From d3d50d1cb1b9eadbfddf24461af913b98951b956 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 22 Mar 2007 20:30:18 +0000
Subject: [PATCH] Enable dseecompat ACI package by default.
---
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java | 39 ++++++++++++++++++++++++++++++---------
opendj-sdk/opends/resource/config/config.ldif | 4 +++-
opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif | 5 -----
3 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/opendj-sdk/opends/resource/config/config.ldif b/opendj-sdk/opends/resource/config/config.ldif
index 4788127..b2adcfb 100644
--- a/opendj-sdk/opends/resource/config/config.ldif
+++ b/opendj-sdk/opends/resource/config/config.ldif
@@ -51,9 +51,11 @@
objectClass: top
objectClass: ds-cfg-access-control-handler
objectClass: ds-cfg-dseecompat-access-control-handler
+ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";)
+ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";)
cn: Access Control Handler
ds-cfg-acl-handler-class: org.opends.server.authorization.dseecompat.AciProvider
-ds-cfg-acl-handler-enabled: false
+ds-cfg-acl-handler-enabled: true
dn: cn=Account Status Notification Handlers,cn=config
objectClass: top
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif b/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif
index 1a37b14..052968f 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif
@@ -2,11 +2,6 @@
changetype: modify
replace: ds-cfg-notify-abandoned-operations
ds-cfg-notify-abandoned-operations: true
-
-dn: cn=Access Control Handler,cn=config
-changetype: modify
-replace: ds-cfg-acl-handler-enabled
-ds-cfg-acl-handler-enabled: true
-
dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
index 26cceda..a849e1b 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
@@ -31,10 +31,7 @@
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.tools.*;
-import org.testng.annotations.Test;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.BeforeClass;
+import org.testng.annotations.*;
import static org.testng.Assert.assertEquals;
import org.testng.Assert;
import static org.opends.server.util.ServerConstants.EOL;
@@ -481,7 +478,14 @@
@BeforeClass
public void setupClass() throws Exception {
TestCaseUtils.startServer();
+ deleteAttrFromEntry(ACCESS_HANDLER_DN, ATTR_AUTHZ_GLOBAL_ACI, true);
TestCaseUtils.clearJEBackend(true, "userRoot", "dc=example,dc=com");
+
+ }
+
+ @AfterClass
+ public void tearDown() throws Exception {
+ modEntries(GLOBAL_DEFAULT_ACIS, DIR_MGR_DN, DIR_MGR_PW);
}
@BeforeMethod
@@ -983,6 +987,23 @@
GLOBAL_ALLOW_MONITOR_TO_ADMIN_ACI,
GLOBAL_ALLOW_BASE_DN_TO_LEVEL_1_ACI);
+ //Global defauls
+private static final String GLOBAL_ANONYMOUS_READ_ACI =
+ buildGlobalAciValue("name", "Anonymous read access", "targetattr!=",
+ "userPassword||authPassword",
+ "allow(read, search, compare)", BIND_RULE_USERDN_ANYONE);
+
+private static final String GLOBAL_SELF_WRITE_ACI =
+ buildGlobalAciValue("name", "Self entry modification", "targetattr",
+ "*",
+ "allow(write)", BIND_RULE_USERDN_SELF);
+
+
+private static final String GLOBAL_DEFAULT_ACIS =
+ makeAttrAddAciLdif(ATTR_AUTHZ_GLOBAL_ACI,ACCESS_HANDLER_DN,
+ GLOBAL_ANONYMOUS_READ_ACI,
+ GLOBAL_SELF_WRITE_ACI);
+
//ACI used to test LDAP compare.
private static final
String COMPARE_ACI = makeAddAciLdif(OU_LEAF_DN,
@@ -1601,7 +1622,7 @@
Assert.assertFalse(userResults.equals(""));
String adminResults = ldapSearch(adminParam.getLdapSearchArgs());
Assert.assertTrue(adminResults.equals(""));
- deleteAttrFromEntry(OU_LEAF_DN, "aci");
+ deleteAttrFromEntry(OU_LEAF_DN, "aci", true);
modEntries(GROUP1_GROUPDN_MODS, DIR_MGR_DN, DIR_MGR_PW);
userResults = ldapSearch(userParam.getLdapSearchArgs());
Assert.assertFalse(userResults.equals(""));
@@ -1636,7 +1657,7 @@
Assert.assertFalse(monitorResults.equals(""));
String baseResults = ldapSearch(baseParam.getLdapSearchArgs());
Assert.assertFalse(baseResults.equals(""));
- deleteAttrFromEntry(ACCESS_HANDLER_DN, ATTR_AUTHZ_GLOBAL_ACI);
+ deleteAttrFromEntry(ACCESS_HANDLER_DN, ATTR_AUTHZ_GLOBAL_ACI, true);
monitorResults = ldapSearch(monitorParam.getLdapSearchArgs());
Assert.assertTrue(monitorResults.equals(""));
baseResults = ldapSearch(baseParam.getLdapSearchArgs());
@@ -1877,7 +1898,7 @@
throws Exception {
File tempFile = getTemporaryLdifFile();
TestCaseUtils.writeFile(tempFile, ldif);
- ArrayList<String> argList=new ArrayList<String>();
+ ArrayList<String> argList=new ArrayList<String>(20);
argList.add("-h");
argList.add("127.0.0.1");
argList.add("-p");
@@ -1898,13 +1919,13 @@
deleteEntries(ALL_TEST_ENTRY_DNS_BOTTOM_UP);
}
- private void deleteAttrFromEntry(String dn, String attr) throws Exception {
+ private void deleteAttrFromEntry(String dn, String attr, boolean errorOk) throws Exception {
StringBuilder ldif = new StringBuilder();
ldif.append(TestCaseUtils.makeLdif(
"dn: " + dn,
"changetype: modify",
"delete: " + attr));
- modEntries(ldif.toString(), DIR_MGR_DN, DIR_MGR_PW, true, false);
+ modEntries(ldif.toString(), DIR_MGR_DN, DIR_MGR_PW, errorOk, false);
}
private void deleteEntries(String[] entries) throws Exception {
--
Gitblit v1.10.0