From 2148057ee8f6571a97c6a366f290bc16396204ea Mon Sep 17 00:00:00 2001
From: el_kaboing <el_kaboing@localhost>
Date: Tue, 27 Feb 2007 17:22:00 +0000
Subject: [PATCH] Adding functional test cases for Issue 434.
---
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci6.ldif | 30
opendj-sdk/opends/tests/functional-tests/testcases/runFuncTests.xml | 4
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci.ldif | 29
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci3.ldif | 30
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_setup.xml | 104 +
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_entries1.ldif | 699 ++++++++++++
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/aci_handler.ldif | 9
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml | 110 +
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9a.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci1.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci11.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci7.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci4.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci8.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci10.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci5.ldif | 30
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml | 1425 ++++++++++++++++++++++++
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci_from_entries.ldif | 29
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif | 721 ++++++++++++
20 files changed, 3,460 insertions(+), 0 deletions(-)
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
new file mode 100644
index 0000000..4dbe844
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
@@ -0,0 +1,721 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: o=ACI Tests, dc=example,dc=com
+o: ACI Tests
+objectclass: top
+objectclass: organization
+
+dn: ou=People, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=auser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Aci User
+sn: User
+givenname: Aci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: auser
+mail: auser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: aci branch
+
+dn: ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+
+dn: uid=kvaughan, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+
+dn: uid=abergin, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+
+dn: uid=dmiller, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+
+dn: uid=gfarmer, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+
+dn: uid=kwinters, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+
+dn: uid=trigden, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+
+dn: uid=cschmith, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+
+dn: uid=jcrawler, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jsprinter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jrunner, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+
+dn: uid=rdaugherty, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+
+dn: uid=jreuter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+
+dn: uid=tmason, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+
+dn: uid=bhall, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+
+dn: ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: non-aci branch
+
+dn: ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+
+dn: uid=tmorris, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+
+dn: uid=kvaughan, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+
+dn: uid=abergin, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+
+dn: uid=dmiller, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+
+dn: uid=gfarmer, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+
+dn: uid=kwinters, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+
+dn: uid=trigden, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+
+dn: uid=cschmith, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+
+dn: uid=jcrawler, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jsprinter, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jrunner, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=tclow, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+
+dn: uid=rdaugherty, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+
+dn: uid=jreuter, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+
+dn: uid=tmason, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+
+dn: uid=bhall, ou=People, ou=non-aci branch, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/aci_handler.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/aci_handler.ldif
new file mode 100644
index 0000000..3e357d2
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/aci_handler.ldif
@@ -0,0 +1,9 @@
+dn: cn=Access Control Handler,cn=config
+changetype: modify
+replace: ds-cfg-acl-handler-class
+ds-cfg-acl-handler-class: org.opends.server.authorization.dseecompat.AciProvider
+-
+replace: ds-cfg-acl-handler-enabled
+ds-cfg-acl-handler-enabled: true
+
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci1.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci1.ldif
new file mode 100644
index 0000000..fb0a4a6
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci1.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci1"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci10.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci10.ldif
new file mode 100644
index 0000000..12efc48
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci10.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=People,ou=aci branch, o=ACI Tests, dc=example,dc=com")(target="ldap:///ou=People,ou=non-aci branch, o=ACI Tests, dc=example,dc=com")(version 3.0; acl "add_aci10"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci11.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci11.ldif
new file mode 100644
index 0000000..f781240
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci11.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targeeeet="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci11"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci3.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci3.ldif
new file mode 100644
index 0000000..bbaac93
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci3.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=Peo*,ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci3"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci4.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci4.ldif
new file mode 100644
index 0000000..eacf1d0
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci4.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=*eople,ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci4"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci5.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci5.ldif
new file mode 100644
index 0000000..1fbe80d
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci5.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=P*le,ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci5"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci6.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci6.ldif
new file mode 100644
index 0000000..22b8b8d
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci6.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=Pe*l*,ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci6"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci7.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci7.ldif
new file mode 100644
index 0000000..c4a437d
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci7.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=People,ou=aci branch, o=ACI Tests, dc=exam*,dc=com")(targetattr="*")(version 3.0; acl "add_aci7"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci8.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci8.ldif
new file mode 100644
index 0000000..443462d
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci8.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///self")(targetattr="*")(version 3.0; acl "add_aci8"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9.ldif
new file mode 100644
index 0000000..0935f38
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci9"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9a.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9a.ldif
new file mode 100644
index 0000000..6fb90ac
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_aci9a.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=People,ou=aci branch,o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_aci9a"; allow (read) userdn="ldap:///all";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_entries1.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_entries1.ldif
new file mode 100644
index 0000000..bbba503
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/add_entries1.ldif
@@ -0,0 +1,699 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: o=More Branches,o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organization
+o: More Branches
+
+dn: ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: new aci branch
+aci: (target="ldap:///ou=new aci branch, o=More Branches, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_entries1"; allow (read) userdn="ldap:///all";)
+
+dn: ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+
+dn: uid=tmorris, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+
+dn: uid=kvaughan, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+
+dn: uid=abergin, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+
+dn: uid=dmiller, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+
+dn: uid=gfarmer, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+
+dn: uid=kwinters, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+
+dn: uid=trigden, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+
+dn: uid=cschmith, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+
+dn: uid=jwallace, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+
+dn: uid=jcrawler, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jsprinter, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jrunner, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=tclow, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+
+dn: uid=rdaugherty, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+
+dn: uid=jreuter, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+
+dn: uid=tmason, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+
+dn: uid=bhall, ou=People, ou=new aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+
+dn: ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: new non-aci branch
+
+dn: ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+
+dn: uid=tmorris, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+
+dn: uid=kvaughan, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+
+dn: uid=abergin, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+
+dn: uid=dmiller, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+
+dn: uid=gfarmer, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+
+dn: uid=kwinters, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+
+dn: uid=trigden, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+
+dn: uid=cschmith, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+
+dn: uid=jwallace, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+
+dn: uid=jcrawler, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jsprinter, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=jrunner, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+
+dn: uid=tclow, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+
+dn: uid=rdaugherty, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+
+dn: uid=jreuter, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+
+dn: uid=tmason, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+
+dn: uid=bhall, ou=People, ou=new non-aci branch, o=More Branches,o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci.ldif
new file mode 100644
index 0000000..227b1ea
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci_from_entries.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci_from_entries.ldif
new file mode 100644
index 0000000..43a1654
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_target/del_aci_from_entries.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying * information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=new aci branch,o=More Branches, o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml
new file mode 100755
index 0000000..504a284
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying * information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2006-2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="main_aci"/>
+
+ <function name="main_aci">
+
+ <sequence>
+
+ <call function="'testSuite_Preamble'"/>
+
+ <parallel>
+
+ <block name="'Block DS Process Active'">
+
+ <!--- Start DS -->
+ <sequence>
+ <message>
+ 'Start DS to run on port %s' % (DIRECTORY_INSTANCE_PORT)
+ </message>
+
+ <!--- Start DS -->
+ <call function="'startDS'">
+ { 'dsbinpath' : '%s' % (OPENDS_BINPATH) }
+ </call>
+
+ <call function="'checkRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ </sequence>
+
+ <!--- End Block DS Process Active -->
+ </block>
+
+ <block name="'Block Clients'">
+
+ <sequence>
+
+ <!--- Check that DS started -->
+ <call function="'isAlive'">
+ { 'noOfLoops' : 5 ,
+ 'noOfMilliSeconds' : 2000 }
+ </call>
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci_setup.xml' % (TESTS_DIR)"/>
+ <call function="'aci_setup'" />
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci_target.xml' % (TESTS_DIR)"/>
+ <call function="'aci_target'" />
+
+ <!--- Stop DS -->
+ <sequence>
+ <message>
+ 'Stop DS running on port %s' % (DIRECTORY_INSTANCE_PORT)
+ </message>
+
+ <call function="'stopDS'">
+ { 'dsInstancePort' : '%s' % (DIRECTORY_INSTANCE_PORT) }
+ </call>
+
+ <call function="'checkRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+ </sequence>
+
+ </sequence>
+
+ <!--- End Block Clients -->
+ </block>
+
+ </parallel>
+
+ <call function="'testSuite_Postamble'"/>
+
+ </sequence>
+
+ </function>
+
+</stax>
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_setup.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_setup.xml
new file mode 100755
index 0000000..d953933
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_setup.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying * information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="aci_setup"/>
+
+ <function name="aci_setup">
+ <!---
+ Place group-specific test information here.
+ #@TestGroupName ACI
+ #@TestGroupPurpose To test the ACI functionality.
+
+ Place suite-specific test information here.
+ #@TestSuiteName ACI Setup Tests
+ #@TestSuitePurpose Configure OpenDS to test ACI functionality.
+ #@TestSuiteGroup ACI Setup Tests
+ #@TestScript aci_setup.xml
+ -->
+ <sequence>
+
+ <!--- Test Case : Add Entries for ACI Tests -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Setup Tests
+ #@TestName ACI Startup Test
+ #@TestIssue none
+ #@TestPurpose Add entries that are needed for the ACI tests.
+ #@TestPreamble none
+ #@TestStep Add entries with ldapmodify.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0 for all operations
+ -->
+ <testcase name="'ACI: ACI Setup: Add Initial Entries'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: ACI Setup: Adding Initial Entries'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/aci/aci_startup.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: ACI Setup: Enabling ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/aci_handler.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ </sequence>
+
+ </function>
+
+</stax>
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml
new file mode 100755
index 0000000..85aa653
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml
@@ -0,0 +1,1425 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying * information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="aci_target"/>
+
+ <function name="aci_target">
+ <!---
+ Place suite-specific test information here.
+ #@TestSuiteName ACI Target Tests
+ #@TestSuitePurpose Test the basic ACI Target Support. (targetattr="*" and allow(read))
+ #@TestSuiteGroup Basic ACI Target Tests
+ #@TestScript aci_target.xml
+ -->
+ <sequence>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Preamble
+ #@TestIssue 434
+ #@TestPurpose Test default aci settings
+ #@TestPreamble none
+ #@TestStep Client searches entry with a branch dn.
+ #@TestStep Client searches entry with another branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and no entries are returned
+ for all operations.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Preamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Preamble - existing branch, user searching entry that will be targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Preamble - existing branch, user searching entry that will be non-targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target equals dn
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Client searches entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Target Equals DN'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN, preamble adding aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target equals dn - new branch
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn - new branch
+ #@TestPreamble Admin adds entries under two branches, one with an aci with the target equal to the dn of one branch.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Client searches entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble Admin removes branches.
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+
+ <testcase name="'ACI: Target: Target Equals DN - new branch'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN - new branch, preamble adding entries'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/aci/aci_target/add_entries1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN - new branch, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=new aci branch,o=More Branches,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=new aci branch,o=More Branches,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN - new branch, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=new non-aci branch,o=More Branches,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=new non-aci branch,o=More Branches,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN - new branch, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci_from_entries.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN - new branch, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=new aci branch,o=More Branches,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=new aci branch,o=More Branches,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN - new branch, postamble admin deleting new entries'
+ </message>
+
+ <call function="'DeleteEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'o=More Branches,o=ACI Tests,dc=example,dc=com' ,
+ 'extraParams' : '-x'}
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target equals dn with trailing wildcard
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn with a trailing wildcard
+ #@TestPreamble Admin adds an aci with the target equal to the dn with a trailing wildcard.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Client searches entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Target Equals DN With Trailing Wildcard'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN with trailing wildcard, preamble adding aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci3.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with trailing wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with trailing wildcard, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with trailing wildcard, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with trailing wildcard, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target equals dn with leading wildcard
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn with leading wildcard
+ #@TestPreamble Admin adds an aci with the target equal to the dn with a leading wildcard.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Client searches entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Target Equals DN With Leading Wildcard'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN with leading wildcard, preamble adding aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci4.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with leading wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with leading wildcard, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with leading wildcard, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with leading wildcard, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target equals dn with internal wildcard
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn with an internal wildcard
+ #@TestPreamble Admin adds an aci with the target equal to the dn with an internal wildcard.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Client searches entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Target Equals DN With Internal Wildcard'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN with internal wildcard, preamble adding aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci5.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with internal wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with internal wildcard, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with internal wildcard, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with internal wildcard, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target equals dn with multiple wildcards
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn with multiple wildcards
+ #@TestPreamble Admin adds an aci with the target equal to the dn with multiple wildcards.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Client searches entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Target Equals DN With Multiple Wildcards'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN with multiple wildcards, preamble adding aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci6.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with multiple wildcards, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with multiple wildcards, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with multiple wildcards, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN with multiple wildcards, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target contains keyword self
+ #@TestIssue 434
+ #@TestPurpose Test if target can contain the keyword self
+ #@TestPreamble none
+ #@TestStep Admin adds an aci that contains the keyword
+ self to an existing entry
+ #@TestStep Admin checks if aci was added.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50,
+ and the aci has not been added.
+ -->
+ <!-- cross reference to syntax.ksh Test Case 1 -->
+ <testcase name="'ACI: Target: Target Equals DN With Keyword self'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN With Keyword self - add aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci8.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN With Keyword self - check aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'attributes' : 'aci' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'aci:' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target set to a dn above the entry
+ #@TestIssue 434
+ #@TestPurpose Test if the target can contain a DN above the
+ level of the entry
+ #@TestPreamble none
+ #@TestStep Client adds an aci to its entry
+ that has a DN above the entry's level.
+ #@TestStep Admin checks if aci was added.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50,
+ and the aci has not been added.
+ -->
+ <!-- cross reference to syntax.ksh Test Case 2 -->
+ <testcase name="'ACI: Target: Target Equals DN Above Entry'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN Above Entry - add aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci9.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN Above Entry - check aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'attributes' : 'aci' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'aci:' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target set to a dn below the entry
+ #@TestIssue 434
+ #@TestPurpose Test if the target can contain a DN above the
+ level of the entry
+ #@TestPreamble none
+ #@TestStep Client adds an aci to its entry
+ that has a DN below the entry's level.
+ #@TestStep Admin checks if aci was added.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <!-- cross reference to syntax.ksh Test Case 2 -->
+ <testcase name="'ACI: Target: Target Equals DN Below Entry'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Target Equals DN Below Entry - add aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci9a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN Below Entry, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN Below Entry, user searching non-targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN Below Entry, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target Equals DN Below Entry, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Multiple targets
+ #@TestIssue 434
+ #@TestPurpose Test if an aci is allowed to contain multiple targets
+ #@TestPreamble none
+ #@TestStep Admin adds an aci to an existing entry
+ that has multiple targets
+ #@TestStep Admin checks if aci was added.
+ #@TestStep Client searches entry with the targeted dn.
+ #@TestStep Client searches entry with a non-targeted dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50,
+ and the aci has not been added.
+ -->
+ <!-- cross reference to syntax.ksh Test Case 3 -->
+ <testcase name="'ACI: Target: Multiple Targets'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Multiple Targets - add aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci10.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Multiple Targets - check aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'attributes' : 'aci' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'aci:' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Target with mispelled keyword target
+ #@TestIssue 434
+ #@TestPurpose Test if an aci is allowed that contains the keyword target misspelled
+ #@TestPreamble none
+ #@TestStep Admin adds an aci to an existing entry
+ that has the keyword target misspelled
+ #@TestStep Admin checks if aci was added.
+ #@TestStep Client searches entry with the targeted dn.
+ #@TestStep Client searches entry with a non-targeted dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50,
+ and the aci has not been added.
+ -->
+ <!-- cross reference to syntax.ksh Test Case 13 -->
+ <testcase name="'ACI: Target: Keyword Target Misspelled'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Keyword Target Misspelled - add aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_target/add_aci11.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Keyword Target Misspelled - check aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'attributes' : 'aci' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'aci:' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Postamble
+ #@TestIssue 434
+ #@TestPurpose Test default aci settings
+ #@TestPreamble none
+ #@TestStep Client searches entry with a branch dn.
+ #@TestStep Client searches entry with another branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and no entries are returned
+ for all operations.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Target: Postamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Target: Postamble - existing branch, user searching entry that was targeted in past tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Postamble - existing branch, user searching entry that was non-targeted in past tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ </sequence>
+
+ </function>
+
+</stax>
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/runFuncTests.xml b/opendj-sdk/opends/tests/functional-tests/testcases/runFuncTests.xml
index 822401e..00e467c 100755
--- a/opendj-sdk/opends/tests/functional-tests/testcases/runFuncTests.xml
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/runFuncTests.xml
@@ -107,6 +107,10 @@
<call function="'main_security'" />
<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci.xml' % (TESTS_DIR)" />
+ <call function="'main_aci'" />
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
file="'%s/testcases/backends/backends.xml' % (TESTS_DIR)" />
<call function="'main_backends'" />
--
Gitblit v1.10.0