From 1e225d682b079810de74ad4e9b3e9483da7c629c Mon Sep 17 00:00:00 2001
From: Gary Williams <gary.williams@forgerock.com>
Date: Mon, 19 Sep 2011 16:24:22 +0000
Subject: [PATCH] Add testcases for PTA unmapped policy and simple-bind-dn
---
opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml | 69 ++++
opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml | 2
opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml | 549 +++++++++++++++++++++++++++++++++++++--
opendj-sdk/opends/tests/staf-tests/functional-tests/shared/data/pta/AD10.ldif | 206 ++++++++++++++
4 files changed, 796 insertions(+), 30 deletions(-)
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/shared/data/pta/AD10.ldif b/opendj-sdk/opends/tests/staf-tests/functional-tests/shared/data/pta/AD10.ldif
new file mode 100644
index 0000000..546744f
--- /dev/null
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/shared/data/pta/AD10.ldif
@@ -0,0 +1,206 @@
+#!/usr/bin/python
+
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/CDDLv1_0.txt
+# or http://forgerock.org/license/CDDLv1.0.html.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2011 ForgeRock AS.
+#
+#
+# "dc=AD, dc=com" sample LDIF file
+#
+# Notes:
+# 12 total entries.
+# 1 (objectclass=domain) entry (dc=AD,dc=com).
+# 1 (objectclass=organizationalunit) entries.
+# 10 (objectclass=person) entries (all under ou=people,dc=AD,dc=com).
+#
+
+dn: dc=AD,dc=com
+objectclass: top
+objectclass: domain
+dc: AD
+
+dn: ou=People, dc=AD,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, dc=AD,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+
+dn: uid=tmorris, ou=People, dc=AD,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+
+dn: uid=kvaughan, ou=People, dc=AD,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+
+dn: uid=abergin, ou=People, dc=AD,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+
+dn: uid=dmiller, ou=People, dc=AD,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+
+dn: uid=gfarmer, ou=People, dc=AD,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+
+dn: uid=kwinters, ou=People, dc=AD,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+
+dn: uid=trigden, ou=People, dc=AD,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+
+dn: uid=cschmith, ou=People, dc=AD,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+
+dn: uid=jwallace, ou=People, dc=AD,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
index da80cd1..6275ad6 100755
--- a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
@@ -78,8 +78,10 @@
<!-- List of Test Cases -->
<script>
testsList=[]
+ testsList.append('basic_pta_001')
testsList.append('basic_pta_002')
testsList.append('basic_pta_003')
+ testsList.append('basic_pta_004')
</script>
<!-- Execute the Tests -->
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
index bd02849..5a84146 100755
--- a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
@@ -32,35 +32,26 @@
<!--- Test Cases : Basic : PTA -->
<!--- Test Case information
- #@TestMarker Basic: PTA unmapped
- #@TestName Basic: PTA unmapped
+ #@TestMarker Basic: PTA anon unmapped
+ #@TestName Basic: PTA anon unmapped
#@TestID basic_pta_001
#@TestPurpose Verify user with a LDAP PTA unmapped policy can authenticated to remote server
- #@TestPreamble
- #@TestSteps Configure LDAP PTA Policy
- #@TestPostamble
- #@TestResult Test is successful if the result code is 0
- -->
-
- <!--- Test Case information
- #@TestMarker Basic: PTA mapped-bind
- #@TestName Basic: PTA mapped-bind
- #@TestID basic_pta_002
- #@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
- #@TestPreamble Setup PTS
- #@TestStep Configure LDAP PTA Policy for mapped-bind
+ #@TestPreamble Setup PTA
+ #@TestStep Enable AD backend on local server
+ #@TestStep Configure LDAP PTA Policy as unmapped
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
#@TestStep Search users entry as Directory Manager for operational attributes
#@TestStep Search users entry as self
#@TestStep Modify the users entry
- #@TestStep Delete ds-pwp-password-policy-dn from users entry
+ #@TestStep ds-pwp-password-policy-dn from users entry
#@TestStep Remove LDAP PTA Authentication Policy
+ #@TestStep Disable AD backend on local server
#@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
- <function name="basic_pta_002" scope="local">
- <testcase name="getTestCaseName('PTA mapped-bind')">
+ <function name="basic_pta_001" scope="local">
+ <testcase name="getTestCaseName('PTA anon unmapped')">
<sequence>
<try>
<sequence>
@@ -70,17 +61,40 @@
</message>
<call function="'testStep'">
- { 'stepMessage' : 'On primary server configure LDAP PTA.' }
+ { 'stepMessage' : 'Enable AD backend on local server.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--backend-name "AD"')
+ options.append('--set enabled:true')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'set-backend-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' }
</call>
<script>
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
- options.append('--set mapped-attribute:seealso')
- options.append('--set mapping-policy:mapped-bind')
+ options.append('--set mapping-policy:unmapped')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
- options.append('--policy-name "LDAP PTA"')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
@@ -103,7 +117,255 @@
<script>
options=[]
- options.append('--policy-name "LDAP PTA"')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
+ </call>
+
+ <script>
+ remotePTAuserName='uid=jwallace, ou=People, dc=AD,dc=com'
+ remotePTAuserPSWD='linear'
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'add'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'dsAttributes' : '+'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as self.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD ,
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Modify the users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('description: i am now a remote LDAP PTA user')
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD,
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'replace'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'delete'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Disable AD backend on local server.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--backend-name "AD"')
+ options.append('--set enabled:false')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'set-backend-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <call function="'testCase_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Basic: PTA anon mapped-bind
+ #@TestName Basic: PTA anon mapped-bind
+ #@TestID basic_pta_002
+ #@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
+ #@TestPreamble Setup PTA
+ #@TestStep Configure LDAP PTA Policy for mapped-bind
+ #@TestStep Read back the "authentication policy" object
+ #@TestStep Add ds-pwp-password-policy-dn to users entry
+ #@TestStep Search users entry as Directory Manager for operational attributes
+ #@TestStep Search users entry as self
+ #@TestStep Modify the users entry
+ #@TestStep Delete ds-pwp-password-policy-dn from users entry
+ #@TestStep Remove LDAP PTA Authentication Policy
+ #@TestPostamble Cleanup PTA
+ #@TestResult Test is successful if the result code is 0
+ -->
+ <function name="basic_pta_002" scope="local">
+ <testcase name="getTestCaseName('PTA anon mapped-bind')">
+ <sequence>
+ <try>
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'onfigure LDAP PTA Policy for mapped-bind.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
+ options.append('--set mapped-attribute:seealso')
+ options.append('--set mapping-policy:mapped-bind')
+ options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
+ options.append('--type ldap-pass-through')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'create-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Read back the "authentication policy" object.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
@@ -234,7 +496,7 @@
<script>
options=[]
- options.append('--policy-name "LDAP PTA"')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
@@ -267,11 +529,11 @@
</function>
<!--- Test Case information
- #@TestMarker Basic: PTA mapped-search
- #@TestName Basic: PTA mapped-search
+ #@TestMarker Basic: PTA anon mapped-search
+ #@TestName Basic: PTA anon mapped-search
#@TestID basic_pta_003
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
- #@TestPreamble Setup PTS
+ #@TestPreamble Setup PTA
#@TestStep Configure LDAP PTA Policy for mapped-search
#@TestStep Read back the "authentication policy" object
#@TestStep Add ds-pwp-password-policy-dn to users entry
@@ -284,7 +546,7 @@
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_003" scope="local">
- <testcase name="getTestCaseName('PTA mapped-search')">
+ <testcase name="getTestCaseName('PTA anon mapped-search')">
<sequence>
<try>
<sequence>
@@ -294,7 +556,7 @@
</message>
<call function="'testStep'">
- { 'stepMessage' : 'On primary server configure LDAP PTA.' }
+ { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' }
</call>
<script>
@@ -305,7 +567,234 @@
options.append('--set mapping-policy:mapped-search')
options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
options.append('--type ldap-pass-through')
- options.append('--policy-name "LDAP PTA"')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'create-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Read back the "authentication policy" object.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
+ </call>
+
+ <script>
+ remotePTAuserName='uid=jvedder, ou=People, o=example'
+ remotePTAuserPSWD='befitting'
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'add'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'dsAttributes' : '+'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as self.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD ,
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Modify the users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('description: i am now a remote LDAP PTA user')
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD,
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'replace'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'delete'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <call function="'testCase_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Basic: PTA anon mapped-search
+ #@TestName Basic: PTA anon mapped-search
+ #@TestID basic_pta_003
+ #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
+ #@TestPreamble Setup PTA
+ #@TestStep Configure LDAP PTA Policy using mapped-search-bind credentials
+ #@TestStep Read back the "authentication policy" object
+ #@TestStep Add ds-pwp-password-policy-dn to users entry
+ #@TestStep Search users entry as Directory Manager for operational attributes
+ #@TestStep Search users entry as self
+ #@TestStep Modify the users entry
+ #@TestStep ds-pwp-password-policy-dn from users entry
+ #@TestStep Remove LDAP PTA Authentication Policy
+ #@TestPostamble Cleanup PTA
+ #@TestResult Test is successful if the result code is 0
+ -->
+ <function name="basic_pta_004" scope="local">
+ <testcase name="getTestCaseName('PTA simple mapped-search-bind')">
+ <sequence>
+ <try>
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
+ options.append('--set mapped-attribute:cn')
+ options.append('--set mapped-search-base-dn:dc=AD,dc=com')
+ options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
+ options.append('--set mapped-search-bind-password:secret12')
+ options.append('--set mapping-policy:mapped-search')
+ options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
+ options.append('--type ldap-pass-through')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
index 5d5c4be..a256348 100644
--- a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
@@ -126,6 +126,75 @@
'rejectFile' : serverRejectFile
}
</call>
+
+ <script>
+ options=[]
+ options.append('--backend-name "AD"')
+ options.append('--set base-dn:"dc=AD,dc=com"')
+ options.append('--set enabled:true')
+ options.append('--set writability-mode:enabled')
+ options.append('--type local-db')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'create-backend',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <script>
+ dataFile = 'AD10.ldif'
+ serverDataFile = '%s/pta/%s' \
+ % (local_ldap_server.getDataDir(), dataFile)
+ serverSkipFile = '%s/pta/skippedAD10.ldif' \
+ % local_ldap_server.getTmpDir()
+ serverRejectFile = '%s/pta/rejectsAD10.ldif' \
+ % local_ldap_server.getTmpDir()
+ </script>
+
+ <call function="'ImportLdifWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'backEnd' : 'AD',
+ 'ldifFile' : serverDataFile,
+ 'skipFile' : serverSkipFile ,
+ 'rejectFile' : serverRejectFile
+ }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--backend-name "AD"')
+ options.append('--set enabled:false')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'set-backend-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
</sequence>
<else>
<sequence>
--
Gitblit v1.10.0