'---- Configure the SASL EXTERNAL mechanism with Subject Attribute to User Attribute mapper -----' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'subcommand' : 'set-sasl-mechanism-handler-prop' , 'objectType' : 'handler-name' , 'objectName' : 'EXTERNAL', 'optionsString' : '--set certificate-mapper:"Subject Attribute to User Attribute"', 'expectedRC' : 0 } '---- Configure the Subject Attribute to User Attribute mapper -----' '---- Add a new mapping rule from attribute "uid" from certificate subject and attribute "description" of the user entry' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'subcommand' : 'set-certificate-mapper-prop' , 'objectType' : 'mapper-name' , 'objectName' : 'Subject Attribute to User Attribute', 'optionsString' : '--set subject-attribute-mapping:"uid:description"', 'expectedRC' : 0 } '----- Configure the attribute description for user %s ---' % USER_1_DN '----- the attribute description will map with the attribute "uid" of the certificate subject' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_1_DN, 'attributeName' : 'description', 'newAttributeValue' : USER_1_CERT, 'changetype' : 'add', 'expectedRC' : 0 } '----- Configure the attribute description for user %s ---' % USER_2_DN '----- the attribute description contains invalid value' '----- it will not map with the attribute "uid" of the certificate subject' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToModify' : USER_2_DN, 'attributeName' : 'description', 'newAttributeValue' : 'bad-certificate', 'changetype' : 'add', 'expectedRC' : 0 } '--- Check SSL communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_1_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseSSL' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 } '--- Check StartTLS communication with SASL EXTERNAL authentication' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_1_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 0 } { 'string2find' : USER_1_DN , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsFilter' : 'objectclass=*' , 'dsKeyStorePassword' : CLIENT_STOREPASS, 'dsUseStartTLS' : ' ', 'dsUseSASLExternal' : ' ', 'dsCertNickname' : USER_2_CERT, 'dsTrustStorePath' : CLIENT_KEYSTORE, 'dsKeyStorePath' : CLIENT_KEYSTORE, 'dsReportAuthzID' : ' ', 'dsScope' : 'base', 'expectedRC' : 49 }