From 29e991610ca8230c9f29e5c7bb3f48bbddcab4f3 Mon Sep 17 00:00:00 2001
From: Gary Williams <gary.williams@forgerock.com>
Date: Wed, 16 May 2012 19:37:29 +0000
Subject: [PATCH] Fix aci effective rights control functional test
---
opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol_tests.xml | 69 ++++++++++++++++++++++++----------
1 files changed, 49 insertions(+), 20 deletions(-)
diff --git a/opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol_tests.xml
index a45629f..8801552 100644
--- a/opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol_tests.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/aci/targetcontrol/targetcontrol_tests.xml
@@ -308,6 +308,10 @@
<message>
'Test Name = %s' % STAXCurrentTestcase
</message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add deny aci for effective rights control.' }
+ </call>
<script>
deny_aci='(targetcontrol=\"1.3.6.1.4.1.42.2.27.9.5.2\") (version 3.0; acl \"deny effective rights control\"; deny(all) userdn=\"ldap:///anyone\";)'
@@ -323,6 +327,10 @@
'newAttributeValue' : deny_aci ,
'changetype' : 'add' }
</call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add allow aci for all users to search under aci branch.' }
+ </call>
<script>
curr_aci_ldif_file = 'add_aci2.ldif'
@@ -341,9 +349,9 @@
'entryToBeModified' : '%s/aci/aci_targetcontrol/%s' % (remote.data,curr_aci_ldif_file) }
</call>
- <message>
- 'ACI: Targetcontrol: Basic - search, user searching targeted entry'
- </message>
+ <call function="'testStep'">
+ { 'stepMessage' : 'User searching under aci branch with effective rights control (non-critical).' }
+ </call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
@@ -353,8 +361,25 @@
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'uid aclRights roomnumber' ,
- 'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
- 'expectedRC' : 50 }
+ 'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:false -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'User searching targetted entry under aci branch with effective rights control (critical).' }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'uid aclRights roomnumber' ,
+ 'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:true -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
+ 'expectedRC' : 12
+ }
</call>
<script>
@@ -378,10 +403,10 @@
'testString' : 'insufficient access rights' ,
'expectedResult' : '1' }
</call>
-
- <message>
- 'ACI: Targetcontrol: Basic - search, user searching non-targeted entry'
- </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'User searching non-targeted entry under aci branch with effective rights control (critical).' }
+ </call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
@@ -391,8 +416,8 @@
'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
- 'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
- 'expectedRC' : 50 }
+ 'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:true -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
+ 'expectedRC' : 12 }
</call>
<script>
@@ -404,10 +429,10 @@
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
-
- <message>
- 'ACI: Targetcontrol: Basic - search, admin deleting aci'
- </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove aci under aci branch.' }
+ </call>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
@@ -417,9 +442,9 @@
'entryToBeModified' : '%s/aci/aci_targetcontrol/del_aci.ldif' % remote.data }
</call>
- <message>
- 'ACI: Targetcontrol: Basic - search, user searching previously targeted entry'
- </message>
+ <call function="'testStep'">
+ { 'stepMessage' : 'User searching non-targeted entry under aci branch with effective rights control (critical).' }
+ </call>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
@@ -429,8 +454,8 @@
'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'aclRights' ,
- 'extraParams' : '-T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
- 'expectedRC' : 50 }
+ 'extraParams' : '-J 1.3.6.1.4.1.42.2.27.9.5.2:true -T -g "dn: uid=auser,ou=people,o=ACI Tests,dc=example,dc=com" -e uid -e roomnumber -e aclRights' ,
+ 'expectedRC' : 12 }
</call>
<script>
@@ -448,6 +473,10 @@
'testString' : 'uid=scarter,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
'expectedResult' : '0' }
</call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove aci under suffix denying effective rights control.' }
+ </call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
--
Gitblit v1.10.0