1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.ldap.server.operational;
18
19
20 import javax.naming.NamingEnumeration;
21 import javax.naming.NamingException;
22 import javax.naming.directory.Attribute;
23 import javax.naming.directory.Attributes;
24 import javax.naming.directory.BasicAttribute;
25 import javax.naming.directory.BasicAttributes;
26 import javax.naming.directory.DirContext;
27 import javax.naming.directory.SearchControls;
28 import javax.naming.directory.SearchResult;
29
30 import org.apache.ldap.common.message.DerefAliasesEnum;
31 import org.apache.ldap.server.AbstractAdminTestCase;
32
33
34 /***
35 * Tests the methods on JNDI contexts that are analogous to entry modify
36 * operations in LDAP.
37 *
38 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
39 * @version $Rev: 264732 $
40 */
41 public class OperationalAttributeServiceTest extends AbstractAdminTestCase
42 {
43 private static final String CREATORS_NAME = "creatorsName";
44 private static final String CREATE_TIMESTAMP = "createTimestamp";
45
46
47 public void testModifyOperationalOpAttrs() throws NamingException
48 {
49
50
51
52 Attributes attributes = new BasicAttributes( true );
53 Attribute attribute = new BasicAttribute( "objectClass" );
54 attribute.add( "top" );
55 attribute.add( "organizationalUnit" );
56 attributes.put( attribute );
57 attributes.put( "ou", "testing00" );
58 DirContext ctx = sysRoot.createSubcontext( "ou=testing00", attributes );
59 assertNotNull( ctx );
60
61 ctx = ( DirContext ) sysRoot.lookup( "ou=testing00" );
62 assertNotNull( ctx );
63
64 attributes = ctx.getAttributes( "" );
65 assertNotNull( attributes );
66 assertEquals( "testing00", attributes.get( "ou" ).get() );
67 attribute = attributes.get( "objectClass" );
68 assertNotNull( attribute );
69 assertTrue( attribute.contains( "top" ) );
70 assertTrue( attribute.contains( "organizationalUnit" ) );
71 assertNull( attributes.get( CREATE_TIMESTAMP ) );
72 assertNull( attributes.get( CREATORS_NAME ) );
73
74 SearchControls ctls = new SearchControls();
75 ctls.setReturningAttributes( new String[]
76 { "ou", "createTimestamp", "creatorsName" } );
77
78 sysRoot.addToEnvironment( DerefAliasesEnum.JNDI_PROP,
79 DerefAliasesEnum.NEVERDEREFALIASES_NAME );
80 NamingEnumeration list;
81 list = sysRoot.search( "", "(ou=testing00)", ctls );
82 SearchResult result = ( SearchResult ) list.next();
83 list.close();
84
85 assertNotNull( result.getAttributes().get( "ou" ) );
86 assertNotNull( result.getAttributes().get( CREATORS_NAME ) );
87 assertNotNull( result.getAttributes().get( CREATE_TIMESTAMP ) );
88 }
89
90
91 /***
92 * Checks to confirm that the system context root ou=system has the
93 * required operational attributes. Since this is created automatically
94 * on system database creation properties the create attributes must be
95 * specified. There are no interceptors in effect when this happens so
96 * we must test explicitly.
97 *
98 *
99 * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-57">DIREVE-57:
100 * ou=system does not contain operational attributes</a>
101 */
102 public void testSystemContextRoot() throws NamingException
103 {
104 SearchControls controls = new SearchControls();
105 controls.setSearchScope( SearchControls.OBJECT_SCOPE );
106 NamingEnumeration list;
107 list = sysRoot.search( "", "(objectClass=*)", controls );
108 SearchResult result = ( SearchResult ) list.next();
109
110
111 Attributes attributes = result.getAttributes();
112 assertNull( attributes.get( "creatorsName" ) );
113 assertNull( attributes.get( "createTimestamp" ) );
114
115
116 String[] ids = new String[] { "creatorsName", "createTimestamp" };
117 controls.setReturningAttributes( ids );
118 list = sysRoot.search( "", "(objectClass=*)", controls );
119 result = ( SearchResult ) list.next();
120 attributes = result.getAttributes();
121 assertNotNull( attributes.get( "creatorsName" ) );
122 assertNotNull( attributes.get( "createTimestamp" ) );
123 }
124
125
126 /***
127 * Test which confirms that all new users created under the user's dn
128 * (ou=users,ou=system) have the creatorsName set to the DN of the new
129 * user even though the admin is creating the user. This is the basis
130 * for some authorization rules to protect passwords.
131 *
132 * NOTE THIS CHANGE WAS REVERTED SO WE ADAPTED THE TEST TO MAKE SURE THE
133 * CHANGE DOES NOT PERSIST!
134 *
135 * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-67">JIRA Issue DIREVE-67</a>
136 */
137 public void testConfirmNonAdminUserDnIsCreatorsName() throws NamingException
138 {
139 Attributes attributes = sysRoot.getAttributes( "uid=akarasulu,ou=users", new String[] { "creatorsName" } );
140
141 assertFalse( "uid=akarasulu,ou=users,ou=system".equals( attributes.get( "creatorsName" ).get() ) );
142 }
143 }