From d0bf237c181e760eb3738d4ecb982e8d6318c5f2 Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Mon, 23 Apr 2007 15:08:03 +0000
Subject: [PATCH] Adding functional tests that contain multiple ACIs and different levels in the test tree.
---
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci14.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.1.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37a.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34a.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci13.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci6.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci36.ldif | 50
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail31.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci5.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci32.ldif | 39
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci38.ldif | 50
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci2.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36a.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33a.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci35.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci8.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.1.ldif | 29
opends/tests/functional-tests/testcases/aci/aci.xml | 4
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title34.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail32.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci11.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32a.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail33.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_search.ldif | 37
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/aci_startup_mult_aci_tests.ldif | 1875 +++++++++++++
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_modify.ldif | 37
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci3.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci33.ldif | 39
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39a.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci9.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci10.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci39.ldif | 60
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31a.ldif | 30
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38a.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title35.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.1.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.1.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci34.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci7.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci37.ldif | 50
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31.ldif | 30
opends/tests/functional-tests/testcases/aci/multiple_aci_tests.xml | 4424 +++++++++++++++++++++++++++++++
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci12.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci1.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35a.ldif | 29
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci4.ldif | 40
opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci31.ldif | 39
60 files changed, 8,281 insertions(+), 0 deletions(-)
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/aci_startup_mult_aci_tests.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/aci_startup_mult_aci_tests.ldif
new file mode 100644
index 0000000..1244831
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/aci_startup_mult_aci_tests.ldif
@@ -0,0 +1,1875 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+o: Search Tests
+objectclass: top
+objectclass: organization
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: aci branch
+
+dn: ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kvaughan, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=abergin, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmiller, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=gfarmer, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kwinters, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=trigden, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cschmith, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jcrawler, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jsprinter, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jrunner, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tclow, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=rdaugherty, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jreuter, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmason, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=bhall, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cfish, ou=People, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Cat Fish
+sn: Fish
+givenname: Cat
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cfish
+mail: cfish@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: non-aci branch
+
+dn: ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmorris, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kvaughan, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=abergin, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmiller, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=gfarmer, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kwinters, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=trigden, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cschmith, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jcrawler, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jsprinter, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jrunner, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tclow, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=rdaugherty, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jreuter, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmason, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=bhall, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=extra branch 1, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=People, ou=extra branch 1, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=aextra, ou=People, ou=extra branch 1, ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=extra branch 1, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=People, ou=extra branch 1, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=aextra, ou=People, ou=extra branch 1, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cfish, ou=People, ou=non-aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+cn: Cat Fish
+sn: Fish
+givenname: Cat
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cfish
+mail: cfish@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+o: Modify Tests
+objectclass: top
+objectclass: organization
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: aci branch
+
+dn: ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kvaughan, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=abergin, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmiller, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=gfarmer, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kwinters, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=trigden, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cschmith, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jcrawler, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jsprinter, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jrunner, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tclow, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=rdaugherty, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jreuter, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmason, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=bhall, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cfish, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Cat Fish
+sn: Fish
+givenname: Cat
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cfish
+mail: cfish@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: non-aci branch
+
+dn: ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=scarter, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Sam Carter
+sn: Carter
+givenname: Sam
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: scarter
+mail: scarter@example.com
+telephonenumber: +1 408 555 4798
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 4612
+userpassword: sprain
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmorris, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Ted Morris
+sn: Morris
+givenname: Ted
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Santa Clara
+uid: tmorris
+mail: tmorris@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 4117
+userpassword: irrefutable
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kvaughan, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Kirsten Vaughan
+sn: Vaughan
+givenname: Kirsten
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: kvaughan
+mail: kvaughan@example.com
+telephonenumber: +1 408 555 5625
+facsimiletelephonenumber: +1 408 555 3372
+roomnumber: 2871
+userpassword: bribery
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=abergin, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Andy Bergin
+sn: Bergin
+givenname: Andy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: abergin
+mail: abergin@example.com
+telephonenumber: +1 408 555 8585
+facsimiletelephonenumber: +1 408 555 7472
+roomnumber: 3472
+userpassword: inflict
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=dmiller, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: David Miller
+sn: Miller
+givenname: David
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: dmiller
+mail: dmiller@example.com
+telephonenumber: +1 408 555 9423
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 4135
+userpassword: gosling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=gfarmer, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Gern Farmer
+sn: Farmer
+givenname: Gern
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Cupertino
+uid: gfarmer
+mail: gfarmer@example.com
+telephonenumber: +1 408 555 6201
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1269
+userpassword: ruling
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=kwinters, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Kelly Winters
+sn: Winters
+givenname: Kelly
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: kwinters
+mail: kwinters@example.com
+telephonenumber: +1 408 555 9069
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4178
+userpassword: forsook
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=trigden, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Rigden
+sn: Rigden
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: trigden
+mail: trigden@example.com
+telephonenumber: +1 408 555 9280
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 3584
+userpassword: sensitive
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cschmith, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Chris Schmith
+sn: Schmith
+givenname: Chris
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: cschmith
+mail: cschmith@example.com
+telephonenumber: +1 408 555 8011
+facsimiletelephonenumber: +1 408 555 4774
+roomnumber: 0416
+userpassword: hypotenuse
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Judy Wallace
+sn: Wallace
+givenname: Judy
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Accounting
+ou: People
+l: Sunnyvale
+uid: jwallace
+mail: jwallace@example.com
+telephonenumber: +1 408 555 0319
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 1033
+userpassword: linear
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jcrawler, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: John Crawler
+sn: Crawler
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jcrawler
+mail: jcrawler@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jsprinter, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: John Sprinter
+sn: Sprinter
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jsprinter
+mail: jsprinter@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jrunner, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: John Runner
+sn: Runner
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jrunner
+mail: jrunner@example.com
+telephonenumber: +1 408 555 1476
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 3915
+userpassword: dogleg
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tclow, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Clow
+sn: Clow
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Santa Clara
+uid: tclow
+mail: tclow@example.com
+telephonenumber: +1 408 555 8825
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 4376
+userpassword: cardreader
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=rdaugherty, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Robert Daugherty
+sn: Daugherty
+givenname: Robert
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: rdaugherty
+mail: rdaugherty@example.com
+telephonenumber: +1 408 555 1296
+facsimiletelephonenumber: +1 408 555 1992
+roomnumber: 0194
+userpassword: apples
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=jreuter, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Jayne Reuter
+sn: Reuter
+givenname: Jayne
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Testing
+ou: People
+l: Cupertino
+uid: jreuter
+mail: jreuter@example.com
+telephonenumber: +1 408 555 1122
+facsimiletelephonenumber: +1 408 555 8721
+roomnumber: 2942
+userpassword: destroy
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=tmason, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Torrey Mason
+sn: Mason
+givenname: Torrey
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Sunnyvale
+uid: tmason
+mail: tmason@example.com
+telephonenumber: +1 408 555 1596
+facsimiletelephonenumber: +1 408 555 9751
+roomnumber: 1124
+userpassword: squatted
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=bhall, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=extra branch 1, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=People, ou=extra branch 1, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=aextra, ou=People, ou=extra branch 1, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: ou=extra branch 1, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=People, ou=extra branch 1, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: uid=aextra, ou=People, ou=extra branch 1, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Benjamin Hall
+sn: Hall
+givenname: Benjamin
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: bhall
+mail: bhall@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
+dn: uid=cfish, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+cn: Cat Fish
+sn: Fish
+givenname: Cat
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Product Development
+ou: People
+l: Santa Clara
+uid: cfish
+mail: cfish@example.com
+telephonenumber: +1 408 555 6067
+facsimiletelephonenumber: +1 408 555 0111
+roomnumber: 2511
+userpassword: oranges
+title: engineer
+title: architect
+title: sweeper
+carlicense: ABC 123
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci1.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci1.ldif
new file mode 100644
index 0000000..ee6f6d9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci1.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci1"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(cn=bad)")(version 3.0; acl "add_aci1"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=bad)")(version 3.0; acl "add_aci1"; allow (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci10.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci10.ldif
new file mode 100644
index 0000000..f52816d
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci10.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci10"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(!(telephone=*99))")(version 3.0; acl "add_aci10"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="cn || sn || telephonenumber")(version 3.0; acl "add_aci10"; deny (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci11.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci11.ldif
new file mode 100644
index 0000000..12634b7
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci11.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci11"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(telephonenumber=*4798)")(version 3.0; acl "add_aci11"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="cn || sn || telephonenumber")(version 3.0; acl "add_aci11"; allow (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci12.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci12.ldif
new file mode 100644
index 0000000..940379c
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci12.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci12"; allow (search) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(telephonenumber=*4798)")(version 3.0; acl "add_aci12"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(version 3.0; acl "add_aci12"; allow (delete,add,write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci13.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci13.ldif
new file mode 100644
index 0000000..2506253
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci13.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci13"; allow (search) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(telephonenumber=*4798)")(version 3.0; acl "add_aci13"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci13"; allow (read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci14.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci14.ldif
new file mode 100644
index 0000000..57b3f48
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci14.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci14"; deny (search) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(telephonenumber=*4798)")(version 3.0; acl "add_aci14"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci14"; allow (read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci2.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci2.ldif
new file mode 100644
index 0000000..8dcc70a
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci2.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci2"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(!(roomnumber=99*))")(version 3.0; acl "add_aci2"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=bad)")(version 3.0; acl "add_aci2"; allow (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci3.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci3.ldif
new file mode 100644
index 0000000..876bf64
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci3.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci3"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(!(telephone=*99))")(version 3.0; acl "add_aci3"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=bad)")(version 3.0; acl "add_aci3"; allow (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci31.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci31.ldif
new file mode 100644
index 0000000..53c0ebc
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci31.ldif
@@ -0,0 +1,39 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(targattrfilters="add=l:(l=Cuper*)")(version 3.0; acl "add_aci31"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(targattrfilters="del=l:(l=Cuper*)")(version 3.0; acl "add_aci31"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci31"; allow (search,read) userdn="ldap:///all";)
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci32.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci32.ldif
new file mode 100644
index 0000000..a49ef41
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci32.ldif
@@ -0,0 +1,39 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(targattrfilters="add=l:(l=Cuper*)")(version 3.0; acl "add_aci32"; deny (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(targattrfilters="del=l:(l=Cuper*)")(version 3.0; acl "add_aci32"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci32"; allow (search,read) userdn="ldap:///all";)
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci33.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci33.ldif
new file mode 100644
index 0000000..fb0b288
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci33.ldif
@@ -0,0 +1,39 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(targattrfilters="add=l:(l=Cuper*)")(version 3.0; acl "add_aci33"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targattrfilters="del=l:(l=Cuper*)")(version 3.0; acl "add_aci33"; deny (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci33"; allow (search,read) userdn="ldap:///all";)
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci34.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci34.ldif
new file mode 100644
index 0000000..4334ae5
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci34.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(version 3.0; acl "add_aci34"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="telephonenumber")(version 3.0; acl "add_aci34"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="roomnumber")(targetfilter="(sn=*)")(version 3.0; acl "add_aci34"; allow (write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci35.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci35.ldif
new file mode 100644
index 0000000..8376a07
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci35.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="l")(version 3.0; acl "add_aci35"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="telephonenumber")(version 3.0; acl "add_aci35"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="roomnumber")(targetfilter="(sn=*)")(version 3.0; acl "add_aci35"; allow (write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci36.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci36.ldif
new file mode 100644
index 0000000..dc62391
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci36.ldif
@@ -0,0 +1,50 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(version 3.0; acl "add_aci36"; allow (write) userdn="ldap:///all";)
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="add=title:(title=sweep*)")(version 3.0; acl "add_aci36"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="telephonenumber")(version 3.0; acl "add_aci36"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="del=title:(title=sweep*)")(version 3.0; acl "add_aci36"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="roomnumber")(targetfilter="(sn=*)")(version 3.0; acl "add_aci36"; allow (write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci37.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci37.ldif
new file mode 100644
index 0000000..eb8a8dd
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci37.ldif
@@ -0,0 +1,50 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(version 3.0; acl "add_aci37"; allow (write) userdn="ldap:///all";)
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="add=title:(!(title=sweep*))")(version 3.0; acl "add_aci37"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="telephonenumber")(version 3.0; acl "add_aci37"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="del=title:(!(title=sweep*))")(version 3.0; acl "add_aci37"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="roomnumber")(targetfilter="(sn=*)")(version 3.0; acl "add_aci37"; allow (write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci38.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci38.ldif
new file mode 100644
index 0000000..95d4622
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci38.ldif
@@ -0,0 +1,50 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="l")(version 3.0; acl "add_aci38"; allow (write) userdn="ldap:///all";)
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="add=title:(!(title=sweep*))")(version 3.0; acl "add_aci38"; deny (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="telephonenumber")(version 3.0; acl "add_aci38"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="del=title:(!(title=sweep*))")(version 3.0; acl "add_aci38"; deny (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="roomnumber")(targetfilter="(sn=*)")(version 3.0; acl "add_aci38"; allow (write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci39.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci39.ldif
new file mode 100644
index 0000000..6f1c03e
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci39.ldif
@@ -0,0 +1,60 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="carlicense")(version 3.0; acl "add_aci39"; deny (write) userdn="ldap:///all";)
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="add=l:(l=*)")(version 3.0; acl "add_aci39"; allow (write) userdn="ldap:///all";)
+
+dn: ou=People,ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="add=title:(!(title=sweep*))")(version 3.0; acl "add_aci39"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="telephonenumber")(version 3.0; acl "add_aci39"; deny (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="del=l:(l=*)")(version 3.0; acl "add_aci39"; allow (write) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targattrfilters="del=title:(!(title=sweep*))")(version 3.0; acl "add_aci39"; allow (write) userdn="ldap:///all";)
+
+dn: o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr!="roomnumber")(targetfilter="(sn=*)")(version 3.0; acl "add_aci39"; deny (write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci4.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci4.ldif
new file mode 100644
index 0000000..8b6b92d
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci4.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci4"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(telephonenumber=*4798)")(version 3.0; acl "add_aci4"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=bad)")(version 3.0; acl "add_aci4"; allow (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci5.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci5.ldif
new file mode 100644
index 0000000..b94e5d2
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci5.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci5"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(cn=*)")(version 3.0; acl "add_aci5"; deny (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci5"; deny (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci6.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci6.ldif
new file mode 100644
index 0000000..d912d68
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci6.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci6"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(!(roomnumber=99*))")(version 3.0; acl "add_aci6"; deny (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci6"; deny (write,add,delete) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci7.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci7.ldif
new file mode 100644
index 0000000..3eb1370
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci7.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci7"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(!(telephone=*99))")(version 3.0; acl "add_aci7"; deny (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci7"; deny (add,write,delete) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci8.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci8.ldif
new file mode 100644
index 0000000..b8a2e4c
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci8.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci8"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(telephonenumber=*4798)")(version 3.0; acl "add_aci8"; deny (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(sn=*)")(version 3.0; acl "add_aci8"; deny (delete,add,write) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci9.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci9.ldif
new file mode 100644
index 0000000..685fbfb
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/add_aci9.ldif
@@ -0,0 +1,40 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(roomnumber=4135)")(version 3.0; acl "add_aci9"; allow (search,read) userdn="ldap:///all";)
+
+dn: ou=aci branch, o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="*")(targetfilter="(!(roomnumber=99*))")(version 3.0; acl "add_aci9"; allow (search,read) userdn="ldap:///all";)
+
+dn: o=Search Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetattr="cn || sn || uid")(version 3.0; acl "add_aci9"; allow (search,read) userdn="ldap:///all";)
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_modify.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_modify.ldif
new file mode 100644
index 0000000..4cfd94b
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_modify.ldif
@@ -0,0 +1,37 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
+dn: ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
+dn: o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_search.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_search.ldif
new file mode 100644
index 0000000..96f90be
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/del_aci_search.ldif
@@ -0,0 +1,37 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: ou=People,ou=aci branch, o=Search Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
+dn: ou=aci branch, o=Search Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
+dn: o=Search Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+delete: aci
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif
new file mode 100644
index 0000000..f4c124d
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=scarter, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Chicago
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31.ldif
new file mode 100644
index 0000000..df8151a
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=gfarmer,ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: CuperGrenoble
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31a.ldif
new file mode 100644
index 0000000..e54e6f7
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l31a.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=gfarmer,ou=People,ou=non-aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: CuperGrenoble
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32.ldif
new file mode 100644
index 0000000..c2ca3aa
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jcrawler,ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: CuperGrenoble
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32a.ldif
new file mode 100644
index 0000000..e2eb6c9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l32a.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jcrawler,ou=People,ou=non-aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: CuperGrenoble
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33.ldif
new file mode 100644
index 0000000..c2ca3aa
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jcrawler,ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: CuperGrenoble
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33a.ldif
new file mode 100644
index 0000000..e2eb6c9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l33a.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jcrawler,ou=People,ou=non-aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: CuperGrenoble
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34.ldif
new file mode 100644
index 0000000..160dbce
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: London
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34a.ldif
new file mode 100644
index 0000000..e2d42b9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l34a.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: London
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35.ldif
new file mode 100644
index 0000000..160dbce
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: London
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35a.ldif
new file mode 100644
index 0000000..e2d42b9
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l35a.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: London
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36.ldif
new file mode 100644
index 0000000..e022d7e
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36a.ldif
new file mode 100644
index 0000000..ca46181
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l36a.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37.ldif
new file mode 100644
index 0000000..e022d7e
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37a.ldif
new file mode 100644
index 0000000..ca46181
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l37a.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38.ldif
new file mode 100644
index 0000000..e022d7e
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38a.ldif
new file mode 100644
index 0000000..ca46181
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l38a.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39.ldif
new file mode 100644
index 0000000..e022d7e
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39a.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39a.ldif
new file mode 100644
index 0000000..ca46181
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_l39a.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=non-aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: l
+l: Paris
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail31.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail31.ldif
new file mode 100644
index 0000000..8217ce7
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail31.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=gfarmer,ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: mail
+mail: gfarmer@newmail.example.com
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail32.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail32.ldif
new file mode 100644
index 0000000..852a10d
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail32.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jcrawler,ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: mail
+mail: gfarmer@newmail.example.com
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail33.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail33.ldif
new file mode 100644
index 0000000..852a10d
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_mail33.ldif
@@ -0,0 +1,30 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jcrawler,ou=People,ou=aci branch, o=Modify Tests,o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: mail
+mail: gfarmer@newmail.example.com
+
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title34.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title34.ldif
new file mode 100644
index 0000000..2cdbb13
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title34.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: CEO
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title35.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title35.ldif
new file mode 100644
index 0000000..2cdbb13
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title35.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=tmorris, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: CEO
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.1.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.1.ldif
new file mode 100644
index 0000000..2a2f1f3
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.1.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: sweeper supervisor
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.ldif
new file mode 100644
index 0000000..7887e05
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title36.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: CEO
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.1.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.1.ldif
new file mode 100644
index 0000000..2a2f1f3
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.1.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: sweeper supervisor
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.ldif
new file mode 100644
index 0000000..7887e05
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title37.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: CEO
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.1.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.1.ldif
new file mode 100644
index 0000000..2a2f1f3
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.1.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: sweeper supervisor
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.ldif
new file mode 100644
index 0000000..7887e05
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title38.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: CEO
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.1.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.1.ldif
new file mode 100644
index 0000000..2a2f1f3
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.1.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: sweeper supervisor
diff --git a/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.ldif b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.ldif
new file mode 100644
index 0000000..7887e05
--- /dev/null
+++ b/opends/tests/functional-tests/shared/data/aci/multiple_aci_tests/replace_title39.ldif
@@ -0,0 +1,29 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Portions Copyright 2007 Sun Microsystems, Inc.
+#
+
+dn: uid=jwallace, ou=People, ou=aci branch, o=Modify Tests, o=ACI Tests, dc=example,dc=com
+changetype: modify
+replace: title
+title: CEO
diff --git a/opends/tests/functional-tests/testcases/aci/aci.xml b/opends/tests/functional-tests/testcases/aci/aci.xml
index cfea056..60536a9 100755
--- a/opends/tests/functional-tests/testcases/aci/aci.xml
+++ b/opends/tests/functional-tests/testcases/aci/aci.xml
@@ -105,6 +105,10 @@
<call function="'aci_compare_tests'" />
<import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
+ file="'%s/testcases/aci/multiple_aci_tests.xml' % (TESTS_DIR)"/>
+ <call function="'multiple_aci_tests'" />
+
+ <import machine="'%s' % (STAF_LOCAL_HOSTNAME)"
file="'%s/testcases/aci/aci_teardown.xml' % (TESTS_DIR)"/>
<call function="'aci_teardown'" />
diff --git a/opends/tests/functional-tests/testcases/aci/multiple_aci_tests.xml b/opends/tests/functional-tests/testcases/aci/multiple_aci_tests.xml
new file mode 100644
index 0000000..5e528f3
--- /dev/null
+++ b/opends/tests/functional-tests/testcases/aci/multiple_aci_tests.xml
@@ -0,0 +1,4424 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<stax>
+
+ <defaultcall function="multiple_aci_tests"/>
+
+ <function name="multiple_aci_tests">
+
+ <sequence>
+
+ <block name="'multiple-aci-tests'">
+
+ <sequence>
+
+ <script>
+ CurrentTestPath['suite']=STAXCurrentBlock
+ </script>
+
+ <call function="'testSuite_Preamble'"/>
+
+ <!---
+ Place suite-specific test information here.
+ #@TestSuiteName Multiple ACI Tests
+ #@TestSuitePurpose Test the Support for multiple ACIs
+ #@TestSuiteGroup Multiple ACi Tests
+ #@TestScript multiple_aci_tests.xml
+ -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Preamble
+ #@TestIssue 446
+ #@TestPurpose Prepare for multiple ACI test cases
+ #@TestPreamble none
+ #@TestStep Directory Manager adds extra entries
+ #@TestStep Directory Manager removes global ACI allowing searches
+ #@TestStep Client searches entry in one branch.
+ #@TestStep Client searches entry in another branch.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Preamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Multiple ACIs: Preamble - Adding Branches For Multiple ACI Tests'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/aci/multiple_aci_tests/aci_startup_mult_aci_tests.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Preamble - Removing Search Global ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_rm_global_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Preamble - user searching entry that will be targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Preamble - user searching entry that will be non-targeted in future tests'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-one entry
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-one entry
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should not be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for step 1
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-one entry'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci1.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-two entries 1
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, same attribute
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-two entries 1'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci2.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-two entries 2
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, two attributes with not equal
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-two entries 2'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci3.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-two entries 3
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, with two attributes with equal
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-two entries 3'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci4.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, one true, user searching second entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-one entry, deny
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-one entry, deny
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should not be allowed in targeted branch.
+ #@TestStep Client searches second entry which should not be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches previous entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned for no steps.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-one entry, deny'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci5.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, deny, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, deny, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, deny, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, deny, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, deny, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-one entry, deny, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-two entries 1, deny
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, same attribute, deny
+ #@TestPreamble Admin adds three ACIs, different targetfilters, two statements true with same attrs.
+ #@TestStep Client searches entry which should not be allowed in targeted branch.
+ #@TestStep Client searches second entry which should not be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches previous entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned for no steps.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-two entries 1, deny'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci6.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, deny, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, deny, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, deny, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, deny, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, deny, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, deny, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-two entries 2, deny
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, two attributes with not equal, deny
+ #@TestPreamble Admin adds three ACIs, different targetfilters, two statements true with, two attributes with not equal, deny
+ #@TestStep Client searches entry which should not be allowed in targeted branch.
+ #@TestStep Client searches second entry which should not be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches previous entry.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned for no steps.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-two entries 2, deny'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci7.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, deny, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, deny, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, deny, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, deny, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, deny, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 2, deny, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters, one aci-two entries 3, deny
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, with two attributes with equal, deny
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should not be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for step 1
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters, one aci-two entries 3, deny'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci8.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, deny, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, deny, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, deny, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, deny, user searching second entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, deny, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 3, deny, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters and targetattr
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, same attribute
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters and targetattr'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci9.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters, one aci-two entries 1, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters and targeattr, deny one attr
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters, one aci-two entries, two attributes with not equal
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters and targeattr, deny one attr'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci10.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targeattr, deny one attr, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targeattr, deny one attr, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targeattr, deny one attr, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targeattr, deny one attr, one true, user searching non-targeted entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targeattr, deny one attr, one true, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targeattr, deny one attr, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters and targetattr with not equals
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters and targetattr with not equals
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters and targetattr with not equals'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci11.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr with not equals, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr with not equals, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr with not equals, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr with not equals, one true, user searching second entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr with not equals, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr with not equals, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters and targetattr, separate search-read with missing read
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters and targetattr, separate search-read with missing read
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should not be allowed in targeted branch.
+ #@TestStep Client searches second entry which should be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for step 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters and targetattr, separate search-read with missing read'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci12.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with missing read, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with missing read, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with missing read, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read missing read, user searching second entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read missing read, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read missing read, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters and targetattr, separate search-read
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters and targetattr, separate search-read
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should be allowed in targeted branch.
+ #@TestStep Client searches second entry which should also be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for steps 1 and 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters and targetattr, separate search-read'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci13.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read, user searching second entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Different targetfilters and targetattr, separate search-read with deny search
+ #@TestIssue 446
+ #@TestPurpose Test three ACIs, different targetfilters and targetattr, separate search-read with deny search
+ #@TestPreamble Admin adds three ACIs.
+ #@TestStep Client searches entry which should not be allowed in targeted branch.
+ #@TestStep Client searches second entry which should be allowed in targeted branch.
+ #@TestStep Client searches entry which is outside of the targeted branch.
+ #@TestStep Remove aci.
+ #@TestStep Client searches entry which was previously allowed.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+ Entry is returned only for step 2
+ and only with the appropriate attributes.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Different targetfilters and targetattr, separate search-read with deny search'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci14.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with deny search, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with deny search, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with deny search, user searching second entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'telephonenumber:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'cn:' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'roomnumber:' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with deny search, user searching second entry outside of the scope of the aci'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with deny search, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Targetfilter: Different targetfilters and targetattr, separate search-read with deny search, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targattrfilters with add:l and del:l
+ #@TestIssue 444
+ #@TestPurpose Test with separate targattrfilters
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ 0 for step 1, and
+ 50 for all other steps.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci31.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l, user replacing l in targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l31.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l, user replacing mail in targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_mail31.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l, user replacing l in non-targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l31a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with add:l and del:l, user replacing l in previously targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l31.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targattrfilters with deny add:l and allow del:l
+ #@TestIssue 444
+ #@TestPurpose Test with separate targattrfilters
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ and 50 for all other steps.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci32.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l, user replacing l in targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l32.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l, user replacing mail in targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_mail32.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l, user replacing l in non-targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l32a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with deny add:l and allow del:l, user replacing l in previously targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l32.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targattrfilters with allow add:l and deny del:l
+ #@TestIssue 444
+ #@TestPurpose Test with separate targattrfilters
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ and 50 for all other steps.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci33.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l, user replacing l in targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l33.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l, user replacing mail in targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_mail33.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l, user replacing l in non-targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l33a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targattrfilters with allow add:l and deny del:l, user replacing l in previously targeted entry'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l33.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targetattrs
+ #@TestIssue 444
+ #@TestPurpose Test with separate targetattrs
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ and 50 for all other steps.
+ -->
+ <testcase name="'ACI: Multiple ACIs: Separate targetattrs'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci34.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs, user modifying entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l34.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title34.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs, user modifying entry from non-targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l34a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs, user modifying entry in previously targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targetattrs with not equals
+ #@TestIssue 444
+ #@TestPurpose Test with separate targetattrs
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ 0 for steps 1, 2 and 3, and
+ 50 for all other steps.
+ -->
+ <testcase name="'ACI: Multiple ACIs: Separate targetattrs with not equals'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci35.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with not equals, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with not equals, user modifying entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l35.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with not equals, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title35.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with not equals, user modifying entry from non-targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l35a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with not equals, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with not equals, user modifying entry in previously targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targetattrs and targattrfilters with equals and not equals
+ #@TestIssue 444
+ #@TestPurpose Test with separate targetattrs
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ 0 for steps 1 and 2, and
+ 50 for all other steps.
+ -->
+ <testcase name="'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci36.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, user modifying entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l36.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title36.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title36.1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, user modifying entry from non-targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l36a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with equals and not equals, user modifying entry in previously targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targetattrs and targattrfilters with not equals
+ #@TestIssue 444
+ #@TestPurpose Test with separate targetattrs
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ 0 for steps 1, 2,`and 3, and
+ 50 for all other steps.
+ -->
+ <testcase name="'ACI: Separate targetattrs and targattrfilters with not equals'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci37.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, user modifying entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l37.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title37.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title37.1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, user modifying entry from non-targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l37a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with not equals, user modifying entry in previously targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targetattrs and targattrfilters with deny
+ #@TestIssue 444
+ #@TestPurpose Test with separate targetattrs
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ 0 for step 1, and
+ 50 for all other steps.
+ -->
+ <testcase name="'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci38.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, user modifying entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l38.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title38.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title38.1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, user modifying entry from non-targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l38a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs and targattrfilters with deny, user modifying entry in previously targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Separate targetattrs with deny and targattrfilters
+ #@TestIssue 444
+ #@TestPurpose Test with separate targetattrs
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client replaces l in an entry with the targeted branch dn.
+ #@TestStep Client replaces mail in an entry with the targeted branch dn.
+ #@TestStep Client replaces l in an entry that is not with the targeted branch dn.
+ #@TestStep Remove aci.
+ #@TestStep Client replaces l from an entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldapmodify operations,
+ 0 for steps 1, 2, and 3 and
+ 50 for all other steps.
+ -->
+ <testcase name="'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters '">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci_ldif_file = 'add_aci39.ldif'
+ curr_aci=retrieve_aci('%s/aci/multiple_aci_tests/%s' % (LOCAL_DATA_DIR,curr_aci_ldif_file));
+ </script>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , preamble adding aci,\n %s' % curr_aci
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/%s' % (STAGED_DATA_DIR,curr_aci_ldif_file) }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , user modifying entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l39.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title39.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , user modifying prohibited attr in entry from targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_title39.1.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , user modifying entry from non-targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/replace_l37a.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 50">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , admin deleting aci'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/del_aci_modify.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Separate targetattrs with deny and targattrfilters , user modifying entry in previously targeted branch'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'entryToBeModified' : '%s/aci/multiple_aci_tests/mod_common_prohibited_entry.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult ,
+ 'expected' : 50 }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Multiple ACI Tests
+ #@TestName Postamble
+ #@TestIssue 446
+ #@TestPurpose Reset global ACI to default settings
+ #@TestPreamble none
+ #@TestStep Client searches entry in one branch.
+ #@TestStep Client searches entry in another branch.
+ #@TestStep Directory Manager replaces default global aci.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <!-- cross reference to http://docs.sun.com/source/816-6698-10/aci.html -->
+ <!-- cross reference to DS6 docs -->
+ <testcase name="'ACI: Multiple ACIs: Postamble'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'ACI: Multiple ACIs: Postamble - user searching entry that was targeted'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Postamble - user searching entry that was non-targeted'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid roomnumber telephonenumber'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People,ou=non-aci branch,o=Search Tests,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Postamble - delete branch, o=Search Tests'
+ </message>
+
+ <call function="'DeleteEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'o=Search Tests, o=ACI Tests,dc=example,dc=com' ,
+ 'extraParams' : '-x'}
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Postamble - delete branch, o=Modify Tests'
+ </message>
+
+ <call function="'DeleteEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'o=Modify Tests, o=ACI Tests,dc=example,dc=com' ,
+ 'extraParams' : '-x'}
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Multiple ACIs: Postamble - Resetting Search Global ACI'
+ </message>
+
+ <call function="'modifyEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeModified' : '%s/aci/aci_reset_global_search.ldif' % STAGED_DATA_DIR }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <call function="'testSuite_Postamble'"/>
+
+ </sequence>
+
+ </block>
+
+ </sequence>
+
+ </function>
+
+</stax>
--
Gitblit v1.10.0