From b1ffcc8724df8e7cba9c8b661344e95ee939e7e8 Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Tue, 22 May 2007 14:15:28 +0000
Subject: [PATCH] Adding functional test cases for Issue 1489. ACI Proxy Rights Support.
---
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search_sep.ldif | 35
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci.ldif | 29
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml | 4
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci_wildcard.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_add.ldif | 30
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_proxy_auth.xml | 2657 +++++++++++++++++++++++++++++++++++++++++++++++++++++
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_auth_dm.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci2.ldif | 29
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all_wildcard.ldif | 30
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif | 18
opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all.ldif | 30
13 files changed, 2,982 insertions(+), 0 deletions(-)
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci.ldif
new file mode 100644
index 0000000..70b08f6
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_proxy_aci"; allow (proxy) userdn="ldap:///uid=aproxy, ou=People, o=ACI Tests,dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci_wildcard.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci_wildcard.ldif
new file mode 100644
index 0000000..ff5e296
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_aci_wildcard.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_proxy_aci1"; allow (proxy) userdn="ldap:///uid=a*, ou=People, o=ACI Tests,dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_auth_dm.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_auth_dm.ldif
new file mode 100644
index 0000000..f412bb8
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_proxy_auth_dm.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: cn=Directory Manager,cn=Root DNs,cn=config
+changetype: modify
+add: ds-privilege-name
+ds-privilege-name: proxied-auth
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_add.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_add.ldif
new file mode 100644
index 0000000..62760c0
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_add.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_user_aci_add"; allow (add,delete) userdn="ldap:///uid=auser, ou=People, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all.ldif
new file mode 100644
index 0000000..89e2112
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_user_aci_all"; allow (all) userdn="ldap:///uid=auser, ou=People, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all_wildcard.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all_wildcard.ldif
new file mode 100644
index 0000000..62a60dd
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_all_wildcard.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_user_aci_all_wildcard"; allow (all) userdn="ldap:///uid=*user, ou=People, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search.ldif
new file mode 100644
index 0000000..3bb3525
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_user_aci_search"; allow (search,read) userdn="ldap:///uid=auser, ou=People, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search_sep.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search_sep.ldif
new file mode 100644
index 0000000..2740678
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/add_user_aci_search_sep.ldif
@@ -0,0 +1,35 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_user_aci_search_sep"; allow (search) userdn="ldap:///uid=auser, ou=People, o=ACI Tests, dc=example,dc=com";)
+
+dn: o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (target="ldap:///ou=aci branch, o=ACI Tests, dc=example,dc=com")(targetattr="*")(version 3.0; acl "add_user_aci_search_sep"; allow (read) userdn="ldap:///uid=auser, ou=People, o=ACI Tests, dc=example,dc=com";)
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci.ldif
new file mode 100644
index 0000000..300e18c
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci2.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci2.ldif
new file mode 100644
index 0000000..cd87dfb
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_proxy_auth/del_aci2.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
index 7446c6b..3224236 100644
--- a/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
+++ b/opendj-sdk/opends/tests/functional-tests/shared/data/aci/aci_startup.ldif
@@ -358,6 +358,24 @@
userpassword: ProxyRules
ds-privilege-name: proxied-auth
+dn: uid=bproxy, ou=People, o=ACI Tests, dc=example,dc=com
+cn: Bana Proxy
+sn: proxy
+givenname: Bana
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Development
+ou: People
+l: Grenoble
+uid: bproxy
+mail: bproxy@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: ProxyRules
+
dn: ou=aci branch, o=ACI Tests, dc=example,dc=com
objectclass: top
objectclass: organizationalunit
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml
index bd199f2..af671b8 100755
--- a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci.xml
@@ -101,6 +101,10 @@
<call function="'aci_bindtypes'" />
<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci_proxy_auth.xml' % (TESTS_DIR)"/>
+ <call function="'aci_proxy_auth'" />
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
file="'%s/testcases/aci/aci_teardown.xml' % (TESTS_DIR)"/>
<call function="'aci_teardown'" />
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_proxy_auth.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_proxy_auth.xml
new file mode 100755
index 0000000..3b1d942
--- /dev/null
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_proxy_auth.xml
@@ -0,0 +1,2657 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying * information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="aci_proxy_auth"/>
+
+ <function name="aci_proxy_auth">
+
+ <sequence>
+
+ <block name="'aci-proxy-auth'">
+
+ <sequence>
+
+ <script>
+ if not CurrentTestPath.has_key('group'):
+ CurrentTestPath['group']='aci'
+ CurrentTestPath['suite']=STAXCurrentBlock
+ </script>
+
+ <call function="'testSuite_Preamble'"/>
+
+ <!---
+ Place suite-specific test information here.
+ #@TestSuiteName ACI Proxy Authorization Tests
+ #@TestSuitePurpose Test the basic ACI Proxy Authorization Support.
+ #@TestSuiteGroup Basic ACI Proxy Authorization Tests
+ #@TestScript aci_proxy_auth.xml
+ -->
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci_setup.xml' % (TESTS_DIR)"/>
+ <call function="'aci_setup'" />
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Preamble
+ #@TestIssue 1489
+ #@TestPurpose Test default aci settings
+ #@TestPreamble none
+ #@TestStep Client searches entry for an attribute in a branch dn.
+ #@TestStep Client searches entry for an attribute in another branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and no entries are returned
+ for all operations.
+ -->
+ <testcase name="'ACI: Proxy Auth: Preamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Proxy Auth: Preamble - Removing Search Global ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_rm_global_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Preamble - existing branch, user searching entry that will be targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'cn=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Preamble - existing branch, user searching entry that will be non-targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'cn=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user, one proxied user
+ #@TestPreamble none
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry that does not have the targeted dn for the targetattr.
+ #@TestStep Remove all acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ No entries are returned for any steps.
+ -->
+ <testcase name="'ACI: Proxy Auth: one proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, preamble adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, proxy user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one user, one proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user, one proxied user
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 5
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: one user, one proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_all.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one user for adds, one proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user for adds, one proxied user
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ No entries returned for any step.
+ -->
+ <testcase name="'ACI: Proxy Auth: one user for adds, one proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_add.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for adds, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one user for searches, one proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user for searches, one proxied user
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 5
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: one user for searches, one proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_search.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one user for searches reads separate level, one proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user for searches reads separate level, one proxied user
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Remove another level of acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 5
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: one user for searches reads separate level, one proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_search_sep.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci2.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user for searches reads separate level, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with many users with wildcard, one proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with many users with wildcard, one proxied user
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Remove another level of acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1, 2, 5 and 6
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: many users with wildcard, one proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_all_wildcard.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, preamble adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: many users with wildcard, one proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one user, many proxied users with wildcard
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user, many proxied users with wildcard
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Remove another level of acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1, 2, 5 and 6
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: many users one user, many proxied users with wildcard'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_all.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci_wildcard.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, preamble adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=aproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, many proxied users with wildcard, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with one user, one bad proxied user
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with one user, one bad proxied user
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as proxied user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Admin adds an aci giving proxied user permission to access as user.
+ #@TestStep Client searches entry in targeted branch as proxied user through user.
+ #@TestStep Client searches entry in targeted branch as proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, except step 4 where 123 is expected.
+ Entry is returned only for step 1
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: one user, one bad proxied user'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_all.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'SEARCH operation failed' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'SEARCH operation failed' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bproxy,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ProxyRules' ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'SEARCH operation failed' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: one user, one bad proxied user, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Proxy rights with Directory Manager as proxy
+ #@TestIssue 1489
+ #@TestPurpose Test ACI with proxy rights with Directory Manager as proxy
+ #@TestPreamble Admin adds an aci giving user search and read access to one branch.
+ #@TestStep Client searches entry in targeted branch as user.
+ #@TestStep Client searches entry in targeted branch as second user.
+ #@TestStep Client searches entry in targeted branch as cn=Directory Manager proxied user.
+ #@TestStep Admin adds ds-privilege-name to cn=Directory Manager
+ #@TestStep Client searches entry in targeted branch as cn=Directory Manager proxied user.
+ #@TestStep Client searches entry in targeted branch as cn=Directory Manager proxied user through second user.
+ #@TestStep Remove all acis.
+ #@TestStep Client searches entry in the previously targeted branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations except step 3 where 123 is expected.
+ Entry is returned only for steps 1, 5 and 6
+ and only with the specified attribute.
+ -->
+ <testcase name="'ACI: Proxy Auth: Directory Manager as proxy'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_user_aci_all.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, preamble adding user aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'SEARCH operation failed' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, adding proxied-auth'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/add_proxy_auth_dm.ldif' % (STAGED_DATA_DIR) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+<!-- Uncomment or delete when Issue 1610 is remedied.
+ <script>
+ curr_aci_ldif_file = 'add_proxy_aci_dm.ldif'
+ curr_aci=retrieve_aci('%s/aci/aci_proxy_auth/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, adding proxy aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+-->
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, proxied user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsProxyDN' : 'dn:uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, proxied second user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'cn=Directory Manager,cn=Root DNs,cn=config' ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsProxyDN' : 'dn:uid=buser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, admin deleting both acis'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_proxy_auth/del_aci.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Directory Manager as proxy, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Proxy Authorization Tests
+ #@TestName Postamble
+ #@TestIssue 1489
+ #@TestPurpose Test default aci settings
+ #@TestPreamble none
+ #@TestStep Client searches entry for an attribute in a branch dn.
+ #@TestStep Client searches entry for an attribute in another branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ and no entries are returned
+ for all operations.
+ -->
+ <testcase name="'ACI: Proxy Auth: Postamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Proxy Auth: Postamble - existing branch, user searching entry that will be targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'cn=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Postamble - existing branch, user searching entry that will be non-targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'cn=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People,ou=non-aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Proxy Auth: Postamble - Resetting Search Global ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_reset_global_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/aci_cleanup.xml' % (TESTS_DIR)"/>
+ <call function="'aci_cleanup'" />
+
+ <call function="'testSuite_Postamble'"/>
+
+ </sequence>
+
+ </block>
+
+ </sequence>
+
+ </function>
+
+</stax>
--
Gitblit v1.10.0