 +979,7 @@
			telephonenumber: +1 408 555 1926
			facsimiletelephonenumber: +1 408 555 9332
			roomnumber: 2721
			userpassword: guildhall
			seealso: uid=jmcFarla, ou=People, dc=AD, dc=com

			dn: uid=lcampbel, ou=People, o=example
			cn: Laurel Campbell
			@@ -2003,7 +2003,7 @@
			telephonenumber: +1 408 555 3358
			facsimiletelephonenumber: +1 408 555 9332
			roomnumber: 4912
			userpassword: bassinet
			seealso: uid=wlutz, ou=People, dc=AD,dc=com

			dn: uid=jlutz, ou=People, o=example
			cn: Janet Lutz
			@@ -2128,7 +2128,7 @@
			telephonenumber: +1 408 555 8541
			facsimiletelephonenumber: +1 408 555 4774
			roomnumber: 0034
			userpassword: brainwash
			seealso: uid=jbourke, ou=People, dc=AD, dc=com

			dn: uid=dlanoway, ou=People, o=example
			cn: Dan Lanoway
			@@ -2629,7 +2629,7 @@
			telephonenumber: +1 408 555 9045
			facsimiletelephonenumber: +1 408 555 1992
			roomnumber: 1984
			userpassword: transpose
			seealso: uid=rjense2, ou=People, dc=AD, dc=com

			dn: uid=rhunt, ou=People, o=example
			cn: Richard Hunt
			@@ -2767,7 +2767,7 @@
			dn: cn=PTA Remote Users,ou=groups,o=example
			objectclass: top
			objectclass: groupOfUniqueNames
			cn: Accounting Managers
			cn: PTA Remote Users
			ou: groups
			uniquemember: uid=jvedder, ou=People, o=example
			uniquemember: uid=tmorris, ou=People, o=example

			@@ -1,5 +1,5 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../../shared/stax.dtd">
			<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			@@ -78,6 +78,7 @@
			<!-- List of Test Cases -->
			<script>
			testsList=[]
			testsList.append('basic_pta_002')
			testsList.append('basic_pta_003')
			</script>

			@@ -47,20 +47,240 @@
			#@TestName Basic: PTA mapped-bind
			#@TestID basic_pta_002
			#@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
			#@TestPreamble
			#@TestSteps Configure LDAP PTA Policy
			#@TestPostamble
			#@TestPreamble Setup PTS
			#@TestStep Configure LDAP PTA Policy for mapped-bind
			#@TestStep Read back the "authentication policy" object
			#@TestStep Add ds-pwp-password-policy-dn to users entry
			#@TestStep Search users entry as Directory Manager for operational attributes
			#@TestStep Search users entry as self
			#@TestStep Modify the users entry
			#@TestStep Delete ds-pwp-password-policy-dn from users entry
			#@TestStep Remove LDAP PTA Authentication Policy
			#@TestPostamble Cleanup PTA
			#@TestResult Test is successful if the result code is 0
			-->
			<function name="basic_pta_002" scope="local">
			<testcase name="getTestCaseName('PTA mapped-bind')">
			<sequence>
			<try>
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Test Name = %s' % STAXCurrentTestcase
			</message>

			<call function="'testStep'">
			{ 'stepMessage' : 'On primary server configure LDAP PTA.' }
			</call>

			<script>
			options=[]
			options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
			options.append('--set mapped-attribute:seealso')
			options.append('--set mapping-policy:mapped-bind')
			options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
			options.append('--type ldap-pass-through')
			options.append('--policy-name "LDAP PTA"')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'create-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Read back the "authentication policy" object.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "LDAP PTA"')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'get-password-policy-prop',
			'optionsString' : dsconfigOptions
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
			</call>

			<script>
			remotePTAuserName='uid=jmcFarla, ou=People, o=example'
			remotePTAuserPSWD='walnut'
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'add'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'dsBaseDN' : remotePTAuserName ,
			'dsFilter' : 'objectclass=*' ,
			'dsAttributes' : '+'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as self.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : remotePTAuserName,
			'dsInstancePswd' : remotePTAuserPSWD ,
			'dsBaseDN' : remotePTAuserName ,
			'dsFilter' : 'objectclass=*'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Modify the users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('description: i am now a remote LDAP PTA user')
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : remotePTAuserName,
			'dsInstancePswd' : remotePTAuserPSWD,
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'replace'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname() ,
			'dsInstancePort' : local_ldap_server.getPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'delete'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "LDAP PTA"')
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'delete-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			</sequence>

			<catch exception="'STAXException'" typevar="eType" var="eInfo">
			<message log="1" level="'fatal'">
			'%s: Test failed. eInfo(%s)' % (eType,eInfo)
			</message>
			</catch>
			<finally>
			<call function="'testCase_Postamble'"/>
			</finally>
			</try>
			</sequence>
			</testcase>
			</function>

			<!--- Test Case information
			#@TestMarker Basic: PTA mapped-search
			#@TestName Basic: PTA mapped-search
			#@TestID basic_pta_003
			#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
			#@TestPreamble
			#@TestSteps Configure LDAP PTA Policy
			#@TestPostamble
			#@TestPreamble Setup PTS
			#@TestStep Configure LDAP PTA Policy for mapped-search
			#@TestStep Read back the "authentication policy" object
			#@TestStep Add ds-pwp-password-policy-dn to users entry
			#@TestStep Search users entry as Directory Manager for operational attributes
			#@TestStep Search users entry as self
			#@TestStep Modify the users entry
			#@TestStep ds-pwp-password-policy-dn from users entry
			#@TestStep Remove LDAP PTA Authentication Policy
			#@TestPostamble Cleanup PTA
			#@TestResult Test is successful if the result code is 0
			-->
			<function name="basic_pta_003" scope="local">
			@@ -73,13 +293,11 @@
			'Test Name = %s' % STAXCurrentTestcase
			</message>

			<!-- On primary server configure LDAP PTA -->
			<script>
			primaryHost = primary_remote_ldap_server.getHostname()
			primaryPort = primary_remote_ldap_server.getPort()
			secondaryHost = secondary_remote_ldap_server.getHostname()
			secondaryPort = secondary_remote_ldap_server.getPort()
			<call function="'testStep'">
			{ 'stepMessage' : 'On primary server configure LDAP PTA.' }
			</call>

			<script>
			options=[]
			options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
			options.append('--set mapped-attribute:cn')
			@@ -104,10 +322,13 @@
			}
			</call>

			<!-- Read back the "authentication policy" object -->
			<call function="'testStep'">
			{ 'stepMessage' : 'Read back the "authentication policy" object.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "LDAP PTA"')
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			@@ -124,14 +345,16 @@
			}
			</call>

			<!-- Add ds-pwp-password-policy-dn:
			cn=LDAP PTA,cn=Password Policies,cn=config
			to users entry -->
			<call function="'testStep'">
			{ 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
			</call>

			<script>
			remotePTAuserName='uid=jvedder, ou=People, o=example'
			remotePTAuserPSWD='befitting'
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: cn=LDAP PTA,cn=Password Policies,cn=config')
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			@@ -144,10 +367,14 @@
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'add' }
			'changetype' : 'add'
			}
			</call>

			<!-- Search users entry as Directory Manager for operational attributes -->
			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			@@ -162,7 +389,10 @@
			}
			</call>

			<!-- Search users entry as himself -->
			<call function="'testStep'">
			{ 'stepMessage' : 'Search users entry as self.' }
			</call>

			<call function="'ldapSearchWithScript'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			@@ -176,7 +406,10 @@
			}
			</call>

			<!-- Modify the users entry -->
			<call function="'testStep'">
			{ 'stepMessage' : 'Modify the users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('description: i am now a remote LDAP PTA user')
			@@ -192,13 +425,18 @@
			'dsInstancePswd' : remotePTAuserPSWD,
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'replace' }
			'changetype' : 'replace'
			}
			</call>

			<!-- Delete LDAP PTA (authentication) password policy attribute -->
			<call function="'testStep'">
			{ 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
			</call>

			<script>
			ldapObject=[]
			ldapObject.append('ds-pwp-password-policy-dn: cn=LDAP PTA,cn=Password Policies,cn=config')
			ldapObject.append('ds-pwp-password-policy-dn: %s' \
			% ldapPtaPolicyDn)
			</script>

			<call function="'modifyAnAttribute'">
			@@ -211,7 +449,31 @@
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'DNToModify' : remotePTAuserName ,
			'listAttributes' : ldapObject ,
			'changetype' : 'delete' }
			'changetype' : 'delete'
			}
			</call>

			<call function="'testStep'">
			{ 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
			</call>

			<script>
			options=[]
			options.append('--policy-name "%s"' % ldapPtaPolicyName)
			dsconfigOptions=' '.join(options)
			</script>

			<call function="'dsconfig'">
			{ 'location' : local_ldap_server.getHostname(),
			'dsPath' : '%s/%s' \
			% (local_ldap_server.getDir(),OPENDSNAME),
			'dsInstanceHost' : local_ldap_server.getHostname(),
			'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
			'dsInstanceDn' : local_ldap_server.getRootDn(),
			'dsInstancePswd' : local_ldap_server.getRootPwd(),
			'subcommand' : 'delete-password-policy',
			'optionsString' : dsconfigOptions
			}
			</call>

			</sequence>

			@@ -69,6 +69,9 @@
			</call>

			<script>
			ldapPtaPolicyName = 'LDAP PTA'
			ldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % ldapPtaPolicyName

			local_ldap = 0
			primary_remote_ldap = 1
			secondary_remote_ldap = 2
			@@ -76,6 +79,11 @@
			local_ldap_server = _topologyServerList[local_ldap]
			primary_remote_ldap_server = _topologyServerList[primary_remote_ldap]
			secondary_remote_ldap_server = _topologyServerList[secondary_remote_ldap]

			primaryHost = primary_remote_ldap_server.getHostname()
			primaryPort = primary_remote_ldap_server.getPort()
			secondaryHost = secondary_remote_ldap_server.getHostname()
			secondaryPort = secondary_remote_ldap_server.getPort()
			</script>

			<!-- On remote servers create suffixes -->