'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Admin modify an entry to populate cn=changelog' { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'uid=scarter,ou=People,%s' % synchroSuffix , 'attributeName' : 'roomnumber', 'newAttributeValue' : '5000', 'changetype' : 'replace' } 'Replication: ACI: Admin can read cn=changelog' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsInstanceDn' : master.getRootDn() , 'dsInstancePswd' : master.getRootPwd() , 'dsBaseDN' : 'cn=changelog' , 'dsFilter' : 'objectClass=*' } 'Replication: ACI: Checking dn: changeNumber=1,cn=changelog' { 'returnString' : returnString, 'expectedString' : 'dn: changeNumber=1,cn=changelog' } { 'returnString' : returnString, 'expectedString' : 'targetDN: uid=scarter,ou=people,o=example' } returnString 'Replication: ACI: User cannot read cn=changelog' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsInstanceDn' : 'uid=sholmes,ou=People,%s' % synchroSuffix , 'dsInstancePswd' : 'elementary' , 'dsBaseDN' : 'cn=changelog' , 'dsFilter' : 'objectClass=*' } 'Replication: ACI: Checking dn: changeNumber=1,cn=changelog' { 'returnString' : returnString, 'expectedString' : 'dn: changeNumber=1,cn=changelog' } { 'returnString' : returnString, 'expectedString' : 'targetDN: uid=scarter,ou=people,o=example', 'expectedRC' : 1 } 'Replication: ACI: Anonymous cannot read cn=changelog' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsBaseDN' : 'cn=changelog' , 'dsFilter' : 'objectClass=*' } 'Replication: ACI: Checking dn: changeNumber=1,cn=changelog' { 'returnString' : returnString, 'expectedString' : 'dn: changeNumber=1,cn=changelog' } { 'returnString' : returnString, 'expectedString' : 'targetDN: uid=scarter,ou=people,o=example', 'expectedRC' : 1 } '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Admin modify some entries to generate ds-sync-hist attribtes' { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'uid=sholmes,ou=People,%s' % synchroSuffix , 'attributeName' : 'roomnumber', 'newAttributeValue' : '5000', 'changetype' : 'replace' } { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'uid=dward,ou=People,%s' % synchroSuffix , 'attributeName' : 'roomnumber', 'newAttributeValue' : '5000', 'changetype' : 'replace' } 'Replication: ACI: Admin can read ds-sync-hist attribute' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsInstanceDn' : master.getRootDn() , 'dsInstancePswd' : master.getRootPwd() , 'dsBaseDN' : 'uid=dward,ou=People,%s' % synchroSuffix , 'dsFilter' : 'objectClass=*' , 'dsAttributes' : 'ds-sync-hist' } 'Replication: ACI: Checking ds-sync-hist' { 'returnString' : returnString, 'expectedString' : 'ds-sync-hist:' } 'Replication: ACI: User cannot read ds-sync-hist attribute on his own entry' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsInstanceDn' : 'uid=sholmes,ou=People,%s' % synchroSuffix , 'dsInstancePswd' : 'elementary' , 'dsBaseDN' : 'uid=sholmes,ou=People,%s' % synchroSuffix , 'dsFilter' : 'objectClass=*' , 'dsAttributes' : 'ds-sync-hist' } 'Replication: ACI: Checking ds-sync-hist' { 'returnString' : returnString, 'expectedString' : 'ds-sync-hist:', 'expectedRC' : 1 } 'Replication: ACI: User cannot read ds-sync-hist attribute on another user entry' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsInstanceDn' : 'uid=sholmes,ou=People,%s' % synchroSuffix , 'dsInstancePswd' : 'elementary' , 'dsBaseDN' : 'uid=dward,ou=People,%s' % synchroSuffix , 'dsFilter' : 'objectClass=*' , 'dsAttributes' : 'ds-sync-hist' } 'Replication: ACI: Checking ds-sync-hist' { 'returnString' : returnString, 'expectedString' : 'ds-sync-hist:', 'expectedRC' : 1 } 'Replication: ACI: Anonymous cannot read ds-sync-hist attribute' { 'location' : masterHost , 'dsPath' : masterPath , 'dsInstanceHost' : masterHost , 'dsInstancePort' : master.getPort() , 'dsBaseDN' : 'uid=dward,ou=People,%s' % synchroSuffix , 'dsFilter' : 'objectClass=*' , 'dsAttributes' : 'ds-sync-hist' } 'Replication: ACI: Checking ds-sync-hist' { 'returnString' : returnString, 'expectedString' : 'ds-sync-hist:', 'expectedRC' : 1 } '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Add entry with ACI. Check ACI replication \ over an entry add.' 'Add entry %s with ACI: \n%s' % (myEntry.getDn(), myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToAdd' : myEntry.getDn(), 'listAttributes' : myEntry.getAttrList() } '+++ New ACI +++\nDeny "%s" the access to write its own \ description attribute.' % myEntry.getDn() 'Binding as "%s", add givenname %s to entry %s on server \ %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myGivenname, myEntry.getDn(), server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myEntry.getDn(), 'attributeName' : 'givenname', 'newAttributeValue' : myGivenname, 'changetype' : 'add' } 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: ERROR 50 (Insufficient Access \ Rights)' % \ (myEntry.getDn(), myDescription, myEntry.getDn(), server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myEntry.getDn(), 'attributeName' : 'description', 'newAttributeValue' : myDescription, 'changetype' : 'add', 'expectedRC' : 50 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Modify_add ACI. Check ACI replication \ over a modify_add.' 'Add user entry %s' % myEntry.getDn() { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToAdd' : myEntry.getDn(), 'listAttributes' : myEntry.getAttrList() } 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: ERROR 50 (Insufficient Access \ Rights)' % \ (myEntry.getDn(), myDescription, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'description', 'newAttributeValue' : myDescription, 'changetype' : 'add', 'expectedRC' : 50 } 'Add ACI to entry ou=People,%s: \n%s' % (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'add' } '+++ New ACI +++\nAllow "%s" full access to all description \ attributes under ou=People,%s.' % \ (myEntry.getDn(), synchroSuffix) 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myDescription, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'description', 'newAttributeValue' : myDescription, 'changetype' : 'add' } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Modify_replace ACI target. Check ACI \ replication over a modify_replace of the ACI target.' 'Binding as "%s", add telephonenumber %s to entry %s on \ server %s:%s. -- Expect: ERROR 50 (Insufficient Access \ Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'telephonenumber', 'newAttributeValue' : myTelephonenumber, 'changetype' : 'add', 'expectedRC' : 50 } 'Replace ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'replace' } '+++ New ACI +++\nAllow "%s" full access to all telephonenumber\ attributes under ou=People,%s.' % \ (myEntry.getDn(), synchroSuffix) 'Binding as "%s", add description %s to entry %s on \ server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'DNToModify' : myTargetEntryDn, 'attributeName' : 'telephonenumber', 'newAttributeValue' : myTelephonenumber, 'changetype' : 'add' } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Modify_replace ACI permission. Check ACI \ replication over a modify_replace of the ACI permission.' 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn] } 'Replace ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'replace' } '+++ New ACI +++\nDeny "%s" access to all telephonenumber \ attributes under ou=People,%s.' % \ (myEntry.getDn(), synchroSuffix) 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Modify_replace ACI bind rule. Check ACI \ replication over a modify_replace of the ACI bind rule.' 'Add user entry %s' % myEntry.getDn() { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToAdd' : myEntry.getDn(), 'listAttributes' : myEntry.getAttrList() } 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn] } 'Replace ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'replace' } '+++ New ACI +++\nDeny users with (sn=%s) access to all \ telephonenumber attributes under ou=People,%s.' % \ (mySn, synchroSuffix) 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Bypass-acl privilege. Check the bypass-acl \ privilege is replicated and successfully applied over the \ topology' 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } 'Add %s privilege to entry %s: \n' % \ (myPrivilege, myEntry.getDn()) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : myEntry.getDn(), 'attributeName' : 'ds-privilege-name', 'newAttributeValue' : myPrivilege, 'changetype' : 'add' } '+++ Active ACI +++\nDeny users with (sn=%s) access to all \ telephonenumber attributes under ou=People,%s.' % \ (mySn, synchroSuffix) 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn] } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo) 'Test Name = %s' % STAXCurrentTestcase 'Replication: ACI: Modify_delete ACI. Check ACI \ replication over a modify_delete.' 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: ERROR 50 \ (Insufficient Access Rights)' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn], 'expectedRC' : 50 } 'Delete ACI on entry ou=People,%s: \n%s' % \ (synchroSuffix, myAci) { 'location' : masterHost, 'dsPath' : masterPath, 'dsInstanceHost' : masterHost, 'dsInstancePort' : master.getPort(), 'dsInstanceDn' : master.getRootDn(), 'dsInstancePswd' : master.getRootPwd(), 'DNToModify' : 'ou=People,%s' % synchroSuffix, 'attributeName' : 'aci', 'newAttributeValue' : myAci, 'changetype' : 'delete' } '+++ New ACI +++\nNo aci in ou=People,%s.' % synchroSuffix 'Binding as "%s", compare telephonenumber:%s value to \ entry %s on server %s:%s. -- Expect: SUCCESS' % \ (myEntry.getDn(), myTelephonenumber, myTargetEntryDn, server.getHostname(), server.getPort()) { 'location' : server.getHostname(), 'dsPath' : serverPath, 'dsInstanceHost' : server.getHostname(), 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : myEntry.getDn(), 'dsInstancePswd' : myUserpassword, 'dsDn' : ['telephonenumber:%s' % \ myTelephonenumber, myTargetEntryDn] } [ clientHost, clientPath, master, consumerList, synchroSuffix ] '%s: Test failed. eInfo(%s)' % (eType,eInfo)