mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: de13abc3 | patch | commit | ignore whitespace
dugan
22.30.2007 a96af2c4104236afb2fee3626629f3190f2a5309 
Enable dseecompat ACI package by default.
3 files modified
48 ■■■■■ changed files
opends/resource/config/config.ldif 4 ●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/config-changes.ldif 5 ●●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java 39 ●●●● patch | view | raw | blame | history 
 opends/resource/config/config.ldif


@@ -51,9 +51,11 @@


objectClass: top


objectClass: ds-cfg-access-control-handler


objectClass: ds-cfg-dseecompat-access-control-handler


ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";)


ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";) 


cn: Access Control Handler


ds-cfg-acl-handler-class: org.opends.server.authorization.dseecompat.AciProvider


ds-cfg-acl-handler-enabled: false


ds-cfg-acl-handler-enabled: true




dn: cn=Account Status Notification Handlers,cn=config


objectClass: top




 opends/tests/unit-tests-testng/resource/config-changes.ldif


@@ -2,11 +2,6 @@


changetype: modify


replace: ds-cfg-notify-abandoned-operations


ds-cfg-notify-abandoned-operations: true




dn: cn=Access Control Handler,cn=config


changetype: modify


replace: ds-cfg-acl-handler-enabled


ds-cfg-acl-handler-enabled: true


-




dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config




 opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java


@@ -31,10 +31,7 @@


import org.opends.server.types.LDIFImportConfig;


import org.opends.server.types.LDIFExportConfig;


import org.opends.server.tools.*;


import org.testng.annotations.Test;


import org.testng.annotations.DataProvider;


import org.testng.annotations.BeforeMethod;


import org.testng.annotations.BeforeClass;


import org.testng.annotations.*;


import static org.testng.Assert.assertEquals;


import org.testng.Assert;


import static org.opends.server.util.ServerConstants.EOL;


@@ -481,7 +478,14 @@


  @BeforeClass


  public void setupClass() throws Exception {


    TestCaseUtils.startServer();


    deleteAttrFromEntry(ACCESS_HANDLER_DN, ATTR_AUTHZ_GLOBAL_ACI, true);


    TestCaseUtils.clearJEBackend(true, "userRoot", "dc=example,dc=com");




  }




   @AfterClass


   public void tearDown() throws Exception {


     modEntries(GLOBAL_DEFAULT_ACIS, DIR_MGR_DN, DIR_MGR_PW);


  }




  @BeforeMethod


@@ -983,6 +987,23 @@


                                       GLOBAL_ALLOW_MONITOR_TO_ADMIN_ACI,


                                       GLOBAL_ALLOW_BASE_DN_TO_LEVEL_1_ACI);




    //Global defauls


private static final String GLOBAL_ANONYMOUS_READ_ACI =


       buildGlobalAciValue("name", "Anonymous read access", "targetattr!=",


                                     "userPassword||authPassword",


                                     "allow(read, search, compare)", BIND_RULE_USERDN_ANYONE);




private static final String GLOBAL_SELF_WRITE_ACI =


       buildGlobalAciValue("name", "Self entry modification", "targetattr",


                                     "*",


                                     "allow(write)", BIND_RULE_USERDN_SELF);






private static final String GLOBAL_DEFAULT_ACIS =


                     makeAttrAddAciLdif(ATTR_AUTHZ_GLOBAL_ACI,ACCESS_HANDLER_DN,


                                        GLOBAL_ANONYMOUS_READ_ACI,


                                        GLOBAL_SELF_WRITE_ACI);




 //ACI used to test LDAP compare.


 private static final


 String COMPARE_ACI =  makeAddAciLdif(OU_LEAF_DN,


@@ -1601,7 +1622,7 @@


            Assert.assertFalse(userResults.equals(""));


            String adminResults = ldapSearch(adminParam.getLdapSearchArgs());


            Assert.assertTrue(adminResults.equals(""));


            deleteAttrFromEntry(OU_LEAF_DN, "aci");


            deleteAttrFromEntry(OU_LEAF_DN, "aci", true);


            modEntries(GROUP1_GROUPDN_MODS, DIR_MGR_DN, DIR_MGR_PW);


            userResults = ldapSearch(userParam.getLdapSearchArgs());


            Assert.assertFalse(userResults.equals(""));


@@ -1636,7 +1657,7 @@


        Assert.assertFalse(monitorResults.equals(""));


        String baseResults = ldapSearch(baseParam.getLdapSearchArgs());


        Assert.assertFalse(baseResults.equals(""));


        deleteAttrFromEntry(ACCESS_HANDLER_DN, ATTR_AUTHZ_GLOBAL_ACI);


        deleteAttrFromEntry(ACCESS_HANDLER_DN, ATTR_AUTHZ_GLOBAL_ACI, true);


        monitorResults = ldapSearch(monitorParam.getLdapSearchArgs());


        Assert.assertTrue(monitorResults.equals(""));


        baseResults = ldapSearch(baseParam.getLdapSearchArgs());


@@ -1877,7 +1898,7 @@


    throws Exception {


    File tempFile = getTemporaryLdifFile();


    TestCaseUtils.writeFile(tempFile, ldif);


    ArrayList<String> argList=new ArrayList<String>();


    ArrayList<String> argList=new ArrayList<String>(20);


    argList.add("-h");


    argList.add("127.0.0.1");


    argList.add("-p");


@@ -1898,13 +1919,13 @@


        deleteEntries(ALL_TEST_ENTRY_DNS_BOTTOM_UP);


    }




    private void deleteAttrFromEntry(String dn, String attr) throws Exception {


    private void deleteAttrFromEntry(String dn, String attr, boolean errorOk) throws Exception {


        StringBuilder ldif = new StringBuilder();


        ldif.append(TestCaseUtils.makeLdif(


                "dn: "  + dn,


                "changetype: modify",


                "delete: " + attr));


        modEntries(ldif.toString(), DIR_MGR_DN, DIR_MGR_PW, true, false);


        modEntries(ldif.toString(), DIR_MGR_DN, DIR_MGR_PW, errorOk, false);


    }




    private void deleteEntries(String[] entries) throws Exception {