From 48c81586995f19d134f5511c7f0de3065faca1ce Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Fri, 11 May 2007 16:11:43 +0000
Subject: [PATCH] Adding functional tests for default global ACIs (Issue 1402), ACI groupdn support (Issue 454), and ACI userattr support (Issue 455).
---
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci1.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci5.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci2.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci4.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_static_groups.ldif | 48
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci9.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci6.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci2.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci8.ldif | 30
opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry1.ldif | 29
opends/tests/functional-tests/shared/data/aci/global_acis/modrdn_entry1.ldif | 29
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/aci_startup_bindtypes.ldif | 963 ++++++++
opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml | 4191 +++++++++++++++++++++++++++++++++++++
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci5.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci8.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_syntax_aci1.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci1.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/del_aci.ldif | 29
opends/tests/functional-tests/testcases/aci/global_acis.xml | 444 ++++
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci3.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci7.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci4.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci10.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_startup.ldif | 234 ++
opends/tests/functional-tests/shared/data/aci/global_acis/del_entry1.ldif | 27
opends/tests/functional-tests/testcases/aci/aci.xml | 8
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci6.ldif | 30
opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry2.ldif | 29
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_dynamic_groups.ldif | 40
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci3.ldif | 30
opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci7.ldif | 30
31 files changed, 6,641 insertions(+), 0 deletions(-)
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/aci_startup_bindtypes.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/aci_startup_bindtypes.ldif
new file mode 100644
index 0000000..6fcc337
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/aci_startup_bindtypes.ldif
@@ -0,0 +1,963 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+o: Bind Type Tests
+objectclass: top
+objectclass: organization
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: aci branch
+
+dn: ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Ssales
+ou: People
+l: Austin
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Marketing
+ou: People
+l: Austin
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kvaughan, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Sales
+ou: People
+l: Grenoble
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=abergin, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Marketing
+ou: People
+l: Grenoble
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmiller, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+manager: uid=amanager, ou=People, o=ACI Tests, dc=example,dc=com
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmillerone, uid=dmiller, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: David Millerone
+sn: Millerone
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+manager: uid=amanager, ou=People, o=ACI Tests, dc=example,dc=com
+uid: dmillerone
+mail: dmillerone@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmillertwo, uid=dmillerone, uid=dmiller, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: David Millertwo
+sn: Millertwo
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+manager: uid=amanager, ou=People, o=ACI Tests, dc=example,dc=com
+uid: dmillertwo
+mail: dmillertwo@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=gfarmer, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+manager: uid=amanager, ou=People, o=ACI Tests, dc=example,dc=com
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kwinters, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+manager: cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=trigden, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+uid: trigden
+userpassword: sensitive
+
+dn: uid=cschmith, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+uid: cschmith
+userpassword: hypotenuse
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+uid: jwallace
+userpassword: linear
+
+dn: uid=jcrawler, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+uid: jcrawler
+userpassword: dogleg
+
+dn: uid=jsprinter, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+uid: jsprinter
+userpassword: dogleg
+
+dn: uid=jrunner, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+uid: jrunner
+userpassword: dogleg
+
+dn: uid=tclow, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+uid: tclow
+userpassword: cardreader
+
+dn: uid=rdaugherty, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jreuter, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmason, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=bhall, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cfish, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Cat Fish
+sn: Fish
+givenname: Cat
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cfish
+mail: cfish@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cbear, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Clare Bear
+sn: Bear
+givenname: Clare
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cbear
+mail: cbear@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=slion, ou=People, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Sea Lion
+sn: Lion
+givenname: Sea
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: slion
+mail: slion@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: non-aci branch
+
+dn: ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Austin
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmorris, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kvaughan, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Grenoble
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=abergin, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmiller, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=gfarmer, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+manager: uid=amanager, ou=People, o=ACI Tests, dc=example,dc=com
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kwinters, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+manager: cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=trigden, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+uid: trigden
+userpassword: sensitive
+
+dn: uid=cschmith, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+uid: cschmith
+userpassword: hypotenuse
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+uid: jwallace
+userpassword: linear
+
+dn: uid=jcrawler, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+uid: jcrawler
+userpassword: dogleg
+
+dn: uid=jsprinter, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+uid: jsprinter
+userpassword: dogleg
+
+dn: uid=jrunner, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+uid: jrunner
+userpassword: dogleg
+
+dn: uid=tclow, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+uid: tclow
+userpassword: cardreader
+
+dn: uid=rdaugherty, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jreuter, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmason, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=bhall, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=extra branch 1, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=People, ou=extra branch 1, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=aextra, ou=People, ou=extra branch 1, ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=extra branch 1, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=People, ou=extra branch 1, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=aextra, ou=People, ou=extra branch 1, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cfish, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Cat Fish
+sn: Fish
+givenname: Cat
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cfish
+mail: cfish@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cbear, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Clare Bear
+sn: Bear
+givenname: Clare
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cbear
+mail: cbear@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=slion, ou=People, ou=non-aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+cn: Sea Lion
+sn: Lion
+givenname: Sea
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: slion
+mail: slion@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_dynamic_groups.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_dynamic_groups.ldif
new file mode 100644
index 0000000..47386f3
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_dynamic_groups.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: cn=Research,ou=Groups, o=ACI Tests, dc=example,dc=com
+cn: Research
+objectclass: top
+objectclass: groupOfUrls
+memberURL: ldap:///dc=example,dc=com??sub?(uid=iuser)
+memberURL: ldap:///dc=example,dc=com??sub?(uid=juser)
+memberURL: ldap:///dc=example,dc=com??sub?(uid=kuser)
+
+dn: cn=Development,ou=Groups, o=ACI Tests, dc=example,dc=com
+cn: Development
+objectclass: top
+objectclass: groupOfUrls
+memberURL: ldap:///dc=example,dc=com??sub?(uid=luser)
+memberURL: ldap:///dc=example,dc=com??sub?(uid=muser)
+memberURL: ldap:///dc=example,dc=com??sub?(uid=nuser)
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci1.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci1.ldif
new file mode 100644
index 0000000..f636e1b
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci1.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci1"; allow (search,read) groupdn="ldap:///cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci10.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci10.ldif
new file mode 100644
index 0000000..058bb97
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci10.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci10"; allow (search,read) groupdn="ldap:///cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com || ldap:///cn=Research,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci2.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci2.ldif
new file mode 100644
index 0000000..0489168
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci2.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci2"; allow (search,read) groupdn="ldap:///cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com || ldap:///cn=Sales,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci3.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci3.ldif
new file mode 100644
index 0000000..d9b25b9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci3.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci3"; allow (search,read) groupdn!="ldap:///cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci4.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci4.ldif
new file mode 100644
index 0000000..dce5126
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci4.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci4"; allow (search,read) groupdn!="ldap:///cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com || ldap:///cn=Sales,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci5.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci5.ldif
new file mode 100644
index 0000000..4f45503
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci5.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci5"; allow (search,read) groupdn="ldap:///cn=Research,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci6.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci6.ldif
new file mode 100644
index 0000000..b295336
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci6.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci6"; allow (search,read) groupdn="ldap:///cn=Research,ou=Groups, o=ACI Tests, dc=example,dc=com || ldap:///cn=Development,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci7.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci7.ldif
new file mode 100644
index 0000000..147faec
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci7.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci7"; allow (search,read) groupdn!="ldap:///cn=Research,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci8.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci8.ldif
new file mode 100644
index 0000000..1ecaf04
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci8.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci8"; allow (search,read) groupdn!="ldap:///cn=Research,ou=Groups, o=ACI Tests, dc=example,dc=com || ldap:///cn=Development,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci9.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci9.ldif
new file mode 100644
index 0000000..4f8949a
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_groupdn_aci9.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_groupdn_aci9"; allow (search,read) groupdn="ldap:///cn=Mark*,ou=Groups, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_static_groups.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_static_groups.ldif
new file mode 100644
index 0000000..1d210bd
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_static_groups.ldif
@@ -0,0 +1,48 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=Groups, o=ACI Tests, dc=example,dc=com
+ou: Groups
+objectclass: top
+objectclass: organizationalunit
+
+dn: cn=Marketing,ou=Groups, o=ACI Tests, dc=example,dc=com
+cn: Marketing
+objectclass: top
+objectclass: groupOfNames
+member: uid=cuser, ou=People, o=ACI Tests, dc=example,dc=com
+member: uid=duser, ou=People, o=ACI Tests, dc=example,dc=com
+member: uid=euser, ou=People, o=ACI Tests, dc=example,dc=com
+owner: uid=euser, ou=People, o=ACI Tests, dc=example,dc=com
+
+dn: cn=Sales,ou=Groups, o=ACI Tests, dc=example,dc=com
+cn: Sales
+objectclass: top
+objectclass: groupOfNames
+member: uid=fuser, ou=People, o=ACI Tests, dc=example,dc=com
+member: uid=guser, ou=People, o=ACI Tests, dc=example,dc=com
+member: uid=huser, ou=People, o=ACI Tests, dc=example,dc=com
+owner: uid=huser, ou=People, o=ACI Tests, dc=example,dc=com
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_syntax_aci1.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_syntax_aci1.ldif
new file mode 100644
index 0000000..dec7072
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_syntax_aci1.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci1"; allow (search,read) userattr="l#Austin || l#Grenoble";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci1.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci1.ldif
new file mode 100644
index 0000000..e21eaa9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci1.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci1"; allow (search,read) userattr="l#Austin";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci2.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci2.ldif
new file mode 100644
index 0000000..ca4ce47
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci2.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci2"; allow (search,read) userattr!="l#Grenoble";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci3.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci3.ldif
new file mode 100644
index 0000000..f2bbdd8
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci3.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci3"; allow (search,read) userattr="manager#USERDN";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci4.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci4.ldif
new file mode 100644
index 0000000..4054efd
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci4.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci4"; allow (search,read) userattr="manager#GROUPDN";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci5.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci5.ldif
new file mode 100644
index 0000000..db5d8d0
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci5.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci5"; allow (search,read) userattr="ldap:///ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com?manager#GROUPDN";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci6.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci6.ldif
new file mode 100644
index 0000000..5b027b7
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci6.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci6"; allow (search,read) userattr="manager#USERDN";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci7.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci7.ldif
new file mode 100644
index 0000000..05ebcd3
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci7.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci7"; allow (search,read) userattr="parent[0,1].manager#USERDN";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci8.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci8.ldif
new file mode 100644
index 0000000..c215706
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/add_userattr_aci8.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_userattr_aci8"; allow (search,read) userattr="parent[0,1,2].manager#USERDN";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/del_aci.ldif b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/del_aci.ldif
new file mode 100644
index 0000000..8c9ae03
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/aci_bindtypes/del_aci.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=Bind Type Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif b/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
index 35c8614..f8c973f 100644
--- a/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
+++ b/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
@@ -69,6 +69,240 @@
roomnumber: 4612
userpassword: ACIRules
+dn: uid=cuser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Caci User
+sn: User
+givenname: Caci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Marketing
+ou: People
+l: Austin
+uid: cuser
+mail: cuser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=duser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Daci User
+sn: User
+givenname: Daci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Marketing
+ou: People
+l: Austin
+uid: duser
+mail: duser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=euser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Eaci User
+sn: User
+givenname: Eaci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Marketing
+ou: People
+l: Grenoble
+uid: euser
+mail: euser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=fuser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Faci User
+sn: User
+givenname: Faci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Sales
+ou: People
+l: Grenoble
+uid: fuser
+mail: fuser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=guser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Gaci User
+sn: User
+givenname: Gaci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Sales
+ou: People
+l: Grenoble
+uid: guser
+mail: guser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=huser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Haci User
+sn: User
+givenname: Haci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Sales
+ou: People
+l: Austin
+uid: huser
+mail: huser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=iuser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Iaci User
+sn: User
+givenname: Iaci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Research
+ou: People
+l: Austin
+uid: iuser
+mail: iuser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=juser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Jaci User
+sn: User
+givenname: Jaci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Research
+ou: People
+l: Austin
+uid: juser
+mail: juser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=kuser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Kaci User
+sn: User
+givenname: Kaci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Research
+ou: People
+l: Grenoble
+uid: kuser
+mail: kuser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=luser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Laci User
+sn: User
+givenname: Laci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Development
+ou: People
+l: Grenoble
+uid: luser
+mail: luser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=muser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Maci User
+sn: User
+givenname: Maci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Development
+ou: People
+l: Grenoble
+uid: muser
+mail: muser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=nuser, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Naci User
+sn: User
+givenname: Naci
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Development
+ou: People
+l: Austin
+uid: nuser
+mail: nuser@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
+dn: uid=amanager, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Ana Manager
+sn: manager
+givenname: Ana
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Development
+ou: People
+l: Grenoble
+uid: amanager
+mail: amanager@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ACIRules
+
dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
diff --git a/opends/tests/functional-tests/shared/data/aci/global_acis/del_entry1.ldif b/opends/tests/functional-tests/shared/data/aci/global_acis/del_entry1.ldif
new file mode 100644
index 0000000..04f88bd
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/global_acis/del_entry1.ldif
@@ -0,0 +1,27 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=bhall, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: delete
diff --git a/opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry1.ldif b/opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry1.ldif
new file mode 100644
index 0000000..2b5f48c
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry1.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=scarter, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: London
diff --git a/opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry2.ldif b/opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry2.ldif
new file mode 100644
index 0000000..4185445
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/global_acis/mod_entry2.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=auser, ou=People, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Grenoble
diff --git a/opends/tests/functional-tests/shared/data/aci/global_acis/modrdn_entry1.ldif b/opends/tests/functional-tests/shared/data/aci/global_acis/modrdn_entry1.ldif
new file mode 100644
index 0000000..be75dcb
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/global_acis/modrdn_entry1.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2006-2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modrdn
+newrdn: uid=newtmorris
+deleteoldrdn: 0
diff --git a/opends/tests/functional-tests/testcases/aci/aci.xml b/opends/tests/functional-tests/testcases/aci/aci.xml
index 0eaf422..2c812cd 100755
--- a/opends/tests/functional-tests/testcases/aci/aci.xml
+++ b/opends/tests/functional-tests/testcases/aci/aci.xml
@@ -69,6 +69,10 @@
<call function="'aci_setup'" />
<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/global_acis.xml' % (TESTS_DIR)"/>
+ <call function="'global_acis'" />
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
file="'%s/testcases/aci/aci_target.xml' % (TESTS_DIR)"/>
<call function="'aci_target'" />
@@ -117,6 +121,10 @@
<call function="'aci_rdn_wildcards'" />
<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci_bindtypes.xml' % (TESTS_DIR)"/>
+ <call function="'aci_bindtypes'" />
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
file="'%s/testcases/aci/aci_teardown.xml' % (TESTS_DIR)"/>
<call function="'aci_teardown'" />
diff --git a/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml b/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml
new file mode 100755
index 0000000..b00d60c
--- /dev/null
+++ b/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml
@@ -0,0 +1,4191 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="aci_bindtypes"/>
+
+ <function name="aci_bindtypes">
+
+ <sequence>
+
+ <block name="'aci-bindtypes'">
+
+ <sequence>
+
+ <script>
+ CurrentTestPath['suite']=STAXCurrentBlock
+ </script>
+
+ <call function="'testSuite_Preamble'"/>
+
+ <!---
+ Place suite-specific test information here.
+ #@TestSuiteName ACI Bind Type Tests
+ #@TestSuitePurpose Test the basic ACI Bind Types Support.
+ #@TestSuiteGroup Basic ACI Bind Types Tests
+ #@TestScript aci_bindtypes.xml
+ -->
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName Preamble
+ #@TestIssue 454
+ #@TestPurpose Test default aci settings
+ #@TestPreamble none
+ #@TestStep Admin removes global search ACI
+ #@TestStep Admin adds entries
+ #@TestStep User searches for an entry in targeted branch
+ #@TestStep Admin adds static group
+ #@TestStep Admin adds dynamic group
+ #@TestStep Admin searches for one of the members of the static group
+ #@TestStep Admin searches for one of the members of the dynamic group
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all operations.
+ No entry is returned in step 3.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Bind Types: Preamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Bind Types: Preamble - Removing Search Global ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_rm_global_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Preamble - Adding Entries For Bind Types Tests'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/aci/aci_bindtypes/aci_startup_bindtypes.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Preamble - user searching entry that will be targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Preamble - Adding Static Groups For Bind Type Tests'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/aci/aci_bindtypes/add_static_groups.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Preamble - Adding Dynamic Groups For Bind Type Tests'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/aci/aci_bindtypes/add_dynamic_groups.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Preamble - admin searching one entry for isMemberOf of static group'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'uid=cuser,ou=People,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'isMemberOf' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=cuser,ou=People,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'isMemberOf: cn=Marketing' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Preamble - admin searching one entry for isMemberOf of dynamic group'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'uid=luser,ou=People,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'isMemberOf' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=luser,ou=People,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'checktestString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'isMemberOf: cn=Development' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+<!-- GroupDN tests -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn equals one static group
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn equals one static group
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn equals one static group'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci1.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn equals two static groups
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn equals two static groups
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for steps 1 and 4.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn equals two static groups'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci2.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two static groups, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn not equals one static group
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn not equals one static group
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a diifferent group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for steps 1 and 3.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn not equals one static group'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci3.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, user searching targeted entry with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, user searching in non-targeted branch with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, user searching with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one static group, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn not equals two static groups
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn not equals two static groups
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 3.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn not equals two static groups'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci4.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two static groups, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn equals one dynamic group
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn equals one dynamic group
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn equals one dynamic group'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci5.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=luser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one dynamic group, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn equals two dynamic groups
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn equals two dynamic groups
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for steps 1 and 4.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn equals two dynamic groups'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci6.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=luser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals two dynamic groups, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn not equals one dynamic group
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn not equals one dynamic group
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a different group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for steps 1 and 3.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn not equals one dynamic group'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci7.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, user searching targeted entry with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=luser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, user searching in non-targeted branch with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=luser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, user searching with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals one dynamic group, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=luser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn not equals two dynamic groups
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn not equals two dynamic groups
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 3.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn not equals two dynamic groups'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci8.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=luser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn not equals two dynamic groups, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn equals one static group with wildcard
+ #@TestIssue 434
+ #@TestPurpose Test with the target set equal to a dn of a static group with a wildcard
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn equals one static group with wildcard'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci9.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+<!-- The rest of the test case should be uncommented when Issue 1582 is resolved.
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, user searching in non-targeted branch'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, user searching with different-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+-->
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static group with wildcard, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName groupdn equals one static and one dynamic group
+ #@TestIssue 454
+ #@TestPurpose Test behavior with groupdn equals one static and one dynamic group
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn as a group member.
+ #@TestStep Client searches entry in a non-targeted branch dn as a group member.
+ #@TestStep Client searches entry in the targeted branch dn as a non-group member.
+ #@TestStep Client searches entry in the targeted branch dn as a different group member.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for steps 1 and 4.
+ -->
+ <testcase name="'ACI: Bind Types: groupdn equals one static and one dynamic group'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_groupdn_aci10.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: groupdn equals one static and one dynamic group, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=iuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+<!-- userattr tests -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName userattr equals one attribute
+ #@TestIssue 455
+ #@TestPurpose Test behavior with userattr equals one attribute
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for all attributes.
+ #@TestStep Client searches entry in the targeted branch dn for selected attributes including matching attribute.
+ #@TestStep Client searches entry in the targeted branch dn for selected attributes not including matching attribute.
+ #@TestStep Client searches entry in a non-targeted branch dn for all attributes.
+ #@TestStep Client searches entry in the targeted branch dn for entry with no matching attribute.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for steps 1, 2, and 3.
+ Attribute values returned only for steps 1 and 2.
+ -->
+ <testcase name="'ACI: Bind Types: userattr equals one attr'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci1.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, user searching targeted entry with all attributes'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'l:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, user searching targeted entry with selected attributes'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid l'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'l:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, user searching targeted entry with selected attributes without matching attribute'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, user searching in non-targeted branch'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid l'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, user searching entry with non-matching attribute'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kvaughan,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid l'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kvaughan,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName userattr not equals one attribute
+ #@TestIssue 455
+ #@TestPurpose Test behavior with userattr not equals one attribute
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for all attributes.
+ #@TestStep Client searches entry in the targeted branch dn for selected attributes including matching attribute.
+ #@TestStep Client searches entry in the targeted branch dn for selected attributes not including matching attribute.
+ #@TestStep Client searches entry in a non-targeted branch dn for all attributes.
+ #@TestStep Client searches entry in the targeted branch dn for entry with no matching attribute.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for steps 1, 2, and 3.
+ Attribute values returned only for steps 1 and 2.
+ -->
+ <testcase name="'ACI: Bind Types: userattr not equals one attr'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci2.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, user searching entry with all attributes with no matching attribute value'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+<!-- The rest of the test case should be uncommented when Issue 1587 is resolved.
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'l:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, user searching entry with selected attributes with no matching attribute value'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid l'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'l:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, user searching entry with selected attributes without matching attribute with no matching attribute value'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, user searching in non-targeted branch with no matching attribute value'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid l'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, user searching entry with matching attribute'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kvaughan,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid l'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kvaughan,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+-->
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr not equals one attr, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName userattr equals one attribute with bindtype
+ #@TestIssue 455
+ #@TestPurpose Test behavior with userattr equals one attr with bindtype
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for entry with matching manager.
+ #@TestStep Client searches entry in a non-targeted branch dn for entry with matching manager.
+ #@TestStep Client searches entry in the targeted branch dn for entry with no matching manager.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: userattr equals one attr with bindtype'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci3.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with bindtype, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with bindtype, user searching targeted entry with all attributes'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=gfarmer,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=gfarmer,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with bindtype, user searching in non-targeted branch'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=gfarmer,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=gfarmer,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with bindtype, user searching entry with non-matching manager'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kvaughan,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kvaughan,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with bindtype, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with bindtype, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=gfarmer,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=gfarmer,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName userattr equals one attr with groupdn
+ #@TestIssue 455
+ #@TestPurpose Test behavior with userattr equals one attr with groupdn
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for entry with group member and matching manager.
+ #@TestStep Client searches entry in a non-targeted branch dn for entry with group member and matching manager.
+ #@TestStep Client searches entry in the targeted branch dn for entry with non-group member and no matching manager.
+ #@TestStep Client searches entry in the targeted branch dn for entry with group member and no matching manager.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: userattr equals one attr with groupdn'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci4.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, static group, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName userattr equals one attr with groupdn, url expression
+ #@TestIssue 455
+ #@TestPurpose Test behavior with userattr equals one attr with groupdn
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for entry with group member and matching manager.
+ #@TestStep Client searches entry in a non-targeted branch dn for entry with group member and matching manager.
+ #@TestStep Client searches entry in the targeted branch dn for entry with non-group member and no matching manager.
+ #@TestStep Client searches entry in the targeted branch dn for entry with group member and no matching manager.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: userattr equals one attr with groupdn, url expression'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci5.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression, user searching targeted entry with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+<!-- The rest of the test case should be uncommented when Issue 1596 is resolved.
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression, user searching in non-targeted branch with group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=non-aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression, user searching with non-group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression, user searching with different group member'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=fuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+ -->
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression,, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: userattr equals one attr with groupdn, url expression, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=cuser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=kwinters,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName inheritance with bindtype, deny children
+ #@TestIssue 455
+ #@TestPurpose Test behavior of inheritance with bindtype, deny children
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, parent.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, first child.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, second child.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for step 1.
+ -->
+ <testcase name="'ACI: Bind Types: inheritance with bindtype, deny children'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci6.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, deny children, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, deny children, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, deny children, user searching in first child level'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+<!-- The rest of the test case should be uncommented when Issue 1600 is resolved.
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, deny children, user searching in second child level'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmillertwo,uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmillertwo,uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+-->
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, deny children, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, deny children, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName inheritance with bindtype, allow one child level
+ #@TestIssue 455
+ #@TestPurpose Test behavior of inheritance with bindtype, allow one child level
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, parent.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, first child.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, second child.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for steps 1 and 2.
+ -->
+ <testcase name="'ACI: Bind Types: inheritance with bindtype, allow one child level'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci7.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow one child level, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow one child level, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow one child level, user searching in first child level'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow one child level, user searching in second child level'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmillertwo,uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmillertwo,uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow one child level, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow one child level, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName inheritance with bindtype, allow two child levels
+ #@TestIssue 455
+ #@TestPurpose Test behavior of inheritance with bindtype, allow two child levels
+ #@TestPreamble Admin adds an aci to the dn of one existing branch.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, parent.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, first child.
+ #@TestStep Client searches entry in the targeted branch dn for entry with children, second child.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entries is returned only for steps 1, 2, and 3.
+ -->
+ <testcase name="'ACI: Bind Types: inheritance with bindtype, allow two child levels'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_userattr_aci8.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_bindtypes/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow two child levels, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow two child levels, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow two child levels, user searching in first child level'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow two child levels, user searching in second child level'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmillertwo,uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmillertwo,uid=dmillerone,uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'manager:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow two child levels, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_bindtypes/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: inheritance with bindtype, allow two child levels, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=amanager,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid manager' ,
+ 'extraParams' : '-T'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName Postamble
+ #@TestIssue 454
+ #@TestPurpose Reset environment.
+ #@TestPreamble none
+ #@TestStep Admin removes entries.
+ #@TestStep Admin reset global aci search permissions.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all operations.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Bind Types Postamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Bind Types: Postamble - deleting entries'
+ </message>
+
+ <call function="'DeleteEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'o=Bind Type Tests, o=ACI Tests,dc=example,dc=com' ,
+ 'extraParams' : '-x'}
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Bind Types: Resetting Search Global ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_reset_global_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <call function="'testSuite_Postamble'"/>
+
+ </sequence>
+
+ </block>
+
+ </sequence>
+
+ </function>
+
+</stax>
diff --git a/opends/tests/functional-tests/testcases/aci/global_acis.xml b/opends/tests/functional-tests/testcases/aci/global_acis.xml
new file mode 100755
index 0000000..d5e2589
--- /dev/null
+++ b/opends/tests/functional-tests/testcases/aci/global_acis.xml
@@ -0,0 +1,444 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="global_acis"/>
+
+ <function name="global_acis">
+
+ <sequence>
+
+ <block name="'global-acis'">
+
+ <sequence>
+
+ <script>
+ CurrentTestPath['suite']=STAXCurrentBlock
+ </script>
+
+ <call function="'testSuite_Preamble'"/>
+
+ <!---
+ Place suite-specific test information here.
+ #@TestSuiteName ACI Global Tests
+ #@TestSuitePurpose Test the basic global ACI Support.
+ #@TestSuiteGroup Global ACI Tests
+ #@TestScript global_acis.xml
+ -->
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Search
+ #@TestIssue 1402
+ #@TestPurpose Search against default global acis
+ #@TestPreamble none
+ #@TestStep Client searches entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and entry for step 1.
+ The attributes, sn and dn, should be returned
+ but not userpassword.
+ -->
+ <testcase name="'ACI: Global: Search'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Search, user searching entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid userpassword' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'sn' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'userpassword' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'checktestString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Search
+ #@TestIssue 1479
+ #@TestPurpose Search operational attribute against default global acis
+ #@TestPreamble none
+ #@TestStep Client searches operational attribute of an entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and entry for step 1.
+ The attributes, creatorsname and dn, should be returned.
+ -->
+ <!-- The following will be uncommented when Issue 1479 is fixed. -->
+ <!--
+ <testcase name="'ACI: Global: Search Operational Attribute'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Search, user searching operational attribute of an entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'creatorsName'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'creatorsName' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'checktestString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+ -->
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Search
+ #@TestIssue 1479
+ #@TestPurpose Search all operational attributes against default global acis
+ #@TestPreamble none
+ #@TestStep Client searches all operational attributes of an entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and entry for step 1.
+ The attribute, dn, should be returned.
+ -->
+ <!-- The following will be uncommented when Issue 1479 is fixed. -->
+ <!--
+ <testcase name="'ACI: Global: Search All Operational Attributes'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Search, user searching all operational attributes of an entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : '+'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'creatorsName' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'checktestString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+ -->
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Compare
+ #@TestIssue 1402
+ #@TestPurpose Compare against default global acis
+ #@TestPreamble none
+ #@TestStep Client compares attribute in an entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and returns true for step 1.
+ -->
+ <testcase name="'ACI: Global: Compare'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Compare, user comparing entry'
+ </message>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'attrToBeCompared' : 'l:Santa Clara',
+ 'entryToBeCompared' : 'uid=tclow, ou=People, ou=aci branch, o=ACI Tests, dc=example,dc=com' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'true' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Modify
+ #@TestIssue 1402
+ #@TestPurpose Modify against default global acis
+ #@TestPreamble none
+ #@TestStep Client modifies attribute in an entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50.
+ -->
+ <testcase name="'ACI: Global: Modify'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Modify, user modifying entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/global_acis/mod_entry1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Delete
+ #@TestIssue 1402
+ #@TestPurpose Delete against default global acis
+ #@TestPreamble none
+ #@TestStep Client deletes an entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50.
+ -->
+ <testcase name="'ACI: Global: Delete'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Delete, user deleting entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/global_acis/del_entry1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Modify RDN
+ #@TestIssue 1402
+ #@TestPurpose Modify RDN against default global acis
+ #@TestPreamble none
+ #@TestStep Client modifies the RDN of an entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50.
+ -->
+ <testcase name="'ACI: Global: Modify RDN'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Modify RDN, user modifying rdn of an entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/global_acis/modrdn_entry1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Global Tests
+ #@TestName Global ACI Modify Self
+ #@TestIssue 1402
+ #@TestPurpose Modify self against default global acis
+ #@TestPreamble none
+ #@TestStep Client modifies attribute in the user entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <testcase name="'ACI: Global: Self Modify'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Global: Self Modify, user modifying itself'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/global_acis/mod_entry2.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <call function="'testSuite_Postamble'"/>
+
+ </sequence>
+
+ </block>
+
+ </sequence>
+
+ </function>
+
+</stax>
--
Gitblit v1.10.0