From 8a46b10042c84061dc5f65862faa60136a82e049 Mon Sep 17 00:00:00 2001
From: Gary Williams <gary.williams@forgerock.com>
Date: Mon, 19 Sep 2011 14:20:40 +0000
Subject: [PATCH] Add basic mapped-bind PTA functional test
---
opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif | 22 +-
opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml | 8 +
opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml | 3
opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml | 316 ++++++++++++++++++++++++++++++++++++++++++++++++----
4 files changed, 310 insertions(+), 39 deletions(-)
diff --git a/opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif b/opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif
index 5bb421f..def170d 100644
--- a/opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif
+++ b/opends/tests/staf-tests/functional-tests/shared/data/pta/Example.ldif
@@ -422,7 +422,7 @@
telephonenumber: +1 408 555 2567
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 2359
-userpassword: walnut
+seealso: uid=jmcFarla, ou=People, dc=AD, dc=com
dn: uid=llabonte, ou=People, o=example
cn: Lee Labonte
@@ -476,7 +476,7 @@
telephonenumber: +1 408 555 4491
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 2758
-userpassword: truths
+seealso: uid=bhal2, ou=People, dc=AD, dc=com
dn: uid=alutz, ou=People, o=example
cn: Alexander Lutz
@@ -548,7 +548,7 @@
telephonenumber: +1 408 555 9804
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4304
-userpassword: hillock
+seealso: uid=hmiller, ou=People, dc=AD, dc=com
dn: uid=jcampai2, ou=People, o=example
cn: Jeffrey Campaigne
@@ -638,7 +638,7 @@
telephonenumber: +1 408 555 2582
facsimiletelephonenumber: +1 408 555 3372
roomnumber: 4023
-userpassword: placeable
+seealso: uid=gtriplet, ou=People, dc=AD, dc=com
dn: uid=jfalena, ou=People, o=example
cn: John Falena
@@ -710,7 +710,7 @@
telephonenumber: +1 408 555 5099
facsimiletelephonenumber: +1 408 555 8473
roomnumber: 1271
-userpassword: epiphyseal
+seealso: uid=prigden, ou=People, dc=AD, dc=com
dn: uid=bwalker, ou=People, o=example
cn: Brad Walker
@@ -907,7 +907,7 @@
telephonenumber: +1 408 555 5526
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 0617
-userpassword: diachronic
+seealso: uid=brentz, ou=People, dc=AD, dc=com
dn: uid=dsmith, ou=People, o=example
cn: Daniel Smith
@@ -979,7 +979,7 @@
telephonenumber: +1 408 555 1926
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 2721
-userpassword: guildhall
+seealso: uid=jmcFarla, ou=People, dc=AD, dc=com
dn: uid=lcampbel, ou=People, o=example
cn: Laurel Campbell
@@ -2003,7 +2003,7 @@
telephonenumber: +1 408 555 3358
facsimiletelephonenumber: +1 408 555 9332
roomnumber: 4912
-userpassword: bassinet
+seealso: uid=wlutz, ou=People, dc=AD,dc=com
dn: uid=jlutz, ou=People, o=example
cn: Janet Lutz
@@ -2128,7 +2128,7 @@
telephonenumber: +1 408 555 8541
facsimiletelephonenumber: +1 408 555 4774
roomnumber: 0034
-userpassword: brainwash
+seealso: uid=jbourke, ou=People, dc=AD, dc=com
dn: uid=dlanoway, ou=People, o=example
cn: Dan Lanoway
@@ -2629,7 +2629,7 @@
telephonenumber: +1 408 555 9045
facsimiletelephonenumber: +1 408 555 1992
roomnumber: 1984
-userpassword: transpose
+seealso: uid=rjense2, ou=People, dc=AD, dc=com
dn: uid=rhunt, ou=People, o=example
cn: Richard Hunt
@@ -2767,7 +2767,7 @@
dn: cn=PTA Remote Users,ou=groups,o=example
objectclass: top
objectclass: groupOfUniqueNames
-cn: Accounting Managers
+cn: PTA Remote Users
ou: groups
uniquemember: uid=jvedder, ou=People, o=example
uniquemember: uid=tmorris, ou=People, o=example
diff --git a/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml b/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
index fbab1cf..da80cd1 100755
--- a/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE stax SYSTEM "../../../shared/stax.dtd">
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
! CDDL HEADER START
!
@@ -78,6 +78,7 @@
<!-- List of Test Cases -->
<script>
testsList=[]
+ testsList.append('basic_pta_002')
testsList.append('basic_pta_003')
</script>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
index 2e654f6..bd02849 100755
--- a/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
@@ -47,20 +47,240 @@
#@TestName Basic: PTA mapped-bind
#@TestID basic_pta_002
#@TestPurpose Verify user with a LDAP PTA mapped-bind policy can authenticated to remote server
- #@TestPreamble
- #@TestSteps Configure LDAP PTA Policy
- #@TestPostamble
+ #@TestPreamble Setup PTS
+ #@TestStep Configure LDAP PTA Policy for mapped-bind
+ #@TestStep Read back the "authentication policy" object
+ #@TestStep Add ds-pwp-password-policy-dn to users entry
+ #@TestStep Search users entry as Directory Manager for operational attributes
+ #@TestStep Search users entry as self
+ #@TestStep Modify the users entry
+ #@TestStep Delete ds-pwp-password-policy-dn from users entry
+ #@TestStep Remove LDAP PTA Authentication Policy
+ #@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
+ <function name="basic_pta_002" scope="local">
+ <testcase name="getTestCaseName('PTA mapped-bind')">
+ <sequence>
+ <try>
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'On primary server configure LDAP PTA.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
+ options.append('--set mapped-attribute:seealso')
+ options.append('--set mapping-policy:mapped-bind')
+ options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondaryPort))
+ options.append('--type ldap-pass-through')
+ options.append('--policy-name "LDAP PTA"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'create-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Read back the "authentication policy" object.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "LDAP PTA"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
+ </call>
+
+ <script>
+ remotePTAuserName='uid=jmcFarla, ou=People, o=example'
+ remotePTAuserPSWD='walnut'
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'add'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'dsAttributes' : '+'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as self.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD ,
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Modify the users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('description: i am now a remote LDAP PTA user')
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD,
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'replace'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'delete'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "LDAP PTA"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <call function="'testCase_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
<!--- Test Case information
#@TestMarker Basic: PTA mapped-search
#@TestName Basic: PTA mapped-search
#@TestID basic_pta_003
#@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
- #@TestPreamble
- #@TestSteps Configure LDAP PTA Policy
- #@TestPostamble
+ #@TestPreamble Setup PTS
+ #@TestStep Configure LDAP PTA Policy for mapped-search
+ #@TestStep Read back the "authentication policy" object
+ #@TestStep Add ds-pwp-password-policy-dn to users entry
+ #@TestStep Search users entry as Directory Manager for operational attributes
+ #@TestStep Search users entry as self
+ #@TestStep Modify the users entry
+ #@TestStep ds-pwp-password-policy-dn from users entry
+ #@TestStep Remove LDAP PTA Authentication Policy
+ #@TestPostamble Cleanup PTA
#@TestResult Test is successful if the result code is 0
-->
<function name="basic_pta_003" scope="local">
@@ -73,13 +293,11 @@
'Test Name = %s' % STAXCurrentTestcase
</message>
- <!-- On primary server configure LDAP PTA -->
- <script>
- primaryHost = primary_remote_ldap_server.getHostname()
- primaryPort = primary_remote_ldap_server.getPort()
- secondaryHost = secondary_remote_ldap_server.getHostname()
- secondaryPort = secondary_remote_ldap_server.getPort()
+ <call function="'testStep'">
+ { 'stepMessage' : 'On primary server configure LDAP PTA.' }
+ </call>
+ <script>
options=[]
options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primaryPort))
options.append('--set mapped-attribute:cn')
@@ -104,10 +322,13 @@
}
</call>
- <!-- Read back the "authentication policy" object -->
+ <call function="'testStep'">
+ { 'stepMessage' : 'Read back the "authentication policy" object.' }
+ </call>
+
<script>
options=[]
- options.append('--policy-name "LDAP PTA"')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
dsconfigOptions=' '.join(options)
</script>
@@ -124,14 +345,16 @@
}
</call>
- <!-- Add ds-pwp-password-policy-dn:
- cn=LDAP PTA,cn=Password Policies,cn=config
- to users entry -->
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
+ </call>
+
<script>
remotePTAuserName='uid=jvedder, ou=People, o=example'
remotePTAuserPSWD='befitting'
ldapObject=[]
- ldapObject.append('ds-pwp-password-policy-dn: cn=LDAP PTA,cn=Password Policies,cn=config')
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
</script>
<call function="'modifyAnAttribute'">
@@ -144,10 +367,14 @@
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
- 'changetype' : 'add' }
+ 'changetype' : 'add'
+ }
</call>
- <!-- Search users entry as Directory Manager for operational attributes -->
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
+ </call>
+
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
@@ -162,7 +389,10 @@
}
</call>
- <!-- Search users entry as himself -->
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as self.' }
+ </call>
+
<call function="'ldapSearchWithScript'">
{ 'location' : local_ldap_server.getHostname(),
'dsPath' : '%s/%s' \
@@ -176,7 +406,10 @@
}
</call>
- <!-- Modify the users entry -->
+ <call function="'testStep'">
+ { 'stepMessage' : 'Modify the users entry.' }
+ </call>
+
<script>
ldapObject=[]
ldapObject.append('description: i am now a remote LDAP PTA user')
@@ -192,13 +425,18 @@
'dsInstancePswd' : remotePTAuserPSWD,
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
- 'changetype' : 'replace' }
+ 'changetype' : 'replace'
+ }
</call>
- <!-- Delete LDAP PTA (authentication) password policy attribute -->
+ <call function="'testStep'">
+ { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
+ </call>
+
<script>
ldapObject=[]
- ldapObject.append('ds-pwp-password-policy-dn: cn=LDAP PTA,cn=Password Policies,cn=config')
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
</script>
<call function="'modifyAnAttribute'">
@@ -211,9 +449,33 @@
'dsInstancePswd' : local_ldap_server.getRootPwd(),
'DNToModify' : remotePTAuserName ,
'listAttributes' : ldapObject ,
- 'changetype' : 'delete' }
+ 'changetype' : 'delete'
+ }
</call>
-
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
</sequence>
<catch exception="'STAXException'" typevar="eType" var="eInfo">
diff --git a/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml b/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
index 8b023b8..5d5c4be 100644
--- a/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
@@ -69,6 +69,9 @@
</call>
<script>
+ ldapPtaPolicyName = 'LDAP PTA'
+ ldapPtaPolicyDn = 'cn=%s,cn=Password Policies,cn=config' % ldapPtaPolicyName
+
local_ldap = 0
primary_remote_ldap = 1
secondary_remote_ldap = 2
@@ -76,6 +79,11 @@
local_ldap_server = _topologyServerList[local_ldap]
primary_remote_ldap_server = _topologyServerList[primary_remote_ldap]
secondary_remote_ldap_server = _topologyServerList[secondary_remote_ldap]
+
+ primaryHost = primary_remote_ldap_server.getHostname()
+ primaryPort = primary_remote_ldap_server.getPort()
+ secondaryHost = secondary_remote_ldap_server.getHostname()
+ secondaryPort = secondary_remote_ldap_server.getPort()
</script>
<!-- On remote servers create suffixes -->
--
Gitblit v1.10.0