/**
   * Tests the second constructor, which creates an instance of the control using a processed DN.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testConstructor2() throws Exception {
    // Try a DN of "null", which is not valid and will fail on the attempt to
    // create the control
    ProxiedAuthV1Control proxyControl;
    try {
      proxyControl = new ProxiedAuthV1Control((DN) null);
      throw new AssertionError(
          "Expected a failure when creating a proxied "
              + "auth V1 control with a null octet string.");
    } catch (Throwable t) {
    }

    // Try an empty DN, which is acceptable.
    proxyControl = new ProxiedAuthV1Control(DN.nullDN());
    assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
    assertTrue(proxyControl.isCritical());
    assertTrue(proxyControl.getAuthorizationDN().isNullDN());

    // Try a valid DN, which is acceptable.
    proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
    assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
    assertTrue(proxyControl.isCritical());
    assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
  }
  @BeforeClass()
  public void setUp() throws Exception {
    TestCaseUtils.startServer();
    TestCaseUtils.clearJEBackend(false, "userRoot", SUFFIX);

    InternalClientConnection connection = InternalClientConnection.getRootConnection();

    // Add suffix entry.
    DN suffixDN = DN.decode(SUFFIX);
    if (DirectoryServer.getEntry(suffixDN) == null) {
      Entry suffixEntry = StaticUtils.createEntry(suffixDN);
      AddOperation addOperation =
          connection.processAdd(
              suffixEntry.getDN(),
              suffixEntry.getObjectClasses(),
              suffixEntry.getUserAttributes(),
              suffixEntry.getOperationalAttributes());
      assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
      assertNotNull(DirectoryServer.getEntry(suffixEntry.getDN()));
    }

    // Add base entry.
    DN baseDN = DN.decode(BASE);
    if (DirectoryServer.getEntry(baseDN) == null) {
      Entry baseEntry = StaticUtils.createEntry(baseDN);
      AddOperation addOperation =
          connection.processAdd(
              baseEntry.getDN(),
              baseEntry.getObjectClasses(),
              baseEntry.getUserAttributes(),
              baseEntry.getOperationalAttributes());
      assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
      assertNotNull(DirectoryServer.getEntry(baseEntry.getDN()));
    }

    // Add test entry.
    Entry testEntry =
        TestCaseUtils.makeEntry(
            "dn: uid=rogasawara," + BASE,
            "objectclass: top",
            "objectclass: person",
            "objectclass: organizationalPerson",
            "objectclass: inetOrgPerson",
            "uid: rogasawara",
            "userpassword: password",
            "mail: [email protected]",
            "givenname: Rodney",
            "sn: Ogasawara",
            "cn: Rodney Ogasawara",
            "title: Sales, Director");
    AddOperation addOperation =
        connection.processAdd(
            testEntry.getDN(),
            testEntry.getObjectClasses(),
            testEntry.getUserAttributes(),
            testEntry.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(DirectoryServer.getEntry(testEntry.getDN()));
  }
  /**
   * Tests the constructor with non-null DN.
   *
   * @throws Exception If the test failed unexpectedly.
   */
  @Test
  public void testConstructorNonNullDN() throws Exception {
    DN testDN1 = DN.decode("dc=hello, dc=world");
    DN testDN2 = DN.decode("dc=hello, dc=world");

    DeleteChangeRecordEntry entry = new DeleteChangeRecordEntry(testDN1);

    Assert.assertEquals(entry.getDN(), testDN2);
  }
  /**
   * Tests the {@code getAuthorizationDN} and {@code setRawAuthorizationDN} methods.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testGetAndSetAuthorizationDN() throws Exception {
    ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.nullDN());
    assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf(""));
    assertEquals(proxyControl.getAuthorizationDN(), DN.nullDN());

    proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
    assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("uid=test,o=test"));
    assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
  }
  /**
   * Verifies that the server will reject a CRAM-MD5 bind with credentials containing a malformed
   * digest.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testMalformedDigest() throws Exception {
    InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
    BindOperation bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, null);
    assertEquals(bindOperation.getResultCode(), ResultCode.SASL_BIND_IN_PROGRESS);

    ByteString creds = ByteString.valueOf("dn:cn=Directory Manager malformeddigest");
    bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, creds);
    assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
  }
示例#6
0
  /**
   * Creates a new DN representing the specified managed object path and relation.
   *
   * @param path The managed object path.
   * @param relation The child relation.
   * @return Returns a new DN representing the specified managed object path and relation.
   */
  public static DN create(ManagedObjectPath<?, ?> path, RelationDefinition<?, ?> relation) {
    DN dn = path.toDN();

    try {
      LDAPProfile profile = LDAPProfile.getInstance();
      DN localName = DN.decode(profile.getRelationRDNSequence(relation));
      return dn.concat(localName);
    } catch (DirectoryException e) {
      throw new RuntimeException(e);
    }
  }
  /**
   * Tests the willMatchAfterBind method.
   *
   * @param isSecure Indicates if the client is using a secured connection.
   * @param criteria The security criteria.
   * @param expectedResult The expected result.
   * @throws Exception If an unexpected exception occurred.
   */
  @Test(dataProvider = "testData")
  public void testWillMatchAfterBind(
      boolean isSecure, SecurityConnectionCriteria criteria, boolean expectedResult)
      throws Exception {
    ClientConnection client =
        new MockClientConnection(12345, false, DN.nullDN(), AllowedAuthMethod.ANONYMOUS);

    Assert.assertEquals(
        criteria.willMatchAfterBind(client, DN.nullDN(), AuthenticationType.SIMPLE, isSecure),
        expectedResult);
  }
 /**
  * Creates a new instance of this change notification listener.
  *
  * @throws DirectoryException If a problem occurs while creating an instance of this class
  */
 public TestChangeNotificationListener() throws DirectoryException {
   super(
       DN.decode("cn=TestChangeNotificationListener"),
       EnumSet.of(
           POST_RESPONSE_ADD, POST_RESPONSE_MODIFY, POST_RESPONSE_MODIFY_DN, POST_RESPONSE_DELETE),
       true);
 }
  /**
   * Tests performing an internal search using the server-side sort control with an undefined
   * ordering rule.
   *
   * @throws Exception If an unexpected problem occurred.
   */
  @Test()
  public void testInternalSearchUndefinedOrderingRule() throws Exception {
    populateDB();

    InternalClientConnection conn = InternalClientConnection.getRootConnection();

    ArrayList<Control> requestControls = new ArrayList<Control>();
    requestControls.add(new ServerSideSortRequestControl(true, "givenName:undefinedOrderingMatch"));

    InternalSearchOperation internalSearch =
        new InternalSearchOperation(
            conn,
            InternalClientConnection.nextOperationID(),
            InternalClientConnection.nextMessageID(),
            requestControls,
            DN.decode("dc=example,dc=com"),
            SearchScope.WHOLE_SUBTREE,
            DereferencePolicy.NEVER_DEREF_ALIASES,
            0,
            0,
            false,
            SearchFilter.createFilterFromString("(objectClass=person)"),
            null,
            null);

    internalSearch.run();
    assertFalse(internalSearch.getResultCode() == ResultCode.SUCCESS);
  }
  /**
   * Tests performing an internal search using the CRITICAL server-side sort control with an
   * undefined attribute type.
   *
   * @throws Exception If an unexpected problem occurred.
   */
  @Test()
  public void testCriticalSortWithUndefinedAttribute() throws Exception {
    populateDB();

    InternalClientConnection conn = InternalClientConnection.getRootConnection();

    ArrayList<Control> requestControls = new ArrayList<Control>();
    requestControls.add(new ServerSideSortRequestControl(true, "undefined"));

    InternalSearchOperation internalSearch =
        new InternalSearchOperation(
            conn,
            InternalClientConnection.nextOperationID(),
            InternalClientConnection.nextMessageID(),
            requestControls,
            DN.decode("dc=example,dc=com"),
            SearchScope.WHOLE_SUBTREE,
            DereferencePolicy.NEVER_DEREF_ALIASES,
            0,
            0,
            false,
            SearchFilter.createFilterFromString("(objectClass=person)"),
            null,
            null);

    internalSearch.run();
    assertEquals(internalSearch.getResultCode(), ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
  }
示例#11
0
  // We initialize these for each new AciHandler so that we can clear
  // out the stale references that can occur during an in-core restart.
  private static void initStatics() {
    if ((aciType = DirectoryServer.getAttributeType("aci")) == null) {
      aciType = DirectoryServer.getDefaultAttributeType("aci");
    }

    if ((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) {
      globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
    }

    if ((debugSearchIndex =
            DirectoryServer.getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX))
        == null) {
      debugSearchIndex =
          DirectoryServer.getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
    }

    if ((refAttrType = DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null) {
      refAttrType = DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL);
    }
    try {
      debugSearchIndexDN = DN.decode("cn=debugsearch");
    } catch (DirectoryException ex) {
      // Should never happen.
    }
  }
示例#12
0
  /**
   * Attempt to read a single entry.
   *
   * @throws Exception If the test failed unexpectedly.
   */
  @Test(dependsOnMethods = {"testReadEntryEmptyStream"})
  public void testReadEntrySingle() throws Exception {
    final String ldifString =
        "dn: cn=john, dc=foo, dc=com\n"
            + "objectClass: top\n"
            + "objectClass: person\n"
            + "cn: john\n"
            + "sn: smith\n";

    LDIFReader reader = createLDIFReader(ldifString);

    try {
      Entry entry = reader.readEntry();
      Assert.assertNotNull(entry);

      Assert.assertEquals(entry.getDN(), DN.decode("cn=john, dc=foo, dc=com"));
      Assert.assertTrue(entry.hasObjectClass(OC_TOP));
      Assert.assertTrue(entry.hasObjectClass(OC_PERSON));
      Assert.assertTrue(entry.hasValue(AT_CN, null, AttributeValues.create(AT_CN, "john")));
      Assert.assertTrue(entry.hasValue(AT_SN, null, AttributeValues.create(AT_SN, "smith")));

      Assert.assertNull(reader.readEntry());

      Assert.assertEquals(reader.getEntriesIgnored(), 0);
      Assert.assertEquals(reader.getEntriesRead(), 1);
      Assert.assertEquals(reader.getEntriesRejected(), 0);
      Assert.assertEquals(reader.getLastEntryLineNumber(), 1);
    } finally {
      reader.close();
    }
  }
 /**
  * Verifies that the server will reject a CRAM-MD5 bind in which the first message contains SASL
  * credentials (which isn't allowed).
  *
  * @throws Exception If an unexpected problem occurs.
  */
 @Test()
 public void testOutOfSequenceBind() throws Exception {
   InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
   BindOperation bindOperation =
       conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, ByteString.valueOf("invalid"));
   assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
 }
  /**
   * Tests whether an Unauthenticated BIND request will be allowed with the default configuration
   * settings for "ds-cfg-reject-unauthenticated-requests".
   */
  @Test()
  public void testUnauthBindDefCfg() {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
    BindOperation bindOperation = conn.processSimpleBind(DN.nullDN(), null);
    assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
  }
  /**
   * Tests the {@code getValidatedAuthorizationDN} method for a user that doesn't exist in the
   * directory data.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test(expectedExceptions = {DirectoryException.class})
  public void testGetValidatedAuthorizationNonExistingNormalUser() throws Exception {
    TestCaseUtils.initializeTestBackend(true);

    ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));

    proxyControl.getAuthorizationEntry();
  }
示例#16
0
  /**
   * Generates an entry for a backup directory based on the provided DN. The DN must contain an RDN
   * component that specifies the path to the backup directory, and that directory must exist and be
   * a valid backup directory.
   *
   * @param entryDN The DN of the backup directory entry to retrieve.
   * @return The requested backup directory entry.
   * @throws DirectoryException If the specified directory does not exist or is not a valid backup
   *     directory, or if the DN does not specify any backup directory.
   */
  private Entry getBackupDirectoryEntry(DN entryDN) throws DirectoryException {
    // Make sure that the DN specifies a backup directory.
    AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true);
    AttributeValue v = entryDN.getRDN().getAttributeValue(t);
    if (v == null) {
      Message message = ERR_BACKUP_DN_DOES_NOT_SPECIFY_DIRECTORY.get(String.valueOf(entryDN));
      throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message, backupBaseDN, null);
    }

    // Get a handle to the backup directory and the information that it
    // contains.
    BackupDirectory backupDirectory;
    try {
      backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString());
    } catch (ConfigException ce) {
      if (debugEnabled()) {
        TRACER.debugCaught(DebugLogLevel.ERROR, ce);
      }

      Message message =
          ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessage());
      throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
    } catch (Exception e) {
      if (debugEnabled()) {
        TRACER.debugCaught(DebugLogLevel.ERROR, e);
      }

      Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e));
      throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
    }

    // Construct the backup directory entry to return.
    LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(2);
    ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);

    ObjectClass backupDirOC = DirectoryServer.getObjectClass(OC_BACKUP_DIRECTORY, true);
    ocMap.put(backupDirOC, OC_BACKUP_DIRECTORY);

    LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
        new LinkedHashMap<AttributeType, List<Attribute>>(0);
    LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
        new LinkedHashMap<AttributeType, List<Attribute>>(3);

    ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
    attrList.add(Attributes.create(t, v));
    userAttrs.put(t, attrList);

    t = DirectoryServer.getAttributeType(ATTR_BACKUP_BACKEND_DN, true);
    attrList = new ArrayList<Attribute>(1);
    attrList.add(
        Attributes.create(
            t, AttributeValues.create(t, backupDirectory.getConfigEntryDN().toString())));
    userAttrs.put(t, attrList);

    Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs);
    e.processVirtualAttributes();
    return e;
  }
  /**
   * Tests the {@code getValidatedAuthorizationDN} method for a normal user that exists in the
   * directory data and doesn't have any restrictions on its use.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testGetValidatedAuthorizationExistingNormalUser() throws Exception {
    TestCaseUtils.initializeTestBackend(true);
    TestCaseUtils.addEntry(
        "dn: uid=test,o=test",
        "objectClass: top",
        "objectClass: person",
        "objectClass: organizationalPerson",
        "objectClass: inetOrgPerson",
        "uid: test",
        "givenName: Test",
        "sn: User",
        "cn: Test User");

    ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));

    assertEquals(proxyControl.getAuthorizationEntry().getDN(), DN.decode("uid=test,o=test"));
  }
  /**
   * Tests the matches method.
   *
   * @param isSecure Indicates if the client is using a secured connection.
   * @param criteria The security criteria.
   * @param expectedResult The expected result.
   * @throws Exception If an unexpected exception occurred.
   */
  @Test(dataProvider = "testData")
  public void testMatches(
      boolean isSecure, SecurityConnectionCriteria criteria, boolean expectedResult)
      throws Exception {
    ClientConnection client =
        new MockClientConnection(12345, isSecure, DN.nullDN(), AllowedAuthMethod.ANONYMOUS);

    Assert.assertEquals(criteria.matches(client), expectedResult);
  }
  /**
   * Tests the {@code toString} methods.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testToString() throws Exception {
    // The default toString() calls the version that takes a string builder
    // argument, so we only need to use the default version to cover both cases.
    ProxiedAuthV1Control proxyControl =
        new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
    proxyControl.toString();

    proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
    proxyControl.toString();
  }
示例#20
0
  /** {@inheritDoc} */
  @Override
  public Entry getEntry(DN entryDN) throws DirectoryException {
    // If the requested entry was null, then throw an exception.
    if (entryDN == null) {
      throw new DirectoryException(
          DirectoryServer.getServerErrorResultCode(),
          ERR_BACKEND_GET_ENTRY_NULL.get(getBackendID()));
    }

    // If the requested entry was the backend base entry, then retrieve it.
    if (entryDN.equals(backupBaseDN)) {
      return backupBaseEntry.duplicate(true);
    }

    // See if the requested entry was one level below the backend base entry.
    // If so, then it must point to a backup directory.  Otherwise, it must be
    // two levels below the backup base entry and must point to a specific
    // backup.
    DN parentDN = entryDN.getParentDNInSuffix();
    if (parentDN == null) {
      Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN));
      throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message);
    } else if (parentDN.equals(backupBaseDN)) {
      return getBackupDirectoryEntry(entryDN);
    } else if (backupBaseDN.equals(parentDN.getParentDNInSuffix())) {
      return getBackupEntry(entryDN);
    } else {
      Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN));
      throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, backupBaseDN, null);
    }
  }
  /**
   * Tests the {@code decodeControl} method when the control value is a valid octet string that
   * contains an valid non-empty DN.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testDecodeControlValueNonEmptyDN() throws Exception {
    ByteStringBuilder bsb = new ByteStringBuilder();
    ASN1Writer writer = ASN1.getWriter(bsb);
    writer.writeStartSequence();
    writer.writeOctetString("uid=test,o=test");
    writer.writeEndSequence();
    LDAPControl c = new LDAPControl(OID_PROXIED_AUTH_V1, true, bsb.toByteString());

    ProxiedAuthV1Control proxyControl =
        ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue());
    assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
  }
  /** {@inheritDoc} */
  public boolean isConfigurationChangeAcceptable(
      RootDNUserCfg configuration, List<Message> unacceptableReasons) {
    boolean configAcceptable = true;

    // There must not be any new alternate bind DNs that are already in use by
    // other root users.
    for (DN altBindDN : configuration.getAlternateBindDN()) {
      DN existingRootDN = DirectoryServer.getActualRootBindDN(altBindDN);
      if ((existingRootDN != null) && (!existingRootDN.equals(configuration.dn()))) {
        Message message =
            ERR_CONFIG_ROOTDN_CONFLICTING_MAPPING.get(
                String.valueOf(altBindDN),
                String.valueOf(configuration.dn()),
                String.valueOf(existingRootDN));
        unacceptableReasons.add(message);

        configAcceptable = false;
      }
    }

    return configAcceptable;
  }
  /**
   * Tests performing an internal search using the VLV control to retrieve a subset of the entries
   * using an assertion value that is after all values in the list.
   *
   * @throws Exception If an unexpected problem occurred.
   */
  @Test()
  public void testInternalSearchByValueAfterAll() throws Exception {
    populateDB();

    InternalClientConnection conn = InternalClientConnection.getRootConnection();

    ArrayList<Control> requestControls = new ArrayList<Control>();
    requestControls.add(new ServerSideSortRequestControl("sn"));
    requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("zz")));

    InternalSearchOperation internalSearch =
        new InternalSearchOperation(
            conn,
            InternalClientConnection.nextOperationID(),
            InternalClientConnection.nextMessageID(),
            requestControls,
            DN.decode("dc=example,dc=com"),
            SearchScope.WHOLE_SUBTREE,
            DereferencePolicy.NEVER_DEREF_ALIASES,
            0,
            0,
            false,
            SearchFilter.createFilterFromString("(objectClass=person)"),
            null,
            null);

    internalSearch.run();

    // It will be successful because the control isn't critical.
    assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);

    List<Control> responseControls = internalSearch.getResponseControls();
    assertNotNull(responseControls);

    VLVResponseControl vlvResponse = null;
    for (Control c : responseControls) {
      if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
        if (c instanceof LDAPControl) {
          vlvResponse =
              VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
        } else {
          vlvResponse = (VLVResponseControl) c;
        }
      }
    }

    assertNotNull(vlvResponse);
    assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS);
    assertEquals(vlvResponse.getTargetPosition(), 10);
    assertEquals(vlvResponse.getContentCount(), 9);
  }
  /**
   * Make sure that the server is running.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @BeforeClass()
  public void startServer() throws Exception {
    TestCaseUtils.startServer();

    givenNameType = DirectoryServer.getAttributeType("givenname", false);
    assertNotNull(givenNameType);

    snType = DirectoryServer.getAttributeType("sn", false);
    assertNotNull(snType);

    aaccfJohnsonDN = DN.decode("uid=aaccf.johnson,dc=example,dc=com");
    aaronZimmermanDN = DN.decode("uid=aaron.zimmerman,dc=example,dc=com");
    albertSmithDN = DN.decode("uid=albert.smith,dc=example,dc=com");
    albertZimmermanDN = DN.decode("uid=albert.zimmerman,dc=example,dc=com");
    lowercaseMcGeeDN = DN.decode("uid=lowercase.mcgee,dc=example,dc=com");
    margaretJonesDN = DN.decode("uid=margaret.jones,dc=example,dc=com");
    maryJonesDN = DN.decode("uid=mary.jones,dc=example,dc=com");
    samZweckDN = DN.decode("uid=sam.zweck,dc=example,dc=com");
    zorroDN = DN.decode("uid=zorro,dc=example,dc=com");
  }
  private Object[] generateValues(String password) throws Exception {
    ByteString bytePassword = ByteString.valueOf(password);
    SaltedMD5PasswordStorageScheme scheme = new SaltedMD5PasswordStorageScheme();

    ConfigEntry configEntry =
        DirectoryServer.getConfigEntry(
            DN.decode("cn=Salted MD5,cn=Password Storage Schemes,cn=config"));

    SaltedMD5PasswordStorageSchemeCfg configuration =
        AdminTestCaseUtils.getConfiguration(
            SaltedMD5PasswordStorageSchemeCfgDefn.getInstance(), configEntry.getEntry());

    scheme.initializePasswordStorageScheme(configuration);

    ByteString encodedAuthPassword = scheme.encodePasswordWithScheme(bytePassword);

    return new Object[] {encodedAuthPassword.toString(), password, true};
  }
  /**
   * Tests whether authenticated and unauthenticated BIND requests will be allowed with the new
   * configuration settings for "ds-cfg-reject-unauthenticated-requests" .
   */
  @Test
  public void testBindNewCfg() {
    try {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
      ByteString user = ByteString.valueOf("cn=Directory Manager");
      ByteString password = ByteString.valueOf("password");
      // Unauthenticated BIND request.
      BindOperation bindOperation = conn.processSimpleBind(DN.nullDN(), null);
      assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
      // Authenticated BIND request.
      bindOperation = conn.processSimpleBind(user, password);
      assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
    } finally {
      DirectoryServer.setRejectUnauthenticatedRequests(false);
    }
  }
示例#27
0
 /**
  * Process all global ACI attribute types found in the configuration entry and adds them to that
  * ACI list cache. It also logs messages about the number of ACI attribute types added to the
  * cache. This method is called once at startup. It also will put the server into lockdown mode if
  * needed.
  *
  * @param configuration The config handler containing the ACI configuration information.
  * @throws InitializationException If there is an error reading the global ACIs from the
  *     configuration entry.
  */
 private void processGlobalAcis(DseeCompatAccessControlHandlerCfg configuration)
     throws InitializationException {
   SortedSet<Aci> globalAcis = configuration.getGlobalACI();
   try {
     if (globalAcis != null) {
       aciList.addAci(DN.nullDN(), globalAcis);
       Message message = INFO_ACI_ADD_LIST_GLOBAL_ACIS.get(Integer.toString(globalAcis.size()));
       logError(message);
     }
   } catch (Exception e) {
     if (debugEnabled()) {
       TRACER.debugCaught(DebugLogLevel.ERROR, e);
     }
     Message message =
         INFO_ACI_HANDLER_FAIL_PROCESS_GLOBAL_ACI.get(String.valueOf(configuration.dn()));
     throw new InitializationException(message, e);
   }
 }
  /**
   * Tests the {@code getValidatedAuthorizationDN} method for a disabled user.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test(expectedExceptions = {DirectoryException.class})
  public void testGetValidatedAuthorizationDisabledUser() throws Exception {
    TestCaseUtils.initializeTestBackend(true);
    TestCaseUtils.addEntry(
        "dn: uid=test,o=test",
        "objectClass: top",
        "objectClass: person",
        "objectClass: organizationalPerson",
        "objectClass: inetOrgPerson",
        "uid: test",
        "givenName: Test",
        "sn: User",
        "cn: Test User",
        "ds-pwp-account-disabled: true");

    ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));

    proxyControl.getAuthorizationEntry();
  }
  /**
   * Tests performing an internal search using the non-critical server-side sort control to sort the
   * entries
   *
   * @throws Exception If an unexpected problem occurred.
   */
  @Test()
  public void testNonCriticalSortWithUndefinedAttribute() throws Exception {
    populateDB();
    InternalClientConnection conn = InternalClientConnection.getRootConnection();

    ArrayList<Control> requestControls = new ArrayList<Control>();
    requestControls.add(new ServerSideSortRequestControl(false, "bad_sort:caseExactOrderingMatch"));

    InternalSearchOperation internalSearch =
        new InternalSearchOperation(
            conn,
            InternalClientConnection.nextOperationID(),
            InternalClientConnection.nextMessageID(),
            requestControls,
            DN.decode("dc=example,dc=com"),
            SearchScope.WHOLE_SUBTREE,
            DereferencePolicy.NEVER_DEREF_ALIASES,
            0,
            0,
            false,
            SearchFilter.createFilterFromString("(objectClass=person)"),
            null,
            null);

    internalSearch.run();
    assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
    List<Control> responseControls = internalSearch.getResponseControls();
    assertNotNull(responseControls);
    assertEquals(responseControls.size(), 1);

    ServerSideSortResponseControl responseControl;
    Control c = responseControls.get(0);
    if (c instanceof ServerSideSortResponseControl) {
      responseControl = (ServerSideSortResponseControl) c;
    } else {
      responseControl =
          ServerSideSortResponseControl.DECODER.decode(
              c.isCritical(), ((LDAPControl) c).getValue());
    }
    assertEquals(responseControl.getResultCode(), 16);
  }
  /** {@inheritDoc} */
  @Override
  public VirtualStaticGroup newInstance(ServerContext serverContext, Entry groupEntry)
      throws DirectoryException {
    ifNull(groupEntry);

    // Get the target group DN attribute from the entry, if there is one.
    DN targetDN = null;
    AttributeType targetType = DirectoryServer.getAttributeType(ATTR_TARGET_GROUP_DN, true);
    List<Attribute> attrList = groupEntry.getAttribute(targetType);
    if (attrList != null) {
      for (Attribute a : attrList) {
        for (ByteString v : a) {
          if (targetDN != null) {
            LocalizableMessage message =
                ERR_VIRTUAL_STATIC_GROUP_MULTIPLE_TARGETS.get(groupEntry.getName());
            throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, message);
          }

          try {
            targetDN = DN.decode(v);
          } catch (DirectoryException de) {
            logger.traceException(de);

            LocalizableMessage message =
                ERR_VIRTUAL_STATIC_GROUP_CANNOT_DECODE_TARGET.get(
                    v, groupEntry.getName(), de.getMessageObject());
            throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message, de);
          }
        }
      }
    }

    if (targetDN == null) {
      LocalizableMessage message = ERR_VIRTUAL_STATIC_GROUP_NO_TARGET.get(groupEntry.getName());
      throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, message);
    }

    return new VirtualStaticGroup(groupEntry.getName(), targetDN);
  }