external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: eda03abb | patch | commit | show whitespace

Fix use of invalid certificateSyntax in security functional tests

Gary Williams

15.06.2012 9e1bf64a87bfa4a5a297a2c6e618e603798364cb

Fix use of invalid certificateSyntax in security functional tests

2 files modified

	opends/tests/staf-tests/functional-tests/testcases/security/client_auth/client_auth_setup.xml	183 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/shared/functions/security.xml	119 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/staf-tests/functional-tests/testcases/security/client_auth/client_auth_setup.xml

@@ -24,6 +24,7 @@
 ! CDDL HEADER END
 !
 !      Copyright 2007-2009 Sun Microsystems, Inc.
 !      Portions Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="client_auth_setup"/>
@@ -48,7 +49,7 @@
          <!-- Load in the local shared python objects from libraries -->
          <call function="'loadVariables'" />
          <message>   
            '---- Generating Server Certicate -----'
            '---- Generating Server Certificate -----'
          </message>
    
          <!-- create a server certificate -->           
@@ -65,7 +66,7 @@
      
          <!-- Self-Sign Server Cert    -->
          <message>
                   '---- Self-Signing Server Certicate  ---- '
                   '---- Self-Signing Server Certificate  ---- '
          </message>

          <call function="'SelfSignCertificate'">
@@ -91,7 +92,7 @@
          </call>      
            
          <message>
                   '---- Generating client Certicate : %s ---- ' % (USER_1_CERT)
                   '---- Generating client Certificate : %s ---- ' % (USER_1_CERT)
          </message>
            
          <!-- create a client certificate  : USER_1_CERT -->                
@@ -167,7 +168,7 @@
          <call function="'loadVariables'" />
                  
          <!-- Export the server Cert -->
          <message>'----  Export the  Server Certicate ----'</message>    
          <message>'----  Export the  Server Certificate ----'</message>    
          <call function="'ExportCertificate'">
            { 'certAlias'  : 'server-cert' ,
              'outputfile' : SERVER_CERT_FILE,
@@ -342,179 +343,31 @@
          <!-- Load in the local shared python objects from libraries -->
          <call function="'loadVariables'" />
          
          <!-- Create users entries--> 
          <!-- Create USER_1_DN -->       
          <message> '----  Create User entry : %s----' % USER_1_DN</message>    
          <script>
            listAttr = []
            listAttr.append('objectclass:top')
            listAttr.append('objectclass:organizationalperson')
            listAttr.append('objectclass:inetorgperson')
            listAttr.append('objectclass:person')
            listAttr.append('objectclass:ds-certificate-user')
            listAttr.append('objectclass:strongAuthenticationUser')
            listAttr.append('userCertificate;binary:: YmFkX2NlcnRpZmljYXRlCgoK')
            listAttr.append('givenname:%s' % USER_1_CERT)
            listAttr.append('sn:%s' % USER_1_CERT)
            listAttr.append('cn:%s' % USER_1_CERT)
          </script>
          
          <call function="'addAnEntry'">
            { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
              'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'   : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
              'DNToAdd'         : USER_1_DN,
              'listAttributes' : listAttr,
              'expectedRC'     :  0
            }
          </call>

          <call function="'getFile'">
          <call function="'createStrongUserEntries'">
            { 'location'    : STAF_REMOTE_HOSTNAME,
              'filename'    : USER_1_CERT_FILE_RFC
              'certificate'     : USER_1_CERT,
              'filename'        : USER_1_CERT_FILE_RFC,
              'userdn'          : USER_1_DN,
              'localLdifFile'   : localUser1LdifFile,
              'remoteLdifFile'  : remoteUser1LdifFile
            }
          </call>

          <message>
            'Certificate contents:\n %s' % cmdResult
          </message>
                              
          <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
          <script>
            certList=STAXResult[1].split('\n')
            ret_str = ""
            for line in certList:
              index_cert = line.find("CERTIFICATE")
              if index_cert == -1:
                ret_str+=line.strip()
          </script>
                          
          <script>                        
            listAttr = []
            listAttr.append('dn: %s' % USER_1_DN)
            listAttr.append('changetype: modify')
            listAttr.append('replace: userCertificate;binary')
            listAttr.append('userCertificate;binary:: %s' % ret_str)
          </script>
          
          <!-- Write out the ldif -->
          <script>
            outfile = open(localUser1LdifFile,"w")
            
            for line in listAttr:
              outfile.write("%s\n" % line)
            
            outfile.close()
          </script>
          
          <!-- Copy the ldif file containing user certificate to remote host -->
          <message>'Copy ldif (%s) file to user entry %s  to %s' % (localUser1LdifFile,USER_1_DN,remoteUser1LdifFile)</message>
          <call function="'copyFile'">
            { 'location'   : STAXServiceMachine,
              'srcfile'    : localUser1LdifFile,
              'destfile'   : remoteUser1LdifFile,
              'remotehost' : STAF_REMOTE_HOSTNAME
            }
          </call>
          
          <call function="'modifyEntry'">
            { 'dsInstanceHost'    : DIRECTORY_INSTANCE_HOST,
              'dsInstancePort'    : DIRECTORY_INSTANCE_PORT,
              'dsInstanceDn'      : DIRECTORY_INSTANCE_DN,
              'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD,
              'entryToBeModified'  : remoteUser1LdifFile,
              'expectedRC'        :  0
            }
          </call>
          
          <!-- Create USER_2_DN : this used contains the objectclass  ds-certificate-user -->
          <message>'----  Create User entry : %s----' % USER_2_DN </message>
          <message>'----  This user contains an objectclass ds-certificate-user' </message>
          
          <script>
            listAttr = []   
            listAttr.append('objectclass:top')
            listAttr.append('objectclass:organizationalperson')
            listAttr.append('objectclass:inetorgperson')
            listAttr.append('objectclass:person')
            listAttr.append('objectclass:ds-certificate-user')        
            listAttr.append('objectclass:strongAuthenticationUser')
            listAttr.append('userCertificate;binary:: YmFkX2NlcnRpZmljYXRlCgoK')       
            listAttr.append('givenname:%s' % USER_2_CERT)
            listAttr.append('sn:%s' % USER_2_CERT)
            listAttr.append('cn:%s' % USER_2_CERT)
          </script>
          <call function="'addAnEntry'">
            { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
              'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
              'dsInstanceDn'   : DIRECTORY_INSTANCE_DN,
              'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
              'DNToAdd'         : USER_2_DN,
              'listAttributes' : listAttr,
              'expectedRC'     :  0
            }
          </call>

          <call function="'getFile'">
          <call function="'createStrongUserEntries'">
            { 'location'    : STAF_REMOTE_HOSTNAME,
              'filename'    : USER_2_CERT_FILE_RFC
              'certificate'     : USER_2_CERT,
              'filename'        : USER_2_CERT_FILE_RFC,
              'userdn'          : USER_2_DN,
              'localLdifFile'   : localUser2LdifFile,
              'remoteLdifFile'  : remoteUser2LdifFile
            }
          </call>

          <message>
            'Certificate contents:\n %s' % cmdResult
          </message>
                              
          <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
          <script>
            certList=STAXResult[1].split('\n')
            ret_str = ""
            for line in certList:
              index_cert = line.find("CERTIFICATE")
              if index_cert == -1:
                ret_str+=line.strip()
          </script>
          
          <!-- Modify the user Entry to store the certificates -->    
          <script>
            listAttr = []
            listAttr.append('dn: %s' % USER_2_DN)
            listAttr.append('changetype: modify')
            listAttr.append('replace: userCertificate;binary')
            listAttr.append('userCertificate;binary:: %s' % ret_str)
          </script>
          
          <!-- Write out the ldif -->
          <script>
            outfile = open(localUser2LdifFile,"w")
            for line in listAttr:
              outfile.write("%s\n" % line)
            outfile.close()
          </script>
          
          <!-- Copy the ldif file containing user certificate to remote host -->
          <message>'Copy ldif (%s) file to user entry %s  to %s' % (localUser2LdifFile,USER_2_DN,remoteUser2LdifFile)</message>
          <call function="'copyFile'">
            { 'location'   : STAXServiceMachine,
              'srcfile'    : localUser2LdifFile,
              'destfile'   : remoteUser2LdifFile,
              'remotehost' : STAF_REMOTE_HOSTNAME 
            }
          </call>
        
          <call function="'modifyEntry'">
            { 'dsInstanceHost'    : DIRECTORY_INSTANCE_HOST,
              'dsInstancePort'    : DIRECTORY_INSTANCE_PORT,
              'dsInstanceDn'      : DIRECTORY_INSTANCE_DN,
              'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD,
              'entryToBeModified'  : '%s' % remoteUser2LdifFile,
              'expectedRC'        :  0 
            }
          </call>
          <call function="'testCase_Postamble'"/>
        </sequence>
      </testcase>
    </sequence>
  </function>

</stax>

 opends/tests/staf-tests/shared/functions/security.xml

@@ -1921,4 +1921,123 @@
      </call>
    </sequence>
  </function>

  <function name="createStrongUserEntries" scope="local">
    <function-prolog>
      This creates strongAuthenticationUser entries with userCertificates
    </function-prolog>  
    <function-map-args>
      <function-arg-def name="location" type="required">
        <function-arg-description>
          Location of target host
        </function-arg-description>
        <function-arg-property name="type" value="hostname"/>
      </function-arg-def>
      <function-arg-def name="certificate" type="required">
        <function-arg-description>
          Certificate
        </function-arg-description>
        <function-arg-property name="type" value="string"/>
      </function-arg-def>
      <function-arg-def name="filename" type="required">
        <function-arg-description>
          Certificate filename
        </function-arg-description>
        <function-arg-property name="type" value="filename"/>
      </function-arg-def>
      <function-arg-def name="userdn" type="required">
        <function-arg-description>
          User DN
        </function-arg-description>
        <function-arg-property name="type" value="DN"/>
      </function-arg-def>
     <function-arg-def name="localLdifFile" type="required">
        <function-arg-description>
          Local ldif file
        </function-arg-description>
        <function-arg-property name="type" value="filename"/>
      </function-arg-def>
     <function-arg-def name="remoteLdifFile" type="required">
        <function-arg-description>
          Remote ldif file
        </function-arg-description>
        <function-arg-property name="type" value="filename"/>
      </function-arg-def>
    </function-map-args>
  
    <sequence>

      <!-- Get a certificate from a file in PEM format -->
      <call function="'getFile'">
        { 'location'    : location,
          'filename'    : filename
        }
      </call>

      <message>
        'Certificate contents:\n %s' % cmdResult
      </message>

      <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
      <script>
        certList=STAXResult[1].split('\n')
        ret_str = ""
        for line in certList:
          index_cert = line.find("CERTIFICATE")
          if index_cert == -1:
            ret_str+=line.strip()
      </script>

      <!-- Create ldif for users entries and add userCertificate --> 
      <message> '----  Create User entry : %s----' % userdn</message>    
      <script>
        listAttr = []
        listAttr.append('dn: %s' % userdn)
        listAttr.append('objectclass:top')
        listAttr.append('objectclass:organizationalperson')
        listAttr.append('objectclass:inetorgperson')
        listAttr.append('objectclass:person')
        listAttr.append('objectclass:ds-certificate-user')
        listAttr.append('objectclass:strongAuthenticationUser')
        listAttr.append('userCertificate;binary:: %s' % ret_str)
        listAttr.append('givenname:%s' % certificate)
        listAttr.append('sn:%s' % certificate)
        listAttr.append('cn:%s' % certificate)
      </script>

      <!-- Write out the ldif of users entry-->
      <script>
        outfile = open(localLdifFile,"w")
        for line in listAttr:
          outfile.write("%s\n" % line)
        outfile.close()
      </script>
      
      <!-- Copy the ldif file containing userCertificate to remote host -->
      <message>
        'Copy ldif (%s) file to user entry %s  to %s' % (localLdifFile,userdn,remoteLdifFile)
      </message>

      <call function="'copyFile'">
        { 'location'   : STAXServiceMachine,
          'srcfile'    : localLdifFile,
          'destfile'   : remoteLdifFile,
          'remotehost' : location 
        }
      </call>

      <!-- Add the users entry into the LDAP server -->
      <call function="'ldapModifyWithScript'"> 
        {
          'dsAdd'            : 'True' ,
          'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
          'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
          'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
          'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
          'dsFilename'       : remoteLdifFile
        }
      </call>

    </sequence> 
  </function> 
</stax>

			@@ -24,6 +24,7 @@
			! CDDL HEADER END
			!
			! Copyright 2007-2009 Sun Microsystems, Inc.
			! Portions Copyright 2012 ForgeRock AS.
			! -->
			<stax>
			<defaultcall function="client_auth_setup"/>
			@@ -48,7 +49,7 @@
			<!-- Load in the local shared python objects from libraries -->
			<call function="'loadVariables'" />
			<message>
			'---- Generating Server Certicate -----'
			'---- Generating Server Certificate -----'
			</message>

			<!-- create a server certificate -->
			@@ -65,7 +66,7 @@

			<!-- Self-Sign Server Cert -->
			<message>
			'---- Self-Signing Server Certicate ---- '
			'---- Self-Signing Server Certificate ---- '
			</message>

			<call function="'SelfSignCertificate'">
			@@ -91,7 +92,7 @@
			</call>

			<message>
			'---- Generating client Certicate : %s ---- ' % (USER_1_CERT)
			'---- Generating client Certificate : %s ---- ' % (USER_1_CERT)
			</message>

			<!-- create a client certificate : USER_1_CERT -->
			@@ -167,7 +168,7 @@
			<call function="'loadVariables'" />

			<!-- Export the server Cert -->
			<message>'---- Export the Server Certicate ----'</message>
			<message>'---- Export the Server Certificate ----'</message>
			<call function="'ExportCertificate'">
			{ 'certAlias' : 'server-cert' ,
			'outputfile' : SERVER_CERT_FILE,
			@@ -342,179 +343,31 @@
			<!-- Load in the local shared python objects from libraries -->
			<call function="'loadVariables'" />

			<!-- Create users entries-->
			<!-- Create USER_1_DN -->
			<message> '---- Create User entry : %s----' % USER_1_DN</message>
			<script>
			listAttr = []
			listAttr.append('objectclass:top')
			listAttr.append('objectclass:organizationalperson')
			listAttr.append('objectclass:inetorgperson')
			listAttr.append('objectclass:person')
			listAttr.append('objectclass:ds-certificate-user')
			listAttr.append('objectclass:strongAuthenticationUser')
			listAttr.append('userCertificate;binary:: YmFkX2NlcnRpZmljYXRlCgoK')
			listAttr.append('givenname:%s' % USER_1_CERT)
			listAttr.append('sn:%s' % USER_1_CERT)
			listAttr.append('cn:%s' % USER_1_CERT)
			</script>

			<call function="'addAnEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToAdd' : USER_1_DN,
			'listAttributes' : listAttr,
			'expectedRC' : 0
			}
			</call>

			<call function="'getFile'">
			<call function="'createStrongUserEntries'">
			{ 'location' : STAF_REMOTE_HOSTNAME,
			'filename' : USER_1_CERT_FILE_RFC
			'certificate' : USER_1_CERT,
			'filename' : USER_1_CERT_FILE_RFC,
			'userdn' : USER_1_DN,
			'localLdifFile' : localUser1LdifFile,
			'remoteLdifFile' : remoteUser1LdifFile
			}
			</call>

			<message>
			'Certificate contents:\n %s' % cmdResult
			</message>

			<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
			<script>
			certList=STAXResult[1].split('\n')
			ret_str = ""
			for line in certList:
			index_cert = line.find("CERTIFICATE")
			if index_cert == -1:
			ret_str+=line.strip()
			</script>

			<script>
			listAttr = []
			listAttr.append('dn: %s' % USER_1_DN)
			listAttr.append('changetype: modify')
			listAttr.append('replace: userCertificate;binary')
			listAttr.append('userCertificate;binary:: %s' % ret_str)
			</script>

			<!-- Write out the ldif -->
			<script>
			outfile = open(localUser1LdifFile,"w")

			for line in listAttr:
			outfile.write("%s\n" % line)

			outfile.close()
			</script>

			<!-- Copy the ldif file containing user certificate to remote host -->
			<message>'Copy ldif (%s) file to user entry %s to %s' % (localUser1LdifFile,USER_1_DN,remoteUser1LdifFile)</message>
			<call function="'copyFile'">
			{ 'location' : STAXServiceMachine,
			'srcfile' : localUser1LdifFile,
			'destfile' : remoteUser1LdifFile,
			'remotehost' : STAF_REMOTE_HOSTNAME
			}
			</call>

			<call function="'modifyEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
			'entryToBeModified' : remoteUser1LdifFile,
			'expectedRC' : 0
			}
			</call>

			<!-- Create USER_2_DN : this used contains the objectclass ds-certificate-user -->
			<message>'---- Create User entry : %s----' % USER_2_DN </message>
			<message>'---- This user contains an objectclass ds-certificate-user' </message>

			<script>
			listAttr = []
			listAttr.append('objectclass:top')
			listAttr.append('objectclass:organizationalperson')
			listAttr.append('objectclass:inetorgperson')
			listAttr.append('objectclass:person')
			listAttr.append('objectclass:ds-certificate-user')
			listAttr.append('objectclass:strongAuthenticationUser')
			listAttr.append('userCertificate;binary:: YmFkX2NlcnRpZmljYXRlCgoK')
			listAttr.append('givenname:%s' % USER_2_CERT)
			listAttr.append('sn:%s' % USER_2_CERT)
			listAttr.append('cn:%s' % USER_2_CERT)
			</script>
			<call function="'addAnEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
			'DNToAdd' : USER_2_DN,
			'listAttributes' : listAttr,
			'expectedRC' : 0
			}
			</call>

			<call function="'getFile'">
			<call function="'createStrongUserEntries'">
			{ 'location' : STAF_REMOTE_HOSTNAME,
			'filename' : USER_2_CERT_FILE_RFC
			'certificate' : USER_2_CERT,
			'filename' : USER_2_CERT_FILE_RFC,
			'userdn' : USER_2_DN,
			'localLdifFile' : localUser2LdifFile,
			'remoteLdifFile' : remoteUser2LdifFile
			}
			</call>

			<message>
			'Certificate contents:\n %s' % cmdResult
			</message>

			<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
			<script>
			certList=STAXResult[1].split('\n')
			ret_str = ""
			for line in certList:
			index_cert = line.find("CERTIFICATE")
			if index_cert == -1:
			ret_str+=line.strip()
			</script>

			<!-- Modify the user Entry to store the certificates -->
			<script>
			listAttr = []
			listAttr.append('dn: %s' % USER_2_DN)
			listAttr.append('changetype: modify')
			listAttr.append('replace: userCertificate;binary')
			listAttr.append('userCertificate;binary:: %s' % ret_str)
			</script>

			<!-- Write out the ldif -->
			<script>
			outfile = open(localUser2LdifFile,"w")
			for line in listAttr:
			outfile.write("%s\n" % line)
			outfile.close()
			</script>

			<!-- Copy the ldif file containing user certificate to remote host -->
			<message>'Copy ldif (%s) file to user entry %s to %s' % (localUser2LdifFile,USER_2_DN,remoteUser2LdifFile)</message>
			<call function="'copyFile'">
			{ 'location' : STAXServiceMachine,
			'srcfile' : localUser2LdifFile,
			'destfile' : remoteUser2LdifFile,
			'remotehost' : STAF_REMOTE_HOSTNAME
			}
			</call>

			<call function="'modifyEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
			'entryToBeModified' : '%s' % remoteUser2LdifFile,
			'expectedRC' : 0
			}
			</call>
			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			</sequence>
			</function>

			</stax>

			@@ -1921,4 +1921,123 @@
			</call>
			</sequence>
			</function>

			<function name="createStrongUserEntries" scope="local">
			<function-prolog>
			This creates strongAuthenticationUser entries with userCertificates
			</function-prolog>
			<function-map-args>
			<function-arg-def name="location" type="required">
			<function-arg-description>
			Location of target host
			</function-arg-description>
			<function-arg-property name="type" value="hostname"/>
			</function-arg-def>
			<function-arg-def name="certificate" type="required">
			<function-arg-description>
			Certificate
			</function-arg-description>
			<function-arg-property name="type" value="string"/>
			</function-arg-def>
			<function-arg-def name="filename" type="required">
			<function-arg-description>
			Certificate filename
			</function-arg-description>
			<function-arg-property name="type" value="filename"/>
			</function-arg-def>
			<function-arg-def name="userdn" type="required">
			<function-arg-description>
			User DN
			</function-arg-description>
			<function-arg-property name="type" value="DN"/>
			</function-arg-def>
			<function-arg-def name="localLdifFile" type="required">
			<function-arg-description>
			Local ldif file
			</function-arg-description>
			<function-arg-property name="type" value="filename"/>
			</function-arg-def>
			<function-arg-def name="remoteLdifFile" type="required">
			<function-arg-description>
			Remote ldif file
			</function-arg-description>
			<function-arg-property name="type" value="filename"/>
			</function-arg-def>
			</function-map-args>

			<sequence>

			<!-- Get a certificate from a file in PEM format -->
			<call function="'getFile'">
			{ 'location' : location,
			'filename' : filename
			}
			</call>

			<message>
			'Certificate contents:\n %s' % cmdResult
			</message>

			<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
			<script>
			certList=STAXResult[1].split('\n')
			ret_str = ""
			for line in certList:
			index_cert = line.find("CERTIFICATE")
			if index_cert == -1:
			ret_str+=line.strip()
			</script>

			<!-- Create ldif for users entries and add userCertificate -->
			<message> '---- Create User entry : %s----' % userdn</message>
			<script>
			listAttr = []
			listAttr.append('dn: %s' % userdn)
			listAttr.append('objectclass:top')
			listAttr.append('objectclass:organizationalperson')
			listAttr.append('objectclass:inetorgperson')
			listAttr.append('objectclass:person')
			listAttr.append('objectclass:ds-certificate-user')
			listAttr.append('objectclass:strongAuthenticationUser')
			listAttr.append('userCertificate;binary:: %s' % ret_str)
			listAttr.append('givenname:%s' % certificate)
			listAttr.append('sn:%s' % certificate)
			listAttr.append('cn:%s' % certificate)
			</script>

			<!-- Write out the ldif of users entry-->
			<script>
			outfile = open(localLdifFile,"w")
			for line in listAttr:
			outfile.write("%s\n" % line)
			outfile.close()
			</script>

			<!-- Copy the ldif file containing userCertificate to remote host -->
			<message>
			'Copy ldif (%s) file to user entry %s to %s' % (localLdifFile,userdn,remoteLdifFile)
			</message>

			<call function="'copyFile'">
			{ 'location' : STAXServiceMachine,
			'srcfile' : localLdifFile,
			'destfile' : remoteLdifFile,
			'remotehost' : location
			}
			</call>

			<!-- Add the users entry into the LDAP server -->
			<call function="'ldapModifyWithScript'">
			{
			'dsAdd' : 'True' ,
			'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'dsFilename' : remoteLdifFile
			}
			</call>

			</sequence>
			</function>
			</stax>