From d31462bb1ab65a38f01327e358e0442432497fbb Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Tue, 26 Jun 2007 16:57:44 +0000
Subject: [PATCH] Added functional test cases for Issue 432.
---
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml | 456 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 455 insertions(+), 1 deletions(-)
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml
index 2e777d5..a39bd91 100755
--- a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_target.xml
@@ -1586,7 +1586,7 @@
</sequence>
</testcase>
- <!---
+ <!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Target Tests
@@ -1661,6 +1661,460 @@
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker ACI Target Tests
+ #@TestName Enable and disable ACIs
+ #@TestIssue 432
+ #@TestPurpose Enable and disable access control functionality
+ #@TestPreamble Admin adds an aci with the target equal to the dn of one existing branch.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Admin adds a deny ACI.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Admin disables access control functionality.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Admin enables access control functionality.
+ #@TestStep Remove aci.
+ #@TestStep Remove deny aci.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for steps 1 and 5.
+ -->
+ <testcase name="'ACI: Target: Enable and disable ACIs'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <script>
+ curr_aci="(targetattr=\"*\")(version 3.0; acl \"add_aci15\"; allow (search,read) userdn=\"ldap:///all\";)"
+ </script>
+
+ <message>
+ 'ACI: Target: Target enable and disable ACIs, preamble adding aci'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'uid: scarter' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <script>
+ curr_aci2="(targetattr=\"*\")(version 3.0; acl \"add_aci15\"; deny (search,read) userdn=\"ldap:///all\";)"
+ </script>
+
+ <message>
+ 'ACI: Target: Target enable and disable ACIs, adding deny aci'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci2 ,
+ 'changetype' : 'add' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target enable and disable ACIs, disable ACIs'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-acl-handler-enabled' ,
+ 'newAttributeValue' : 'false' ,
+ 'changetype' : 'replace' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'uid: scarter' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target enable and disable ACIs, enable ACIs'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-acl-handler-enabled' ,
+ 'newAttributeValue' : 'true' ,
+ 'changetype' : 'replace' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, admin deleting aci'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, admin deleting deny aci'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci2 ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable ACIs, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
+ #@TestName Enable and disable global ACIs
+ #@TestIssue 432
+ #@TestPurpose Enable and disable access control functionality
+ #@TestPreamble none
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Admin disables access control functionality.
+ #@TestStep Client searches entry with the targeted branch dn.
+ #@TestStep Admin enables access control functionality.
+ #@TestStep Client searches entry with the previously targeted branch dn.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations, and
+ and entry is returned only for step 3.
+ -->
+ <testcase name="'ACI: Target: Enable and disable global ACIs'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'ACI: Target: enable and disable global ACIs, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target enable and disable global ACIs, disable ACIs'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-acl-handler-enabled' ,
+ 'newAttributeValue' : 'false' ,
+ 'changetype' : 'replace' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable global ACIs, user searching targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'uid: scarter' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: Target enable and disable global ACIs, enable ACIs'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-acl-handler-enabled' ,
+ 'newAttributeValue' : 'true' ,
+ 'changetype' : 'replace' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'ACI: Target: enable and disable global ACIs, user searching previously targeted entry'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,ou=people,o=ACI Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'uid=scarter,ou=People,ou=aci branch,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'cn sn uid'}
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=scarter,ou=People,ou=aci branch,o=ACI Tests' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Target Tests
#@TestName Target equals dn with userdn equal all
#@TestIssue 453
#@TestPurpose Test with the target set equal to a dn with userdn equal all
--
Gitblit v1.10.0