external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: fe721900 | patch | commit | show whitespace

Add set of QoP testcases to SASL test suite

ugaston

26.30.2008 9156349c9a55c34ed75a828ff217259fa02ff1e7

Add set of QoP testcases to SASL test suite

1 files added

2 files modified

	opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml	459 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/shared/functions/ldap.xml	219 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/shared/java/ldap/saslSearchClient.java	236 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml

@@ -2412,7 +2412,7 @@
            #@TestResult        Success if sasl bind fails with 49.
        -->
        <testcase name=
                 "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn')">
                 "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
@@ -2455,7 +2455,7 @@
            #@TestResult        Success if sasl bind succeeds.
        -->
        <testcase name=
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn')">
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
@@ -2497,7 +2497,7 @@
            #@TestResult        Success if sasl bind fails with 49.
        -->
        <testcase name=
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn')">
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
@@ -2575,7 +2575,7 @@
            #@TestResult        Success if sasl bind succeeds.
        -->
        <testcase name=
                 "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn')">
                 "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
@@ -2617,7 +2617,7 @@
            #@TestResult        Success if sasl bind succeeds.
        -->
        <testcase name=
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn')">
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
@@ -2659,7 +2659,7 @@
            #@TestResult        Success if sasl bind fails with 49.
        -->
        <testcase name=
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn')">
            "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
@@ -2688,6 +2688,453 @@
        

        

       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth-int ; server:none}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth-int, server qop=none
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
           "getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:none}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:none}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth-int',
                'expectedRC'       : 89
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>
        

       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth-conf ; server:none}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth-conf, server qop=none
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
          "getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:none}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:none}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth-conf',
                'expectedRC'       : 89
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>
        


        <!--- Test case: Admin set qop -->
        <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          Set qop = integrity
            #@TestIssue         
            #@TestPurpose       Admin set QOP in SASL DIGEST-MD5 mechanism.
            #@TestPreamble      none
            #@TestStep          ldapmodify used to set qop.
            #@TestPostamble     none
            #@TestResult        Success if OpenDS returns 0.
        -->
        <testcase name="getTestCaseName('DIGEST-MD5 - Set QOP = integrity')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: SASL DIGEST-MD5: Set QOP = integrity'
            </message>

            <call function="'modifySaslMech'">
              { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
                'dsInstanceDn'   : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
                'handlerName'    : 'DIGEST-MD5',
                'propertyName'   : 'quality-of-protection',
                'propertyValue'  : 'integrity'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>


       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth ; server:integrity}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth, server qop=int
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
               "getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:int}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth ; server:int}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth',
                'expectedRC'       : 89
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>
        

       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth-int ; server:integrity}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth-int, server qop=int
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
           "getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:int}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:int}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth-int'
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>
        

       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth-conf ; server:integrity}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth-conf, server qop=int
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
          "getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:int}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:int}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth-conf',
                'expectedRC'       : 89
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>



        <!--- Test case: Admin set qop -->
        <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          Set qop = confidentiality
            #@TestIssue         
            #@TestPurpose       Admin set QOP in SASL DIGEST-MD5 mechanism.
            #@TestPreamble      none
            #@TestStep          ldapmodify used to set qop.
            #@TestPostamble     none
            #@TestResult        Success if OpenDS returns 0.
        -->
        <testcase name=
                    "getTestCaseName('DIGEST-MD5 - Set QOP = confidentiality')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: SASL DIGEST-MD5: Set QOP = confidentiality'
            </message>

            <call function="'modifySaslMech'">
              { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
                'dsInstanceDn'   : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
                'handlerName'    : 'DIGEST-MD5',
                'propertyName'   : 'quality-of-protection',
                'propertyValue'  : 'confidentiality'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>


       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth ; server:confidentiality}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth, server qop=conf
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
              "getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:conf}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth ; server:conf}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth',
                'expectedRC'       : 89
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>
        

       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth-int ; server:confidentiality}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth-int, server qop=conf
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
          "getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:conf}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:conf}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth-int',
                'expectedRC'       : 89
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>
        

       <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          QOP {client:auth-conf ; server:confidentiality}
            #@TestIssue         
            #@TestPurpose       Test the quality-of-protection
            #@TestPreamble      none
            #@TestStep          SASL bind with qop=auth-conf, server qop=conf
            #@TestPostamble     none
            #@TestResult        Success if sasl bind fails with 89.
        -->
        <testcase name=
         "getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:conf}')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
              'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:conf}'
            </message>
            
            <script>
              test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
            </script>
            <call function="'saslSearch'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT,
                'dsBaseDN'         : 'dc=example,dc=com',
                'dsFilter'         : 'objectclass=*',
                'mechanism'        : 'DIGEST-MD5',
                'authenticationId' : 'dn:%s' % test_user,
                'password'         : 'newleg',
                'protection'       : 'auth-conf'
              }
            </call>
                        
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>


        <!--- Test case: Admin unset qop -->
        <!---
            Place test-specific test information here.
            The tag, TestMarker, must be the same as the tag, TestSuiteName.
            #@TestMarker        SASL DIGEST-MD5 Tests
            #@TestName          Set qop = none
            #@TestIssue         
            #@TestPurpose       Admin set QOP in SASL DIGEST-MD5 mechanism.
            #@TestPreamble      none
            #@TestStep          ldapmodify used to set qop.
            #@TestPostamble     none
            #@TestResult        Success if OpenDS returns 0.
        -->
        <testcase name=
                    "getTestCaseName('DIGEST-MD5 - Set QOP = none')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: SASL DIGEST-MD5: Set QOP = none'
            </message>

            <call function="'modifySaslMech'">
              { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
                'dsInstanceDn'   : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
                'handlerName'    : 'DIGEST-MD5',
                'propertyName'   : 'quality-of-protection',
                'propertyValue'  : 'none'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>


        <!--- Test case: DIGEST-MD5 SASL Mechanism -->
        <!---
            Place test-specific test information here.

 opends/tests/staf-tests/shared/functions/ldap.xml

@@ -3186,4 +3186,223 @@
      </return>
    </sequence>
  </function>
  
  
  
  <!-- Modify an attribute -->
  <function name="saslSearch">
    <function-prolog>
      This function searches the Directory Server using SASL authentication
    </function-prolog>
    <function-map-args>
      <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
        <function-arg-description>
          Location of target host
        </function-arg-description>
        <function-arg-property name="type" value="hostname"/>
      </function-arg-def>
    
      <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
        <function-arg-description>
          Pathname to installation root
        </function-arg-description>
        <function-arg-property name="type" value="filepath"/>
      </function-arg-def>
    
      <function-arg-def name="dsInstanceHost" type="optional" default="STAF_REMOTE_HOSTNAME">
        <function-arg-description>
          Directory server hostname or IP address
        </function-arg-description>
        <function-arg-property name="type" value="hostname"/>
      </function-arg-def>      
    
      <function-arg-def name="dsInstancePort" type="required">
        <function-arg-description>
          Directory server port number
        </function-arg-description>      
        <function-arg-property name="type" value="Port number"/>
      </function-arg-def>

      <function-arg-def name="dsScope" type="optional">
        <function-arg-description>
          Search scope
        </function-arg-description>      
        <function-arg-property name="type" value="string"/>
      </function-arg-def>
    
      <function-arg-def name="dsBaseDN" type="required">
        <function-arg-description>
          Search base dn
        </function-arg-description>
        <function-arg-property name="type" value="DN"/>
      </function-arg-def> 
    
      <function-arg-def name="dsFilter" type="required">
        <function-arg-description>
          Search filter
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
      </function-arg-def>

      <function-arg-def name="mechanism" type="required">
        <function-arg-description>
          SASL mechanism
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
      </function-arg-def>

      <function-arg-def name="authenticationId" type="required">
        <function-arg-description>
          Authentication ID
        </function-arg-description>
        <function-arg-property name="type" value="DN"/>
      </function-arg-def> 
    
      <function-arg-def name="password" type="required">
        <function-arg-description>
          Authentication password
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
      </function-arg-def>          
    
     <function-arg-def name="authorizationId" type="optional">
        <function-arg-description>
          Authorization ID
        </function-arg-description>
        <function-arg-property name="type" value="DN"/>
      </function-arg-def>
      
      <function-arg-def name="realm" type="optional">
        <function-arg-description>
          Attribute to modify
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
      </function-arg-def>
    
     <function-arg-def name="protection" type="optional">
        <function-arg-description>
          Quality of protection (auth / auth-int / auth-conf)
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
      </function-arg-def>
      
     <function-arg-def name="strength" type="optional">
       <function-arg-description>
         Cipher strength (low / medium / high)
       </function-arg-description>
       <function-arg-property name="type" value="string"/>       
     </function-arg-def>
    
    <function-arg-def name="maxbuffersize" type="optional">
        <function-arg-description>
          Maximum receive buffer size.
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
    </function-arg-def>
   
    <function-arg-def name="suppressTestStatus" type="optional" default="0">
        <function-arg-description>
          Supress the call to checkTestRC
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
    </function-arg-def>

    <function-arg-def name="expectedRC" type="optional" default="0">
      <function-arg-description>
        Expected return code value. Default value is 0
        Wildcard 'noCheck' to not check the RC
      </function-arg-description>
      <function-arg-property name="type" value="string"/>
    </function-arg-def>      

    <function-arg-def name="knownIssue" type="optional" default="None">
      <function-arg-description>
        Known issue. Corresponds to an issue number.
      </function-arg-description>
      <function-arg-property name="type" value="string" />
    </function-arg-def>
  
    </function-map-args>
    <sequence>
    
      <!-- Local variables -->
      <script>
        mylocation=location
      
    
      <!-- Build the Command -->
      
        STAFCmdParamsList=[]
        STAFCmdParams=''  
        STAFCmd=''          
    </script>
      
     <!-- Set common ldap arguments -->      
      <call function="'_ldapCommonArgs'"/>

      <script>
        if dsScope:
          STAFCmdParamsList.append('-s "%s"' % dsScope)

        if dsBaseDN:
          STAFCmdParamsList.append('-b "%s"' % dsBaseDN)

        if dsFilter:
          STAFCmdParamsList.append('-f "%s"' % dsFilter)

        if mechanism:
          STAFCmdParamsList.append('--mech "%s"' % mechanism)

        if authenticationId:
          STAFCmdParamsList.append('--authid "%s"' % authenticationId)

        if password:
          STAFCmdParamsList.append('-w "%s"' % password)

        if authorizationId:
          STAFCmdParamsList.append('--authorizationId "%s"' % authorizationId)

        if realm:
          STAFCmdParamsList.append('--realm "%s"' % realm)      

        if protection:
          STAFCmdParamsList.append('--qop "%s"' % protection)

        if strength:
          STAFCmdParamsList.append('--strength "%s"' % strength)

        if maxbuffersize:
          STAFCmdParamsList.append('--maxbufsize "%s"' % maxbufsize)


        STAFCmdParams=' '.join(STAFCmdParamsList)
        
        STAFCmd='saslSearchClient' 
      </script>
      
      <if expr="suppressTestStatus == '1'">
        <script>
          expectedRC = 'noCheck'
        </script>
      </if>
      
      <call function="'runCommand'" >
        { 'name'      : 'Modify An Attribute value',
          'command'   : '%s/bin/java' % JAVA_HOME,
          'arguments' : '%s %s' % (STAFCmd,STAFCmdParams),
          'location'  : location,
          'envCmd'    : ['CLASSPATH=%s/../%s/ldap' % (dsPath,remote.reljavadir)],
          'path'      : '%s/../%s/ldap' % (dsPath,remote.reljavadir),
          'expectedRC': expectedRC,
          'knownIssue': knownIssue
        }
      </call>
      
      <return>
        [RC,STAXResult]
      </return>
    </sequence>
    
  </function>  
  
</stax>

 opends/tests/staf-tests/shared/java/ldap/saslSearchClient.java

New file
@@ -0,0 +1,236 @@
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at
 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Copyright 2008 Sun Microsystems, Inc.
 */

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.CompositeName;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.CommunicationException;
import javax.naming.directory.InvalidSearchFilterException;
import javax.security.sasl.AuthenticationException;
import java.util.HashSet;
import java.util.Iterator;

/**
 *  Perform an Ldap search using SASL as authentication mechanism.
 *  Supports sasl encryption.
 *  The function returns the ldap error code
 */
public class saslSearchClient {

  /**
   * Main.
   *
   * @param args arguments
   */
  public static void main(String[] args) {

    // Ldapsearch parameters
    String hostname = null;
    String ldapPort = null;
    String scope = null;
    String basedn = null;
    String filter = null;
    

    // SASL options
    String mechanism = null;
    String authid = null;
    String password = null;
    String authzid = null;
    String realm = null;
    String qop = null;
    String strength = null;
    String maxbufsize = null;
    
    
    String errorCode = null;
    String errorMessage = null;
    String errorCause = null;
    

    Hashtable envLdap  = new Hashtable();
    LdapContext ctx = null;



    for (int k=0; k< args.length; k++) {
      String opt1 = args[k];
      String val1 = args[k+1];

      // Get ldapsearch parameters
      if (opt1.equals("-h")) {
        hostname = val1;
      }
      if (opt1.equals("-p")) {
        ldapPort = val1;
      }
      if (opt1.equals("-s")) {
        scope = val1;
      }
      if (opt1.equals("-b")) {
        basedn = val1;
      }
      if (opt1.equals("-f")) {
        filter = val1;
      }
      
      // Get SASL options
      if (opt1.equals("--mech")) {
        mechanism = val1;
      }
      if (opt1.equals("--authid")) {
        authid = val1;
      }
      if (opt1.equals("-w")) {
          password = val1;
        }
      if (opt1.equals("--authzid")) {
        authzid = val1;
      }
      if (opt1.equals("--realm")) {
        realm = val1;
      }
      if (opt1.equals("--qop")) {
        qop = val1;
      }
      if (opt1.equals("--strength")) {
        strength = val1;
      }
      if (opt1.equals("--maxbufsize")) {
        maxbufsize = val1;
      }
      k++;
    }




    String provider = "ldap://"  + hostname + ":" + ldapPort  + "/";

    envLdap.put("java.naming.factory.initial",
        "com.sun.jndi.ldap.LdapCtxFactory");
    envLdap.put(Context.PROVIDER_URL, provider);
    
    if (mechanism != null) {
      envLdap.put(Context.SECURITY_AUTHENTICATION, mechanism);
    }
    
    envLdap.put(Context.SECURITY_PRINCIPAL, authid);
    envLdap.put(Context.SECURITY_CREDENTIALS, password);
    
    if (authzid != null) {
      envLdap.put("javax.security.sasl.authorizationId", authzid);
    }
    if (realm != null) {
      envLdap.put("javax.security.sasl.realm", realm);
    }
    if (qop != null) {
      envLdap.put("javax.security.sasl.qop", qop);
    }
    if (strength != null) {
      envLdap.put("javax.security.sasl.strength", strength);
    }
    if (maxbufsize != null) {
      envLdap.put("javax.security.sasl.maxbuf", maxbufsize);
    }

    try {
      System.out.println("Search with SASL auth " + mechanism);
      System.out.println("Authentication ID " + authid);
      System.out.println("Password " + password);
      System.out.println("Authorization ID " + authzid);
      System.out.println("Realm " + realm);
      System.out.println("Quality of Protection " + qop);
      System.out.println("Cipher Strength " + strength);
      System.out.println("Maximum receive buffer size " + maxbufsize);

      // connect to server
      ctx = new InitialLdapContext(envLdap, null);

      // issue ldapsearch
      ctx.search(basedn, filter, null);
      
      ctx.close();
    } catch (CommunicationException e1) {
      e1.printStackTrace();
      errorMessage = e1.getMessage();
      if (e1.getCause() != null)
        errorCause = e1.getCause().toString();
    } catch (InvalidSearchFilterException e2) {
      e2.printStackTrace();
      errorMessage = e2.getMessage();
      if (e2.getCause() != null)
        errorCause = e2.getCause().toString();
    } catch (NamingException e3) {
      e3.printStackTrace();
      errorMessage = e3.getMessage();
      if (e3.getCause() != null)
        errorCause = e3.getCause().toString();
    } catch (Exception e4) {
      e4.printStackTrace();
      errorMessage = e4.getMessage();
      if (e4.getCause() != null)
        errorCause = e4.getCause().toString();
    }
    
    
    String NO_COMMON_QOP_LAYER = 
        "No common protection layer between client and server";
    

    // No error, the modify is success
    if ( errorMessage == null ) {
      errorCode = "0";
    } else {
      System.out.println();
      System.out.println(errorMessage);
      if (errorCause != null)
        System.out.println(errorCause);
      System.out.println();
      System.out.println();
      if (errorCause != null && errorCause.indexOf(NO_COMMON_QOP_LAYER) != -1) {
        // return 89-LDAP_PARAM_ERROR, which is also returned by ldap clients
        errorCode = "89";
      } else {
        int ind = errorMessage.indexOf("-");
        if ( ind > 0 ) {
          errorCode = errorMessage.substring(18, ind-1);
        } else errorCode = "0";
      }
    }

    int RC = Integer.parseInt(errorCode);
    System.exit(RC);
  }

}

			@@ -2412,7 +2412,7 @@
			#@TestResult Success if sasl bind fails with 49.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn')">
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			@@ -2455,7 +2455,7 @@
			#@TestResult Success if sasl bind succeeds.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn')">
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			@@ -2497,7 +2497,7 @@
			#@TestResult Success if sasl bind fails with 49.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn')">
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			@@ -2575,7 +2575,7 @@
			#@TestResult Success if sasl bind succeeds.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn')">
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			@@ -2617,7 +2617,7 @@
			#@TestResult Success if sasl bind succeeds.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn')">
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			@@ -2659,7 +2659,7 @@
			#@TestResult Success if sasl bind fails with 49.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn')">
			"getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			@@ -2688,6 +2688,453 @@




			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth-int ; server:none}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth-int, server qop=none
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:none}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:none}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth-int',
			'expectedRC' : 89
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth-conf ; server:none}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth-conf, server qop=none
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:none}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:none}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth-conf',
			'expectedRC' : 89
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>



			<!--- Test case: Admin set qop -->
			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName Set qop = integrity
			#@TestIssue
			#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
			#@TestPreamble none
			#@TestStep ldapmodify used to set qop.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 0.
			-->
			<testcase name="getTestCaseName('DIGEST-MD5 - Set QOP = integrity')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: Set QOP = integrity'
			</message>

			<call function="'modifySaslMech'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
			'handlerName' : 'DIGEST-MD5',
			'propertyName' : 'quality-of-protection',
			'propertyValue' : 'integrity'
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth ; server:integrity}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth, server qop=int
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:int}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth ; server:int}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth',
			'expectedRC' : 89
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth-int ; server:integrity}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth-int, server qop=int
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:int}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:int}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth-int'
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth-conf ; server:integrity}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth-conf, server qop=int
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:int}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:int}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth-conf',
			'expectedRC' : 89
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>



			<!--- Test case: Admin set qop -->
			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName Set qop = confidentiality
			#@TestIssue
			#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
			#@TestPreamble none
			#@TestStep ldapmodify used to set qop.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 0.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - Set QOP = confidentiality')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: Set QOP = confidentiality'
			</message>

			<call function="'modifySaslMech'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
			'handlerName' : 'DIGEST-MD5',
			'propertyName' : 'quality-of-protection',
			'propertyValue' : 'confidentiality'
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth ; server:confidentiality}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth, server qop=conf
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:conf}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth ; server:conf}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth',
			'expectedRC' : 89
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth-int ; server:confidentiality}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth-int, server qop=conf
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:conf}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:conf}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth-int',
			'expectedRC' : 89
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName QOP {client:auth-conf ; server:confidentiality}
			#@TestIssue
			#@TestPurpose Test the quality-of-protection
			#@TestPreamble none
			#@TestStep SASL bind with qop=auth-conf, server qop=conf
			#@TestPostamble none
			#@TestResult Success if sasl bind fails with 89.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:conf}')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:conf}'
			</message>

			<script>
			test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
			</script>
			<call function="'saslSearch'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsBaseDN' : 'dc=example,dc=com',
			'dsFilter' : 'objectclass=*',
			'mechanism' : 'DIGEST-MD5',
			'authenticationId' : 'dn:%s' % test_user,
			'password' : 'newleg',
			'protection' : 'auth-conf'
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!--- Test case: Admin unset qop -->
			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker SASL DIGEST-MD5 Tests
			#@TestName Set qop = none
			#@TestIssue
			#@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
			#@TestPreamble none
			#@TestStep ldapmodify used to set qop.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 0.
			-->
			<testcase name=
			"getTestCaseName('DIGEST-MD5 - Set QOP = none')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: SASL DIGEST-MD5: Set QOP = none'
			</message>

			<call function="'modifySaslMech'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
			'handlerName' : 'DIGEST-MD5',
			'propertyName' : 'quality-of-protection',
			'propertyValue' : 'none'
			}
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!--- Test case: DIGEST-MD5 SASL Mechanism -->
			<!---
			Place test-specific test information here.

			@@ -3186,4 +3186,223 @@
			</return>
			</sequence>
			</function>



			<!-- Modify an attribute -->
			<function name="saslSearch">
			<function-prolog>
			This function searches the Directory Server using SASL authentication
			</function-prolog>
			<function-map-args>
			<function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
			<function-arg-description>
			Location of target host
			</function-arg-description>
			<function-arg-property name="type" value="hostname"/>
			</function-arg-def>

			<function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
			<function-arg-description>
			Pathname to installation root
			</function-arg-description>
			<function-arg-property name="type" value="filepath"/>
			</function-arg-def>

			<function-arg-def name="dsInstanceHost" type="optional" default="STAF_REMOTE_HOSTNAME">
			<function-arg-description>
			Directory server hostname or IP address
			</function-arg-description>
			<function-arg-property name="type" value="hostname"/>
			</function-arg-def>

			<function-arg-def name="dsInstancePort" type="required">
			<function-arg-description>
			Directory server port number
			</function-arg-description>
			<function-arg-property name="type" value="Port number"/>
			</function-arg-def>

			<function-arg-def name="dsScope" type="optional">
			<function-arg-description>
			Search scope
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="dsBaseDN" type="required">
			<function-arg-description>
			Search base dn
			</function-arg-description>
			<function-arg-property name="type" value="DN"/>
			</function-arg-def>

			<function-arg-def name="dsFilter" type="required">
			<function-arg-description>
			Search filter
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="mechanism" type="required">
			<function-arg-description>
			SASL mechanism
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="authenticationId" type="required">
			<function-arg-description>
			Authentication ID
			</function-arg-description>
			<function-arg-property name="type" value="DN"/>
			</function-arg-def>

			<function-arg-def name="password" type="required">
			<function-arg-description>
			Authentication password
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="authorizationId" type="optional">
			<function-arg-description>
			Authorization ID
			</function-arg-description>
			<function-arg-property name="type" value="DN"/>
			</function-arg-def>

			<function-arg-def name="realm" type="optional">
			<function-arg-description>
			Attribute to modify
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="protection" type="optional">
			<function-arg-description>
			Quality of protection (auth / auth-int / auth-conf)
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="strength" type="optional">
			<function-arg-description>
			Cipher strength (low / medium / high)
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="maxbuffersize" type="optional">
			<function-arg-description>
			Maximum receive buffer size.
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="suppressTestStatus" type="optional" default="0">
			<function-arg-description>
			Supress the call to checkTestRC
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="expectedRC" type="optional" default="0">
			<function-arg-description>
			Expected return code value. Default value is 0
			Wildcard 'noCheck' to not check the RC
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>

			<function-arg-def name="knownIssue" type="optional" default="None">
			<function-arg-description>
			Known issue. Corresponds to an issue number.
			</function-arg-description>
			<function-arg-property name="type" value="string" />
			</function-arg-def>

			</function-map-args>
			<sequence>

			<!-- Local variables -->
			<script>
			mylocation=location


			<!-- Build the Command -->

			STAFCmdParamsList=[]
			STAFCmdParams=''
			STAFCmd=''
			</script>

			<!-- Set common ldap arguments -->
			<call function="'_ldapCommonArgs'"/>

			<script>
			if dsScope:
			STAFCmdParamsList.append('-s "%s"' % dsScope)

			if dsBaseDN:
			STAFCmdParamsList.append('-b "%s"' % dsBaseDN)

			if dsFilter:
			STAFCmdParamsList.append('-f "%s"' % dsFilter)

			if mechanism:
			STAFCmdParamsList.append('--mech "%s"' % mechanism)

			if authenticationId:
			STAFCmdParamsList.append('--authid "%s"' % authenticationId)

			if password:
			STAFCmdParamsList.append('-w "%s"' % password)

			if authorizationId:
			STAFCmdParamsList.append('--authorizationId "%s"' % authorizationId)

			if realm:
			STAFCmdParamsList.append('--realm "%s"' % realm)

			if protection:
			STAFCmdParamsList.append('--qop "%s"' % protection)

			if strength:
			STAFCmdParamsList.append('--strength "%s"' % strength)

			if maxbuffersize:
			STAFCmdParamsList.append('--maxbufsize "%s"' % maxbufsize)


			STAFCmdParams=' '.join(STAFCmdParamsList)

			STAFCmd='saslSearchClient'
			</script>

			<if expr="suppressTestStatus == '1'">
			<script>
			expectedRC = 'noCheck'
			</script>
			</if>

			<call function="'runCommand'" >
			{ 'name' : 'Modify An Attribute value',
			'command' : '%s/bin/java' % JAVA_HOME,
			'arguments' : '%s %s' % (STAFCmd,STAFCmdParams),
			'location' : location,
			'envCmd' : ['CLASSPATH=%s/../%s/ldap' % (dsPath,remote.reljavadir)],
			'path' : '%s/../%s/ldap' % (dsPath,remote.reljavadir),
			'expectedRC': expectedRC,
			'knownIssue': knownIssue
			}
			</call>

			<return>
			[RC,STAXResult]
			</return>
			</sequence>

			</function>

			</stax>

New file
			@@ -0,0 +1,236 @@
			/*
			* CDDL HEADER START
			*
			* The contents of this file are subject to the terms of the
			* Common Development and Distribution License, Version 1.0 only
			* (the "License"). You may not use this file except in compliance
			* with the License.
			*
			* You can obtain a copy of the license at
			* trunk/opends/resource/legal-notices/OpenDS.LICENSE
			* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			* See the License for the specific language governing permissions
			* and limitations under the License.
			*
			* When distributing Covered Code, include this CDDL HEADER in each
			* file and include the License file at
			* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			* add the following below this CDDL HEADER, with the fields enclosed
			* by brackets "[]" replaced with your own identifying information:
			* Portions Copyright [yyyy] [name of copyright owner]
			*
			* CDDL HEADER END
			*
			*
			* Copyright 2008 Sun Microsystems, Inc.
			*/

			import java.util.Hashtable;
			import javax.naming.Context;
			import javax.naming.NamingException;
			import javax.naming.directory.Attributes;
			import javax.naming.ldap.LdapContext;
			import javax.naming.ldap.InitialLdapContext;
			import javax.naming.CompositeName;
			import javax.naming.directory.BasicAttribute;
			import javax.naming.directory.BasicAttributes;
			import javax.naming.CommunicationException;
			import javax.naming.directory.InvalidSearchFilterException;
			import javax.security.sasl.AuthenticationException;
			import java.util.HashSet;
			import java.util.Iterator;

			/**
			* Perform an Ldap search using SASL as authentication mechanism.
			* Supports sasl encryption.
			* The function returns the ldap error code
			*/
			public class saslSearchClient {

			/**
			* Main.
			*
			* @param args arguments
			*/
			public static void main(String[] args) {

			// Ldapsearch parameters
			String hostname = null;
			String ldapPort = null;
			String scope = null;
			String basedn = null;
			String filter = null;


			// SASL options
			String mechanism = null;
			String authid = null;
			String password = null;
			String authzid = null;
			String realm = null;
			String qop = null;
			String strength = null;
			String maxbufsize = null;


			String errorCode = null;
			String errorMessage = null;
			String errorCause = null;


			Hashtable envLdap = new Hashtable();
			LdapContext ctx = null;



			for (int k=0; k< args.length; k++) {
			String opt1 = args[k];
			String val1 = args[k+1];

			// Get ldapsearch parameters
			if (opt1.equals("-h")) {
			hostname = val1;
			}
			if (opt1.equals("-p")) {
			ldapPort = val1;
			}
			if (opt1.equals("-s")) {
			scope = val1;
			}
			if (opt1.equals("-b")) {
			basedn = val1;
			}
			if (opt1.equals("-f")) {
			filter = val1;
			}

			// Get SASL options
			if (opt1.equals("--mech")) {
			mechanism = val1;
			}
			if (opt1.equals("--authid")) {
			authid = val1;
			}
			if (opt1.equals("-w")) {
			password = val1;
			}
			if (opt1.equals("--authzid")) {
			authzid = val1;
			}
			if (opt1.equals("--realm")) {
			realm = val1;
			}
			if (opt1.equals("--qop")) {
			qop = val1;
			}
			if (opt1.equals("--strength")) {
			strength = val1;
			}
			if (opt1.equals("--maxbufsize")) {
			maxbufsize = val1;
			}
			k++;
			}




			String provider = "ldap://" + hostname + ":" + ldapPort + "/";

			envLdap.put("java.naming.factory.initial",
			"com.sun.jndi.ldap.LdapCtxFactory");
			envLdap.put(Context.PROVIDER_URL, provider);

			if (mechanism != null) {
			envLdap.put(Context.SECURITY_AUTHENTICATION, mechanism);
			}

			envLdap.put(Context.SECURITY_PRINCIPAL, authid);
			envLdap.put(Context.SECURITY_CREDENTIALS, password);

			if (authzid != null) {
			envLdap.put("javax.security.sasl.authorizationId", authzid);
			}
			if (realm != null) {
			envLdap.put("javax.security.sasl.realm", realm);
			}
			if (qop != null) {
			envLdap.put("javax.security.sasl.qop", qop);
			}
			if (strength != null) {
			envLdap.put("javax.security.sasl.strength", strength);
			}
			if (maxbufsize != null) {
			envLdap.put("javax.security.sasl.maxbuf", maxbufsize);
			}

			try {
			System.out.println("Search with SASL auth " + mechanism);
			System.out.println("Authentication ID " + authid);
			System.out.println("Password " + password);
			System.out.println("Authorization ID " + authzid);
			System.out.println("Realm " + realm);
			System.out.println("Quality of Protection " + qop);
			System.out.println("Cipher Strength " + strength);
			System.out.println("Maximum receive buffer size " + maxbufsize);

			// connect to server
			ctx = new InitialLdapContext(envLdap, null);

			// issue ldapsearch
			ctx.search(basedn, filter, null);

			ctx.close();
			} catch (CommunicationException e1) {
			e1.printStackTrace();
			errorMessage = e1.getMessage();
			if (e1.getCause() != null)
			errorCause = e1.getCause().toString();
			} catch (InvalidSearchFilterException e2) {
			e2.printStackTrace();
			errorMessage = e2.getMessage();
			if (e2.getCause() != null)
			errorCause = e2.getCause().toString();
			} catch (NamingException e3) {
			e3.printStackTrace();
			errorMessage = e3.getMessage();
			if (e3.getCause() != null)
			errorCause = e3.getCause().toString();
			} catch (Exception e4) {
			e4.printStackTrace();
			errorMessage = e4.getMessage();
			if (e4.getCause() != null)
			errorCause = e4.getCause().toString();
			}


			String NO_COMMON_QOP_LAYER =
			"No common protection layer between client and server";


			// No error, the modify is success
			if ( errorMessage == null ) {
			errorCode = "0";
			} else {
			System.out.println();
			System.out.println(errorMessage);
			if (errorCause != null)
			System.out.println(errorCause);
			System.out.println();
			System.out.println();
			if (errorCause != null && errorCause.indexOf(NO_COMMON_QOP_LAYER) != -1) {
			// return 89-LDAP_PARAM_ERROR, which is also returned by ldap clients
			errorCode = "89";
			} else {
			int ind = errorMessage.indexOf("-");
			if ( ind > 0 ) {
			errorCode = errorMessage.substring(18, ind-1);
			} else errorCode = "0";
			}
			}

			int RC = Integer.parseInt(errorCode);
			System.exit(RC);
			}

			}