external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: d168c8c6 | patch | commit | ignore whitespace

Improve knownIssue handling in some replication and sasl testcases

ugaston

18.53.2009 b25da32e939089eb8108c4d7394b3f7d64232827

Improve knownIssue handling in some replication and sasl testcases

7 files modified

	opends/tests/staf-tests/functional-tests/testcases/replication/changelog/changelog.xml	14 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/replication/encryption/encryption.xml	55 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/replication/ldifimport/ldifimport.xml	8 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/replication/schema/schema.xml	22 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/replication/totalupdate/totalupdate.xml	9 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml	1021 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/staf-tests/shared/functions/tools.xml	22 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/staf-tests/functional-tests/testcases/replication/changelog/changelog.xml

@@ -1315,16 +1315,21 @@
                      # => expect NO entry returned
                      # => len(searchResult) = 0 => resultLength = 0
                      myExpectedRC = 0
                      # if entry not purged => we may have run into Issue 3736
                      # (Dynamic purge delay change not taken into account)
                      myKnownIssue = '3736'
                    else:
                      # purge delay not expired (default purge delay: 1 day)
                      # => expect entry returned
                      # => len(searchResult) > 0 => resultLength = 1
                      myExpectedRC = 1
                      myKnownIssue = None
                  </script>
                  <call function="'checktestRC'">
                    { 'returncode' : resultLength ,
                      'result'     : searchResult ,
                      'expected'   : myExpectedRC
                      'expected'   : myExpectedRC,
                      'issue'      : myKnownIssue
                    }
                  </call>                                           
                               
@@ -1332,16 +1337,11 @@
              </paralleliterate>
                                                
              <!-- Verify the synchronization of the trees among the servers in
                the topology -->          
                the topology -->
              <call function="'verifyTrees'">
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
              </call>

              <!-- #3736: Dynamic purge delay change not properly taken into 
                   account -->
              <call function="'setKnownIssue'">
                { 'issueId' : '3736' }
              </call>
             
              <call function="'testCase_Postamble'"/>
            </sequence>

 opends/tests/staf-tests/functional-tests/testcases/replication/encryption/encryption.xml

@@ -97,6 +97,16 @@
                  <script>
                    serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
                    userDn = 'uid=iabizen-%s, ou=People, %s' % (i,synchroSuffix)
                    
                    if i == 0:
                      myKnownIssue = None
                    else:
                      # if we fail to add the entry to the 'consumer' servers
                      # => it may mean that the initialize-all is not completely
                      # done yet, and so we may have come across Issue 3315
                      # (dsreplication initialize-all returns before peer 
                      # has completed initialisation)
                      myKnownIssue = '3315'
                  </script>
                    
                  <!-- Add entry to one of the other servers -->
@@ -121,7 +131,8 @@
                      'dsInstancePswd' : server.getRootPwd(),
                      'DNToAdd'        : userDn,
                      'listAttributes' : listAttr,
                      'expectedRC'     : 0
                      'expectedRC'     : 0,
                      'knownIssue'     : myKnownIssue
                    }
                  </call>
              
@@ -134,11 +145,6 @@
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
              </call> 

              <!-- #3315: dsreplication initialize-all returns before peer has
                   completed initialisation -->
              <call function="'setKnownIssue'">
                { 'issueId' : '3315' }
              </call>

              <call function="'testCase_Postamble'"/>
            </sequence>
@@ -169,6 +175,16 @@
                  <script>
                    serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
                    userDn = 'uid=iabizen-%s, ou=People, %s' % (i,synchroSuffix)
                    
                    if i == 0:
                      myKnownIssue = None
                    else:
                      # if we fail to modify the entry in the 'consumer' servers
                      # => it may mean that the initialize-all is not completely
                      # done yet, and so we may have come across Issue 3315
                      # (dsreplication initialize-all returns before peer 
                      # has completed initialisation)
                      myKnownIssue = '3315'                    
                  </script>
                                    
                  <!-- Modify entry on one of the servers -->
@@ -182,7 +198,8 @@
                      'DNToModify'        : userDn,
                      'attributeName'     : 'l',
                      'newAttributeValue' : 'GEC',
                      'changetype'        : 'replace'
                      'changetype'        : 'replace',
                      'knownIssue'        : myKnownIssue
                    }
                  </call>                       
                </sequence>
@@ -194,12 +211,6 @@
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
              </call> 

              <!-- #3315: dsreplication initialize-all returns before peer has
                   completed initialisation -->
              <call function="'setKnownIssue'">
                { 'issueId' : '3315' }
              </call>

              <call function="'testCase_Postamble'"/>
            </sequence>
          </testcase>                     
@@ -229,6 +240,16 @@
                  <script>
                    serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
                    userDn = 'uid=iabizen-%s, ou=People, %s' % (i,synchroSuffix)
                    
                    if i == 0:
                      myKnownIssue = None
                    else:
                      # if we fail to delete the entry to the 'consumer' servers
                      # => it may mean that the initialize-all is not completely
                      # done yet, and so we may have come across Issue 3315
                      # (dsreplication initialize-all returns before peer 
                      # has completed initialisation)
                      myKnownIssue = '3315'                    
                  </script>
                    
                  <!-- Delete entry on one of the servers -->    
@@ -239,7 +260,8 @@
                      'dsInstancePort' : server.getPort() ,
                      'dsInstanceDn'   : server.getRootDn() ,
                      'dsInstancePswd' : server.getRootPwd() ,
                      'dsBaseDN'       : userDn
                      'dsBaseDN'       : userDn,
                      'knownIssue'     : myKnownIssue
                    }
                  </call>
                </sequence>
@@ -251,11 +273,6 @@
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
              </call>

              <!-- #3315: dsreplication initialize-all returns before peer has
                   completed initialisation -->
              <call function="'setKnownIssue'">
                { 'issueId' : '3315' }
              </call>
         
              <call function="'testCase_Postamble'"/>
            </sequence>

 opends/tests/staf-tests/functional-tests/testcases/replication/ldifimport/ldifimport.xml

@@ -225,13 +225,13 @@
                
              <!-- Verify the synchronization of the trees among the servers in
                the topology -->
              <!-- If the trees differ, it could be due to Issue 3122
                (Off-line import-export sequence produces no generationID) -->
              <call function="'verifyTrees'">
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
                [ clientHost, clientPath, master, consumerList, synchroSuffix,
                  '3122' ]
              </call> 

              <call function="'setKnownIssue'">
                { 'issueId' : '3122' }
              </call>

              <call function="'testCase_Postamble'"/>
            </sequence>

 opends/tests/staf-tests/functional-tests/testcases/replication/schema/schema.xml

@@ -689,6 +689,8 @@
                                
              <!-- Try to add entry to servers; should be rejected with error 65
                (objectclass violation) -->
              <!-- If the add doesn't return 65, it may mean we came across
                issue 2355 (Manual schema objectclass delete not replicated) -->
              <iterate var="server" in="_topologyServerList">
                <call function="'addEntry'">
                  { 'location'       : clientHost,
@@ -699,7 +701,8 @@
                    'dsInstancePswd' : server.getRootPwd(),
                    'entryToBeAdded' : '%s/replication/newtestuser-0.ldif' % \
                                       clientDataDir,
                    'expectedRC'     : 65
                    'expectedRC'     : 65,
                    'knownIssue'     : '2355'
                  }
                </call>                             
              </iterate> 
@@ -716,9 +719,6 @@
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
              </call> 

              <call function="'setKnownIssue'">
                { 'issueId' : '2355' }
              </call>

              <call function="'testCase_Postamble'"/>
            </sequence>
@@ -792,6 +792,8 @@
                                                                                                                                
              <!-- Try to add entry to servers; should be rejected with error 65
                (objectclass violation) -->
              <!-- If the add doesn't return 65, it may mean we came across
                issue 2355 (Manual schema objectclass delete not replicated) -->
              <iterate var="server" in="_topologyServerList">
                <call function="'addEntry'">
                  { 'location'       : clientHost,
@@ -802,15 +804,20 @@
                    'dsInstancePswd' : server.getRootPwd(),
                    'entryToBeAdded' : '%s/replication/newtestuser-2.ldif' % \
                                       clientDataDir,
                    'expectedRC'     : 65
                    'expectedRC'     : 65,
                    'knownIssue'     : '2355'
                  }
                </call>                             
              </iterate> 
                       
              <!-- Verify the synchronization of the schema among the servers in
                the topology -->
              <!-- Since this testcase inherits the 99-user.ldif from the one
                before, as long as 2355 is still present, the schema files will
                differ as the second server will still have newobjectclass-0 -->
              <call function="'verifySchemas'">
                [ clientHost, clientPath, master, consumerList, '99-user.ldif' ]
                [ clientHost, clientPath, master, consumerList, '99-user.ldif',
                  '2355' ]
              </call> 
                
              <!-- Verify the synchronization of the trees among the servers in
@@ -819,9 +826,6 @@
                [ clientHost, clientPath, master, consumerList, synchroSuffix ]
              </call> 

              <call function="'setKnownIssue'">
                { 'issueId' : '2355' }
              </call>

              <call function="'testCase_Postamble'"/>
            </sequence>

 opends/tests/staf-tests/functional-tests/testcases/replication/totalupdate/totalupdate.xml

@@ -345,8 +345,12 @@

              <!-- Verify the synchronization of the schema among the servers
                in the topology -->
              <!-- If the schema files differ, it could be due to Issue 2599
                (Replication adds modifiersName and modifyTimestamp to schema 
                updates) -->
              <call function="'verifySchemas'">
                [ clientHost, clientPath, master, consumerList, '99-user.ldif' ]
                [ clientHost, clientPath, master, consumerList, '99-user.ldif',
                  '2599' ]
              </call> 
                                                
              <!-- Verify the synchronization of the trees among the servers in
@@ -355,9 +359,6 @@
                [ clientHost, clientPath, master, consumerList, 'o=example' ]
              </call>                

              <call function="'setKnownIssue'">
                { 'issueId' : '2599' }
              </call>
              
              <call function="'testCase_Postamble'"/>
            </sequence>

 opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml

@@ -908,14 +908,12 @@
                 returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
@@ -934,14 +932,12 @@
                 returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, delete global search ACI'
@@ -975,17 +971,15 @@
                 returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -994,43 +988,43 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, adding authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, adding authmethod ACI'
            </message>

            <script>
                    curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"sasl DIGEST-MD5\";)"
              curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"sasl DIGEST-MD5\";)"
            </script>
                
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'add' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'add'
              }
            </call>
                
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1038,61 +1032,60 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
              { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'   : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd' : 'frogleg' ,
                'dsBaseDN'       : 'dc=example,dc=com' ,
                'dsFilter'       : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, deleting authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, deleting authmethod ACI'
            </message>

            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'delete' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                 'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                 'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                 'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                 'attributeName'          : 'aci' ,
                 'newAttributeValue'      : curr_aci ,
                  'changetype'             : 'delete'
              }
             </call>
                
             <message>
@@ -1100,11 +1093,12 @@
            </message>

            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'add' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'add'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
@@ -1147,21 +1141,20 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
@@ -1173,40 +1166,40 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, delete global search ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, delete global search ACI'
            </message>

            <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
              global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
            </script>
                
            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'remove' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'remove'
              }
            </call>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1214,24 +1207,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1240,43 +1232,43 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, adding authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, adding authmethod ACI'
            </message>

            <script>
                    curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"simple\";)"
              curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"simple\";)"
            </script>
                
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'add' }
             </call>
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'add'
              }
            </call>
                
             <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
            <message>
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal simple, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1284,24 +1276,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1310,35 +1301,35 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, deleting authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal simple, deleting authmethod ACI'
            </message>

            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'delete' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'delete'
              }
             </call>
                
             <message>
@@ -1346,11 +1337,12 @@
            </message>

            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'add' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'add'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
@@ -1393,24 +1385,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1419,40 +1410,40 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, delete global search ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, delete global search ACI'
            </message>

            <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
              global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
            </script>
                
            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'remove' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'remove'
              }
            </call>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod  not equals simple, sasl authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod  not equals simple, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1460,24 +1451,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1486,43 +1476,43 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, adding authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, adding authmethod ACI'
            </message>

            <script>
                    curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod!=\"simple\";)"
              curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod!=\"simple\";)"
            </script>
                
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'add' }
             </call>
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'add'
              }
            </call>
                
             <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod  not equals simple, sasl authentication'
            <message>
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod  not equals simple, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1530,24 +1520,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1556,47 +1545,48 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, deleting authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, deleting authmethod ACI'
            </message>

            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'delete' }
             </call>
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'delete'
              }
            </call>
                
             <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, put back global search ACI'
            <message>
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod  not equals simple, put back global search ACI'
            </message>

            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'add' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'add'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
@@ -1631,7 +1621,7 @@
            <call function="'testCase_Preamble'"/>

            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1639,24 +1629,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1665,40 +1654,40 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, delete global search ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, delete global search ACI'
            </message>

            <script>
                    global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
              global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
            </script>
                
            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'remove' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'remove'
              }
            </call>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1707,24 +1696,23 @@
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w bad',
                'expectedRC'       : 49 }
                'expectedRC'       : 49
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1734,43 +1722,43 @@
                'dsInstancePswd'   : 'bad' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*' ,
                'expectedRC'       : 49 }
                'expectedRC'       : 49
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, adding authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, adding authmethod ACI'
            </message>

            <script>
                    curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"none\";)"
              curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"none\";)"
            </script>
                
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'add' }
             </call>
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'add'
              }
            </call>
                
             <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
            <message>
              'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
            </message>

            <call function="'AnonSearchObject'">
@@ -1778,24 +1766,23 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
            </message>

            <call function="'SearchObject'">
@@ -1804,47 +1791,48 @@
                'dsInstanceDn'     : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
                'dsInstancePswd'   : 'frogleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  }
                'dsFilter'         : 'objectclass=*'
              }
            </call>

            <script> 
                 returnString = STAXResult[0][1]
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
                    { 'returnString'       : returnString ,
                      'testString'         : 'dn: uid=tmorris,ou=People' }

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
                    <tcstatus result="'fail'"/>
            </if>
            
            <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, deleting authmethod ACI'
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, deleting authmethod ACI'
            </message>

            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                    'attributeName'          : 'aci' ,
                    'newAttributeValue'      : curr_aci ,
                    'changetype'             : 'delete' }
             </call>
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'             : 'o=SASL Tests,dc=example,dc=com' ,
                'attributeName'          : 'aci' ,
                'newAttributeValue'      : curr_aci ,
                'changetype'             : 'delete'
              }
            </call>
                
             <message>
               'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, put back global search ACI'
            <message>
              'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, put back global search ACI'
            </message>

            <call function="'modifyGlobalAci'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'aciValue'               : global_aci ,
                    'opType'                 : 'add' }
              { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                'aciValue'               : global_aci ,
                'opType'                 : 'add'
              }
            </call>
            
            <call function="'testCase_Postamble'"/>
@@ -3276,15 +3264,13 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
          </sequence>
@@ -3339,15 +3325,13 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
          </sequence>
@@ -3417,17 +3401,14 @@
            <script> 
              returnString = STAXResult[0][1]
            </script> 
    
            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString ,
                'testString'   : 'dn: uid=tmorris,ou=People'

            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'dn: uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
    
            <call function="'testCase_Postamble'"/>
            
          </sequence>
@@ -3501,15 +3482,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -3587,15 +3565,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -3674,15 +3649,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -3761,15 +3733,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -3848,15 +3817,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -3934,15 +3900,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -4021,15 +3984,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -4108,19 +4068,13 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <!-- #3723: SSF bind rule: != operator not working -->
            <call function="'setKnownIssue'">
              { 'issueId' : '3723' }
            <call function="'searchString'">
              { 'returnString'   : returnString,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0,
                'knownIssue'     : '3723'
              }
            </call>

            <call function="'testCase_Postamble'"/>
@@ -4200,19 +4154,13 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>

            <!-- #3723: SSF bind rule: != operator not working -->
            <call function="'setKnownIssue'">
              { 'issueId' : '3723' }
            <call function="'searchString'">
              { 'returnString'   : returnString,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1,
                'knownIssue'     : '3723'
              }
            </call>

            <call function="'testCase_Postamble'"/>
@@ -4292,19 +4240,13 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>

            <!-- #3723: SSF bind rule: != operator not working -->
            <call function="'setKnownIssue'">
              { 'issueId' : '3723' }
            <call function="'searchString'">
              { 'returnString'   : returnString,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1,
                'knownIssue'     : '3723'
              }
            </call>

            <call function="'testCase_Postamble'"/>
@@ -4420,15 +4362,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 1
              }
            </call>
                
            <if expr="returnCode != '1'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -4504,15 +4443,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -4626,15 +4562,12 @@
              'Search result:   %s' % returnString
            </message>

            <call function="'searchStringForSubstring'">
              { 'returnString' : returnString,
                'testString'   : 'uid=tmorris,ou=People'
            <call function="'searchString'">
              { 'returnString'   : returnString ,
                'expectedString' : 'uid=tmorris,ou=People',
                'expectedRC'     : 0
              }
            </call>
                
            <if expr="returnCode != '0'">
              <tcstatus result="'fail'"/>
            </if>
            
            <call function="'testCase_Postamble'"/>
            
@@ -4671,50 +4604,54 @@
            </message>

            <call function="'modifyPwdPolicy'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'propertyName'           : 'Default Password Policy' ,
                    'attributeName'          : 'default-password-storage-scheme' ,
                    'attributeValue'         : 'Salted SHA-1' }
              { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
                'dsInstanceDn'   : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
                'propertyName'   : 'Default Password Policy' ,
                'attributeName'  : 'default-password-storage-scheme' ,
                'attributeValue' : 'Salted SHA-1'
              }
            </call>
            
            <message>
               'Security: SASL DIGEST-MD5: Postamble Step 2 - Admin Restting Password for two users'
              'Security: SASL DIGEST-MD5: Postamble Step 2 - Admin Restting Password for two users'
            </message>

            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=jsprinter, ou=People, o=SASL Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'catleg' ,
                    'changetype'             : 'replace' }
              { 'dsInstanceHost'    : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'        : 'uid=jsprinter, ou=People, o=SASL Tests, dc=example,dc=com' ,
                'attributeName'     : 'userpassword' ,
                'newAttributeValue' : 'catleg' ,
                'changetype'        : 'replace'
              }
            </call>
                
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=jwalleye, ou=People, o=SASL Realm Tests, dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'catleg' ,
                    'changetype'             : 'replace' }
              { 'dsInstanceHost'    : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
                'DNToModify'        : 'uid=jwalleye, ou=People, o=SASL Realm Tests, dc=example,dc=com' ,
                'attributeName'     : 'userpassword' ,
                'newAttributeValue' : 'catleg' ,
                'changetype'        : 'replace'
              }
            </call>
            
            <message>
               'Security: SASL DIGEST-MD5: Postamble Step 3 - Admin Deleting Realm'
              'Security: SASL DIGEST-MD5: Postamble Step 3 - Admin Deleting Realm'
            </message>

            <call function="'modifyEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified'   : '%s/security/sasl/admin_del_realm.ldif' % remote.data }
              { 'dsInstanceHost'    : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'    : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'      : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'    : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeModified' : '%s/security/sasl/admin_del_realm.ldif' % remote.data
              }
            </call>

            <message>
@@ -4728,20 +4665,22 @@
                'dsInstancePswd'   : 'catleg' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
                'extraParams'      : '-s base'
              }
            </call>

            <message>
               'Security: SASL DIGEST-MD5: Postamble Step 5 - User (dn:) Binding 2'
              'Security: SASL DIGEST-MD5: Postamble Step 5 - User (dn:) Binding 2'
            </message>

           <call function="'AnonSearchObject'">
            <call function="'AnonSearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w catleg' ,
                'expectedRC'       : 49 }
                'expectedRC'       : 49
              }
            </call>
            
            <call function="'testCase_Postamble'"/>

 opends/tests/staf-tests/shared/functions/tools.xml

@@ -535,6 +535,13 @@
        <function-arg-property name="type" value="DN"/>
      </function-arg-def>

      <function-arg-def name="knownIssue" type="optional" default="None">
        <function-arg-description>
          Known issue. Corresponds to an issue number.
        </function-arg-description>
        <function-arg-property name="type" value="string" />
      </function-arg-def>

    </function-list-args>
    <sequence>
      <script>
@@ -612,7 +619,7 @@
      <if expr="len(failedServers) > 0">
        <!-- If at least one server failed to successfully compare to the
         !   reference tree, return an error, along with the list of the 
         !   servers that failed to do so -->  
         !   servers that failed to do so --> 
        <script>
          myRC = 1
          comma = ','  
@@ -629,7 +636,8 @@
      <call function="'checktestRC'">
        { 'returncode' : myRC,
          'result'     : failingServerList,
          'expected'   : 0
          'expected'   : 0,
          'issue'      : knownIssue
        }
      </call>
      <return>[myRC, failedServers]</return>
@@ -681,6 +689,13 @@
        <function-arg-property name="type" value="filename"/>
      </function-arg-def>

      <function-arg-def name="knownIssue" type="optional" default="None">
        <function-arg-description>
          Known issue. Corresponds to an issue number.
        </function-arg-description>
        <function-arg-property name="type" value="string" />
      </function-arg-def>
      
    </function-list-args>
    <sequence>
      <script>
@@ -742,7 +757,8 @@
      <call function="'checktestRC'">
        { 'returncode' : myRC,
          'result'     : failingServerList ,
          'expected'   : 0
          'expected'   : 0,
          'issue'      : knownIssue
        }
      </call>
      <return>[myRC, failedServers]</return>

			@@ -1315,16 +1315,21 @@
			# => expect NO entry returned
			# => len(searchResult) = 0 => resultLength = 0
			myExpectedRC = 0
			# if entry not purged => we may have run into Issue 3736
			# (Dynamic purge delay change not taken into account)
			myKnownIssue = '3736'
			else:
			# purge delay not expired (default purge delay: 1 day)
			# => expect entry returned
			# => len(searchResult) > 0 => resultLength = 1
			myExpectedRC = 1
			myKnownIssue = None
			</script>
			<call function="'checktestRC'">
			{ 'returncode' : resultLength ,
			'result' : searchResult ,
			'expected' : myExpectedRC
			'expected' : myExpectedRC,
			'issue' : myKnownIssue
			}
			</call>

			@@ -1332,16 +1337,11 @@
			</paralleliterate>

			<!-- Verify the synchronization of the trees among the servers in
			the topology -->
			the topology -->
			<call function="'verifyTrees'">
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			</call>

			<!-- #3736: Dynamic purge delay change not properly taken into
			account -->
			<call function="'setKnownIssue'">
			{ 'issueId' : '3736' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>

			@@ -97,6 +97,16 @@
			<script>
			serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
			userDn = 'uid=iabizen-%s, ou=People, %s' % (i,synchroSuffix)

			if i == 0:
			myKnownIssue = None
			else:
			# if we fail to add the entry to the 'consumer' servers
			# => it may mean that the initialize-all is not completely
			# done yet, and so we may have come across Issue 3315
			# (dsreplication initialize-all returns before peer
			# has completed initialisation)
			myKnownIssue = '3315'
			</script>

			<!-- Add entry to one of the other servers -->
			@@ -121,7 +131,8 @@
			'dsInstancePswd' : server.getRootPwd(),
			'DNToAdd' : userDn,
			'listAttributes' : listAttr,
			'expectedRC' : 0
			'expectedRC' : 0,
			'knownIssue' : myKnownIssue
			}
			</call>

			@@ -134,11 +145,6 @@
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			</call>

			<!-- #3315: dsreplication initialize-all returns before peer has
			completed initialisation -->
			<call function="'setKnownIssue'">
			{ 'issueId' : '3315' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			@@ -169,6 +175,16 @@
			<script>
			serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
			userDn = 'uid=iabizen-%s, ou=People, %s' % (i,synchroSuffix)

			if i == 0:
			myKnownIssue = None
			else:
			# if we fail to modify the entry in the 'consumer' servers
			# => it may mean that the initialize-all is not completely
			# done yet, and so we may have come across Issue 3315
			# (dsreplication initialize-all returns before peer
			# has completed initialisation)
			myKnownIssue = '3315'
			</script>

			<!-- Modify entry on one of the servers -->
			@@ -182,7 +198,8 @@
			'DNToModify' : userDn,
			'attributeName' : 'l',
			'newAttributeValue' : 'GEC',
			'changetype' : 'replace'
			'changetype' : 'replace',
			'knownIssue' : myKnownIssue
			}
			</call>
			</sequence>
			@@ -194,12 +211,6 @@
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			</call>

			<!-- #3315: dsreplication initialize-all returns before peer has
			completed initialisation -->
			<call function="'setKnownIssue'">
			{ 'issueId' : '3315' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			@@ -229,6 +240,16 @@
			<script>
			serverPath = '%s/%s' % (server.getDir(), OPENDSNAME)
			userDn = 'uid=iabizen-%s, ou=People, %s' % (i,synchroSuffix)

			if i == 0:
			myKnownIssue = None
			else:
			# if we fail to delete the entry to the 'consumer' servers
			# => it may mean that the initialize-all is not completely
			# done yet, and so we may have come across Issue 3315
			# (dsreplication initialize-all returns before peer
			# has completed initialisation)
			myKnownIssue = '3315'
			</script>

			<!-- Delete entry on one of the servers -->
			@@ -239,7 +260,8 @@
			'dsInstancePort' : server.getPort() ,
			'dsInstanceDn' : server.getRootDn() ,
			'dsInstancePswd' : server.getRootPwd() ,
			'dsBaseDN' : userDn
			'dsBaseDN' : userDn,
			'knownIssue' : myKnownIssue
			}
			</call>
			</sequence>
			@@ -251,11 +273,6 @@
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			</call>

			<!-- #3315: dsreplication initialize-all returns before peer has
			completed initialisation -->
			<call function="'setKnownIssue'">
			{ 'issueId' : '3315' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>

			@@ -225,13 +225,13 @@

			<!-- Verify the synchronization of the trees among the servers in
			the topology -->
			<!-- If the trees differ, it could be due to Issue 3122
			(Off-line import-export sequence produces no generationID) -->
			<call function="'verifyTrees'">
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			[ clientHost, clientPath, master, consumerList, synchroSuffix,
			'3122' ]
			</call>

			<call function="'setKnownIssue'">
			{ 'issueId' : '3122' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>

			@@ -689,6 +689,8 @@

			<!-- Try to add entry to servers; should be rejected with error 65
			(objectclass violation) -->
			<!-- If the add doesn't return 65, it may mean we came across
			issue 2355 (Manual schema objectclass delete not replicated) -->
			<iterate var="server" in="_topologyServerList">
			<call function="'addEntry'">
			{ 'location' : clientHost,
			@@ -699,7 +701,8 @@
			'dsInstancePswd' : server.getRootPwd(),
			'entryToBeAdded' : '%s/replication/newtestuser-0.ldif' % \
			clientDataDir,
			'expectedRC' : 65
			'expectedRC' : 65,
			'knownIssue' : '2355'
			}
			</call>
			</iterate>
			@@ -716,9 +719,6 @@
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			</call>

			<call function="'setKnownIssue'">
			{ 'issueId' : '2355' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			@@ -792,6 +792,8 @@

			<!-- Try to add entry to servers; should be rejected with error 65
			(objectclass violation) -->
			<!-- If the add doesn't return 65, it may mean we came across
			issue 2355 (Manual schema objectclass delete not replicated) -->
			<iterate var="server" in="_topologyServerList">
			<call function="'addEntry'">
			{ 'location' : clientHost,
			@@ -802,15 +804,20 @@
			'dsInstancePswd' : server.getRootPwd(),
			'entryToBeAdded' : '%s/replication/newtestuser-2.ldif' % \
			clientDataDir,
			'expectedRC' : 65
			'expectedRC' : 65,
			'knownIssue' : '2355'
			}
			</call>
			</iterate>

			<!-- Verify the synchronization of the schema among the servers in
			the topology -->
			<!-- Since this testcase inherits the 99-user.ldif from the one
			before, as long as 2355 is still present, the schema files will
			differ as the second server will still have newobjectclass-0 -->
			<call function="'verifySchemas'">
			[ clientHost, clientPath, master, consumerList, '99-user.ldif' ]
			[ clientHost, clientPath, master, consumerList, '99-user.ldif',
			'2355' ]
			</call>

			<!-- Verify the synchronization of the trees among the servers in
			@@ -819,9 +826,6 @@
			[ clientHost, clientPath, master, consumerList, synchroSuffix ]
			</call>

			<call function="'setKnownIssue'">
			{ 'issueId' : '2355' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>

			@@ -345,8 +345,12 @@

			<!-- Verify the synchronization of the schema among the servers
			in the topology -->
			<!-- If the schema files differ, it could be due to Issue 2599
			(Replication adds modifiersName and modifyTimestamp to schema
			updates) -->
			<call function="'verifySchemas'">
			[ clientHost, clientPath, master, consumerList, '99-user.ldif' ]
			[ clientHost, clientPath, master, consumerList, '99-user.ldif',
			'2599' ]
			</call>

			<!-- Verify the synchronization of the trees among the servers in
			@@ -355,9 +359,6 @@
			[ clientHost, clientPath, master, consumerList, 'o=example' ]
			</call>

			<call function="'setKnownIssue'">
			{ 'issueId' : '2599' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>

			@@ -535,6 +535,13 @@
			<function-arg-property name="type" value="DN"/>
			</function-arg-def>

			<function-arg-def name="knownIssue" type="optional" default="None">
			<function-arg-description>
			Known issue. Corresponds to an issue number.
			</function-arg-description>
			<function-arg-property name="type" value="string" />
			</function-arg-def>

			</function-list-args>
			<sequence>
			<script>
			@@ -612,7 +619,7 @@
			<if expr="len(failedServers) > 0">
			<!-- If at least one server failed to successfully compare to the
			! reference tree, return an error, along with the list of the
			! servers that failed to do so -->
			! servers that failed to do so -->
			<script>
			myRC = 1
			comma = ','
			@@ -629,7 +636,8 @@
			<call function="'checktestRC'">
			{ 'returncode' : myRC,
			'result' : failingServerList,
			'expected' : 0
			'expected' : 0,
			'issue' : knownIssue
			}
			</call>
			<return>[myRC, failedServers]</return>
			@@ -681,6 +689,13 @@
			<function-arg-property name="type" value="filename"/>
			</function-arg-def>

			<function-arg-def name="knownIssue" type="optional" default="None">
			<function-arg-description>
			Known issue. Corresponds to an issue number.
			</function-arg-description>
			<function-arg-property name="type" value="string" />
			</function-arg-def>

			</function-list-args>
			<sequence>
			<script>
			@@ -742,7 +757,8 @@
			<call function="'checktestRC'">
			{ 'returncode' : myRC,
			'result' : failingServerList ,
			'expected' : 0
			'expected' : 0,
			'issue' : knownIssue
			}
			</call>
			<return>[myRC, failedServers]</return>