'---- Configure the SASL EXTERNAL mechanism -----' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'subcommand' : 'set-sasl-mechanism-handler-prop' , 'objectType' : 'handler-name' , 'objectName' : 'EXTERNAL', 'optionsString' : '--set certificate-mapper:"Fingerprint Mapper"', 'expectedRC' : 0 } { 'certAlias' : '%s' % USER_1_CERT, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE } 'MD5 fingerprint for %s is : %s ' % (USER_1_CERT,MD5_fingerprint_cert1) 'SHA1 fingerprint for %s is : %s ' % (USER_1_CERT,SHA1_fingerprint_cert1) { 'certAlias' : '%s' % USER_2_CERT, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE } 'MD5 fingerprint for %s is : %s ' % (USER_2_CERT,MD5_fingerprint_cert2) 'SHA1 fingerprint for %s is : %s ' % (USER_2_CERT,SHA1_fingerprint_cert2) '----- Configure the mapper to map MD5 fingerprint ' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'subcommand' : 'set-certificate-mapper-prop' , 'objectType' : 'mapper-name' , 'objectName' : 'fingerPrint Mapper', 'optionsString' : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:MD5', 'expectedRC' : 0 } '----- Configure the attribute ds-certificate-fingerprint for user %s ---' % USER_1_DN '----- ds-certificate-fingerprint is the MD5 fingerprint of the certificate %s ' % USER_1_CERT { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_1_DN, 'attributeName' : 'ds-certificate-fingerprint', 'newAttributeValue' : MD5_fingerprint_cert1, 'changetype' : 'add', 'expectedRC' : 0 } '----- Configure the attribute ds-certificate-fingerprint for user %s ---' % USER_2_DN '------ ds-certificate-fingerprint is the SHA1 fingerprint of the certificate %s ' % USER_2_CERT { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_2_DN, 'attributeName' : 'ds-certificate-fingerprint', 'newAttributeValue' : SHA1_fingerprint_cert2, 'changetype' : 'add', 'expectedRC' : 0 } '--- Check SSL communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_1_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '--- Check StartTLS communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_1_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '----- Configure the mapper to map SHA1 fingerprint ' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'subcommand' : 'set-certificate-mapper-prop' , 'objectType' : 'mapper-name' , 'objectName' : 'fingerPrint Mapper', 'optionsString' : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:SHA1', 'expectedRC' : 0 } '--- Check SSL communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_2_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '--- Check StartTLS communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_2_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_1_DN, 'attributeName' : 'ds-certificate-fingerprint', 'newAttributeValue' : MD5_fingerprint_cert1, 'changetype' : 'delete', 'expectedRC' : 0 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_2_DN, 'attributeName' : 'ds-certificate-fingerprint', 'newAttributeValue' : SHA1_fingerprint_cert2, 'changetype' : 'delete', 'expectedRC' : 0 } { 'certAlias' : '%s' % USER_1_CERT, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE } 'MD5 fingerprint for %s is : %s ' % (USER_1_CERT,MD5_fingerprint_cert1) 'SHA1 fingerprint for %s is : %s ' % (USER_1_CERT,SHA1_fingerprint_cert1) { 'certAlias' : '%s' % USER_2_CERT, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE } 'MD5 fingerprint for %s is : %s ' % (USER_2_CERT,MD5_fingerprint_cert2) 'SHA1 fingerprint for %s is : %s ' % (USER_2_CERT,SHA1_fingerprint_cert2) '----- Configure the mapper to map MD5 fingerprint on the attribute description' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config', 'listAttributes' : listAttr, 'changetype' : 'replace', 'expectedRC' : 0 } '----- Configure the attribute description for user %s ---' % USER_1_DN '----- description is the MD5 fingerprint of the certificate %s ' % USER_1_CERT { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_1_DN, 'attributeName' : 'description', 'newAttributeValue' : MD5_fingerprint_cert1, 'changetype' : 'add', 'expectedRC' : 0 } '----- Configure the attribute description for user %s ---' % USER_2_DN '------ description is the SHA1 fingerprint of the certificate %s ' % USER_2_CERT { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_2_DN, 'attributeName' : 'description', 'newAttributeValue' : SHA1_fingerprint_cert2, 'changetype' : 'add' , 'expectedRC' : 0 } '--- Check SSL communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_1_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '--- Check StartTLS communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_1_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '----- Configure the mapper to map SHA1 fingerprint on the attributes description' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config', 'listAttributes' : listAttr, 'changetype' : 'replace', 'expectedRC' : 0 } '--- Check SSL communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_2_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '--- Check StartTLS communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_2_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_1_DN, 'attributeName' : 'description', 'newAttributeValue' : MD5_fingerprint_cert1, 'changetype' : 'delete', 'expectedRC' : 0 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_2_DN, 'attributeName' : 'description', 'newAttributeValue' : SHA1_fingerprint_cert2, 'changetype' : 'delete', 'expectedRC' : 0 }