'SASL External: configure : Enable subject DN to user attribute \ with blind trust' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'KeyMgr' : 'JKSPROVIDER', 'keystoreFile' : 'config/serverkeystore', 'keystorePin' : 'keystorepass', 'handlerName' : 'EXTERNAL', 'certMapper' : 'Subject DN to User Attribute', 'optionSaSL' : '--set certificate-validation-policy:always', 'certAlias' : 'server-cert2' } 'SASL External: Test subject DN : try to connect with user.200 \ certificate' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsUseSSL' : ' ' , 'dsTrustAll' : ' ' , 'dsUseSASLExternal': ' ', 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'dsKeyStorePassword' : 'clientkeystorepass', 'dsCertNickname' : 'client-200-cert', 'dsReportAuthzID' : ' ', 'dsBaseDN' : 'dc=com' , 'dsFilter' : 'uid=user.585' , 'dsAttributes' : 'givenName', 'expectedRC' : 49 } 'SASL External : Client certicate :Step 1. Generating user.250 \ client certificate' { 'certAlias' : 'client-250-cert' , 'dname' : "uid=user.250,ou=People,dc=com", 'keystore':'%s/client_cert/clientkeystore' %(InstanceInstallDir), 'storepass' : 'clientkeystorepass', 'keypass' : 'clientkeystorepass', 'storetype' : 'JKS' } 'SASL External: Client certicate :Step 2. Self-Signing user.250 \ client Certicate' { 'certAlias' : 'client-250-cert' , 'storepass' : 'clientkeystorepass', 'keypass' : 'clientkeystorepass', 'keystore':'%s/client_cert/clientkeystore' %(InstanceInstallDir), 'storetype' : 'JKS' } 'SASL External: export : export user.250 certificate' { 'certAlias' : 'client-250-cert' , 'keystore' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'storepass' : 'clientkeystorepass', 'outputfile' : '%s/client_cert/client-250-cert.txt' \ %(InstanceInstallDir), 'storetype' : 'JKS', 'format' : 'rfc' } { 'userdn' : 'uid=user.250,ou=People,dc=com', 'user_cert_file_rfc': '%s/client_cert/client-250-cert.txt' \ %(InstanceInstallDir), 'ldif_path' : '%s/client_cert/client-250-cert.ldif' \ %(InstanceInstallDir) } 'SASL External: configure : add ds-certificate-subject-dn \ attribute in user.250 entry' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsFilename' : '%s/%s' % (remote.data,addsubjectdnattribute), 'expectedRC' : 0 } 'SASL External: ldapcompare : compare different values' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsUseSSL' : ' ' , 'dsTrustAll' : ' ' , 'dsUseSASLExternal': ' ', 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'dsKeyStorePassword' : 'clientkeystorepass', 'dsCertNickname' : 'client-250-cert', 'dsDn' : ['street: 0901 Chestnut Street' ,'%s' \ %dncompare], 'expectedRC' : 5 } { 'returnString' : returnString , 'expectedString' : 'Compare operation returned false' } 'SASL External: ldapcompare :compare value is true' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsUseSSL' : ' ' , 'dsTrustAll' : ' ' , 'dsUseSASLExternal': ' ', 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'dsKeyStorePassword' : 'clientkeystorepass', 'dsCertNickname' : 'client-250-cert', 'dsDn' : ['street: 30901 Chestnut Street' ,'%s' \ %dncompare] } { 'returnString' : returnString , 'expectedString' : 'Compare operation returned true' } 'SASL External: configure : Enable subject SN to user attribute \ with TrustStore file' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'KeyMgr' : 'JKSPROVIDER', 'optionSaSL' : '--set certificate-validation-policy:always', 'keystoreFile' : 'config/serverkeystore', 'keystorePin' : 'keystorepass', 'trustMgr' : 'JKS', 'truststoreFile' : 'config/servertruststore', 'truststorePin' : 'truststorepass', 'handlerName' : 'EXTERNAL', 'certMapper' : 'Subject DN to User Attribute', 'certAlias' : 'server-cert2' } 'SASL External: ldapcompare :compare value true but certificate \ not in truststore' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsUseSSL' : ' ' , 'dsTrustAll' : ' ' , 'dsUseSASLExternal': ' ', 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'dsKeyStorePassword' : 'clientkeystorepass', 'dsCertNickname' : 'client-250-cert', 'dsDn' : ['street: 59000 Ridge Street' ,'%s' \ %dncompare] , 'expectedRC' : 81 } 'SASL External: import : import user.250 certificate to server \ truststore' { 'certAlias' : 'client-250-cert', 'inputfile' : '%s/client_cert/client-250-cert.txt'\ %(InstanceInstallDir), 'keystore' : '%s/config/servertruststore' %(InstanceInstallDir), 'storepass' : 'truststorepass', 'storetype' : 'JKS' } 'SASL External: restart LDAPS connection handler to re-read trustore' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'subcommand' : 'set-connection-handler-prop', 'objectType' : 'handler-name' , 'objectName' : 'LDAPS Connection Handler', 'optionsString' : '--set enabled:false' , 'expectedRC' : 0 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'subcommand' : 'set-connection-handler-prop', 'objectType' : 'handler-name' , 'objectName' : 'LDAPS Connection Handler', 'optionsString' : '--set enabled:true' , 'expectedRC' : 0 } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsUseSSL' : ' ' , 'dsTrustAll' : ' ' , 'dsUseSASLExternal': ' ', 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'dsKeyStorePassword' : 'clientkeystorepass', 'dsCertNickname' : 'client-250-cert', 'dsDn' : ['street: 3001 Chestnut Street' ,'%s' \ %dncompare], 'expectedRC' : 5 } { 'returnString' : returnString , 'expectedString' : 'Compare operation returned false' } 'SASL External: ldapcompare :compare true certificate not in \ truststore' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsUseSSL' : ' ' , 'dsTrustAll' : ' ' , 'dsUseSASLExternal': ' ', 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \ %(InstanceInstallDir), 'dsKeyStorePassword' : 'clientkeystorepass', 'dsCertNickname' : 'client-250-cert', 'dsDn' : ['street: 30901 Chestnut Street' ,'%s' \ %dncompare] } { 'returnString' : returnString , 'expectedString' : 'Compare operation returned true' }