{ 'dataFile' : 'Short_Example.ldif' } 'Replication: ACI: Add entry with ACI. Check ACI replication \ over an entry add.' 'Add entry %s with ACI: \n%s' % (myEntry.getDn(), myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToAdd' : myEntry.getDn(), 'listAttributes' : myEntry.getAttrList() } '+++ New ACI +++\nDeny "%s" the access to write its own \ description attribute.' % myEntry.getDn() 'Binding as "%s", add givenname %s to entry %s on server \ %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myGivenname, myEntry.getDn(), server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myEntry.getDn(), 'attributeName' : 'givenname', 'newAttributeValue' : myGivenname, 'changetype' : 'add' } 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: ERROR 50 (Insufficient Access \ Rights)' % \ (myEntry.getDn(), myDescription, myEntry.getDn(), server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myEntry.getDn(), 'attributeName' : 'description', 'newAttributeValue' : myDescription, 'changetype' : 'add', 'expectedRC' : 50 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] 'Replication: ACI: Modify_add ACI. Check ACI replication \ over a modify_add.' 'Add user entry %s' % myEntry.getDn() { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToAdd' : myEntry.getDn(), 'listAttributes' : myEntry.getAttrList() } 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: ERROR 50 (Insufficient Access \ Rights)' % \ (myEntry.getDn(), myDescription, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'description', 'newAttributeValue' : myDescription, 'changetype' : 'add', 'expectedRC' : 50 } 'Add ACI to entry ou=People,%s: \n%s' % (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'add' } '+++ New ACI +++\nAllow "%s" full access to all description \ attributes under ou=People,%s.' % \ (myEntry.getDn(), synchroSuffix) 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myDescription, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'description', 'newAttributeValue' : myDescription, 'changetype' : 'add' } [ clientHost, clientPath, master, consumerList, synchroSuffix ] 'Replication: ACI: Modify_replace ACI target. Check ACI \ replication over a modify_replace of the ACI target.' 'Binding as "%s", add telephonenumber %s to entry %s on \ server %s:%s. -- Expect: ERROR 50 (Insufficient Access \ Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'telephonenumber', 'newAttributeValue' : myTelephonenumber, 'changetype' : 'add', 'expectedRC' : 50 } 'Replace ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'replace' } '+++ New ACI +++\nAllow "%s" full access to all telephonenumber\ attributes under ou=People,%s.' % \ (myEntry.getDn(), synchroSuffix) 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'telephonenumber', 'newAttributeValue' : myTelephonenumber, 'changetype' : 'add' } [ clientHost, clientPath, master, consumerList, synchroSuffix ] 'Replication: ACI: Modify_replace ACI permission. Check ACI \ replication over a modify_replace of the ACI permission.' 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 0 } 'Replace ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'replace' } '+++ New ACI +++\nDeny "%s" access to all telephonenumber \ attributes under ou=People,%s.' % \ (myEntry.getDn(), synchroSuffix) 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] 'Replication: ACI: Modify_replace ACI bind rule. Check ACI \ replication over a modify_replace of the ACI bind rule.' 'Add user entry %s' % myEntry.getDn() { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToAdd' : myEntry.getDn(), 'listAttributes' : myEntry.getAttrList() } 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 0 } 'Replace ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'replace' } '+++ New ACI +++\nDeny users with (sn=%s) access to all \ telephonenumber attributes under ou=People,%s.' % \ (mySn, synchroSuffix) 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] 'Replication: ACI: Bypass-acl privilege. Check the bypass-acl \ privilege is replicated and successfully applied over the \ topology' 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } 'Add %s privilege to entry %s: \n' % \ (myPrivilege, myEntry.getDn()) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : myEntry.getDn(), 'attributeName' : 'ds-privilege-name', 'newAttributeValue' : myPrivilege, 'changetype' : 'add' } '+++ Active ACI +++\nDeny users with (sn=%s) access to all \ telephonenumber attributes under ou=People,%s.' % \ (mySn, synchroSuffix) 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 0 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] 'Replication: ACI: Modify_delete ACI. Check ACI \ replication over a modify_delete.' 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } 'Delete ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'delete' } '+++ New ACI +++\nNo aci in ou=People,%s.' % synchroSuffix 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 0 } [ clientHost, clientPath, master, consumerList, synchroSuffix ]