external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -58,7 +58,7 @@
			file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
			<call function="'privileges_setup'" />

			<!---
			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Users Tests
			@@ -246,7 +246,7 @@
			'dsInstancePswd' : 'ACIRules' ,
			'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'cn sn uid'}
			'attributes' : 'cn sn uid' }
			</call>

			<script>
			@@ -1073,6 +1073,197 @@
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Users Tests
			#@TestName modify-acl - add aci - disable privilege
			#@TestIssue 1683
			#@TestPurpose disable privilege for modify-acl privilege for normal users - add aci
			#@TestPreamble none
			#@TestStep Admin adds write ACI.
			#@TestStep User adds ACI.
			#@TestStep Admin adds disabled-privilege.
			#@TestStep User adds ACI.
			#@TestStep Admin deletes write ACI.
			#@TestStep User adds second ACI.
			#@TestStep Admin deletes disabled-privilege.
			#@TestStep Admin deletes user-added ACI.
			#@TestStep User adds second ACI.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 2, 6, and 9, and 0
			for all other ldap operations.
			-->
			<testcase name="getTestCaseName('modify-acl - add aci - disable privilege')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, Admin adding write ACI'
			</message>

			<script>
			write_aci="(targetattr=\"aci \|\| ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
			</script>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : write_aci ,
			'changetype' : 'add' }
			</call>

			<script>
			search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
			</script>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : search_aci ,
			'changetype' : 'add' ,
			'expectedRC' : 50 }
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, Admin disabling privilege'
			</message>

			<call function="'dsconfigSet'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'objectName' : 'global-configuration' ,
			'attributeName' : 'disabled-privilege' ,
			'attributeValue' : 'modify-acl' }
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : search_aci ,
			'changetype' : 'add' }
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting write ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : write_aci ,
			'changetype' : 'delete' }
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
			</message>

			<script>
			search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
			</script>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : search2_aci ,
			'changetype' : 'add' ,
			'expectedRC' : 50
			}
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, Admin un-disabling privilege'
			</message>

			<call function="'dsconfigSet'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'objectName' : 'global-configuration' ,
			'attributeName' : 'disabled-privilege' ,
			'attributeValue' : 'modify-acl' ,
			'modifyType' : 'remove' }
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting user-added ACI'
			</message>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : search_aci ,
			'changetype' : 'delete' }
			</call>

			<message>
			'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
			</message>

			<script>
			search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
			</script>

			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
			'attributeName' : 'aci' ,
			'newAttributeValue' : search3_aci ,
			'changetype' : 'add' ,
			'expectedRC' : 50
			}
			</call>

			<call function="'checktestRC'">
			{ 'returncode' : RC ,
			'result' : STAXResult }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Users Tests
			#@TestName modify-acl - replace aci
			#@TestIssue 471
			#@TestPurpose modify-acl privilege for normal users - replace aci
			@@ -1543,6 +1734,137 @@
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Users Tests
			#@TestName config-read - disable privilege
			#@TestIssue 1683
			#@TestPurpose config-read privilege for normal users
			#@TestPreamble none
			#@TestStep User searches cn=config, check default behavior.
			#@TestStep Admin adds privilege.
			#@TestStep User searches cn=config.
			#@TestStep Admin removes privilege.
			#@TestStep User searches cn=config.
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 50
			for steps 1 and 5, and 0
			for all other ldap operations.
			Proper entries returned for allowed searches.
			-->
			<testcase name="getTestCaseName('config-read - disable privilege')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<message>
			'Privileges: Users: config-read - disable privilege, check default privilege, user searching cn=config'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'dsBaseDN' : 'cn=config' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'ds-cfg-check-schema' ,
			'extraParams' : '-s base' ,
			'expectedRC' : 50
			}
			</call>

			<message>
			'Privileges: Users: config-read - disable privilege, Admin disabling privilege'
			</message>

			<call function="'dsconfigSet'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'objectName' : 'global-configuration' ,
			'attributeName' : 'disabled-privilege' ,
			'attributeValue' : 'config-read' }
			</call>

			<message>
			'Privileges: Users: config-read - disable privilege, user searching cn=config'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'dsBaseDN' : 'cn=config' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'ds-cfg-check-schema' ,
			'extraParams' : '-s base' }
			</call>

			<script>
			returnString = STAXResult[0][1]
			</script>

			<call function="'searchStringForSubstring'">
			{ 'returnString' : returnString ,
			'testString' : 'dn: cn=config' ,
			'expectedResult' : '1' }
			</call>

			<call function="'searchStringForSubstring'">
			{ 'returnString' : returnString ,
			'testString' : 'ds-cfg-check-schema:' ,
			'expectedResult' : '1' }
			</call>

			<message>
			'Privileges: Users: config-read - disable privilege, Admin un-disabling privilege'
			</message>

			<call function="'dsconfigSet'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'objectName' : 'global-configuration' ,
			'attributeName' : 'disabled-privilege' ,
			'attributeValue' : 'config-read' ,
			'modifyType' : 'remove' }
			</call>

			<message>
			'Privileges: Users: config-read - disable privilege, user searching cn=config'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
			'dsInstancePswd' : 'ACIRules' ,
			'dsBaseDN' : 'cn=config' ,
			'dsFilter' : 'objectclass=*' ,
			'attributes' : 'ds-cfg-check-schema' ,
			'extraParams' : '-s base' ,
			'expectedRC' : 50 }
			</call>

			<script>
			returnString = STAXResult[0][1]
			</script>

			<call function="'checktestStringNotPresent'">
			{ 'returnString' : returnString ,
			'testString' : 'dn: cn=config' }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>


			<!---
			Place test-specific test information here.
			The tag, TestMarker, must be the same as the tag, TestSuiteName.
			#@TestMarker Privileges Users Tests
			#@TestName config-write
			#@TestIssue 472
			#@TestPurpose config-write privilege for normal users

	opends/tests/functional-tests/shared/functions/dsconfig.xml	8 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/privileges/privileges_users.xml	326 ●●●●● patch \| view \| raw \| blame \| history

			@@ -106,14 +106,14 @@
			<function-arg-property name="type" value="string" />
			</function-arg-def>

			<function-arg-def name="propertyType" type="required">
			<function-arg-def name="propertyType" type="optional" default="''">
			<function-arg-description>
			Property type to modify, e.g. validator
			</function-arg-description>
			<function-arg-property name="type" value="string" />
			</function-arg-def>

			<function-arg-def name="propertyName" type="required">
			<function-arg-def name="propertyName" type="optional" default="''">
			<function-arg-description>
			Property to modify, e.g. enabled
			</function-arg-description>
			@@ -162,7 +162,9 @@

			STAFCmdParamsList=[]
			STAFCmdParamsList.append('set-%s-prop ' % (objectName))
			STAFCmdParamsList.append('--%s-name "%s" ' % (propertyType,propertyName))

			if propertyType:
			STAFCmdParamsList.append('--%s-name "%s" ' % (propertyType,propertyName))

			if modifyType == 'reset':
			STAFCmdParamsList.append('--%s %s' % (modifyType,attributeName))