1   /*
2    *   Copyright 2004 The Apache Software Foundation
3    *
4    *   Licensed under the Apache License, Version 2.0 (the "License");
5    *   you may not use this file except in compliance with the License.
6    *   You may obtain a copy of the License at
7    *
8    *       http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *   Unless required by applicable law or agreed to in writing, software
11   *   distributed under the License is distributed on an "AS IS" BASIS,
12   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *   See the License for the specific language governing permissions and
14   *   limitations under the License.
15   *
16   */
17  package org.apache.ldap.server.operational;
18  
19  
20  import javax.naming.NamingEnumeration;
21  import javax.naming.NamingException;
22  import javax.naming.directory.Attribute;
23  import javax.naming.directory.Attributes;
24  import javax.naming.directory.BasicAttribute;
25  import javax.naming.directory.BasicAttributes;
26  import javax.naming.directory.DirContext;
27  import javax.naming.directory.SearchControls;
28  import javax.naming.directory.SearchResult;
29  
30  import org.apache.ldap.common.message.DerefAliasesEnum;
31  import org.apache.ldap.server.AbstractAdminTestCase;
32  
33  
34  /***
35   * Tests the methods on JNDI contexts that are analogous to entry modify
36   * operations in LDAP.
37   *
38   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
39   * @version $Rev: 264732 $
40   */
41  public class OperationalAttributeServiceTest extends AbstractAdminTestCase
42  {
43      private static final String CREATORS_NAME = "creatorsName";
44      private static final String CREATE_TIMESTAMP = "createTimestamp";
45  
46  
47      public void testModifyOperationalOpAttrs() throws NamingException
48      {
49          /*
50           * create ou=testing00,ou=system
51           */
52          Attributes attributes = new BasicAttributes( true );
53          Attribute attribute = new BasicAttribute( "objectClass" );
54          attribute.add( "top" );
55          attribute.add( "organizationalUnit" );
56          attributes.put( attribute );
57          attributes.put( "ou", "testing00" );
58          DirContext ctx = sysRoot.createSubcontext( "ou=testing00", attributes );
59          assertNotNull( ctx );
60  
61          ctx = ( DirContext ) sysRoot.lookup( "ou=testing00" );
62          assertNotNull( ctx );
63  
64          attributes = ctx.getAttributes( "" );
65          assertNotNull( attributes );
66          assertEquals( "testing00", attributes.get( "ou" ).get() );
67          attribute = attributes.get( "objectClass" );
68          assertNotNull( attribute );
69          assertTrue( attribute.contains( "top" ) );
70          assertTrue( attribute.contains( "organizationalUnit" ) );
71          assertNull( attributes.get( CREATE_TIMESTAMP ) );
72          assertNull( attributes.get( CREATORS_NAME ) );
73  
74          SearchControls ctls = new SearchControls();
75          ctls.setReturningAttributes( new String[]
76              { "ou", "createTimestamp", "creatorsName" } );
77  
78          sysRoot.addToEnvironment( DerefAliasesEnum.JNDI_PROP,
79                  DerefAliasesEnum.NEVERDEREFALIASES_NAME );
80          NamingEnumeration list;
81          list = sysRoot.search( "", "(ou=testing00)", ctls );
82          SearchResult result = ( SearchResult ) list.next();
83          list.close();
84  
85          assertNotNull( result.getAttributes().get( "ou" ) );
86          assertNotNull( result.getAttributes().get( CREATORS_NAME ) );
87          assertNotNull( result.getAttributes().get( CREATE_TIMESTAMP ) );
88      }
89  
90  
91      /***
92       * Checks to confirm that the system context root ou=system has the
93       * required operational attributes.  Since this is created automatically
94       * on system database creation properties the create attributes must be
95       * specified.  There are no interceptors in effect when this happens so
96       * we must test explicitly.
97       *
98       *
99       * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-57">DIREVE-57:
100      * ou=system does not contain operational attributes</a>
101      */
102     public void testSystemContextRoot() throws NamingException
103     {
104         SearchControls controls = new SearchControls();
105         controls.setSearchScope( SearchControls.OBJECT_SCOPE );
106         NamingEnumeration list;
107         list = sysRoot.search( "", "(objectClass=*)", controls );
108         SearchResult result = ( SearchResult ) list.next();
109 
110         // test to make sure op attribute do not occur - this is the control
111         Attributes attributes = result.getAttributes();
112         assertNull( attributes.get( "creatorsName" ) );
113         assertNull( attributes.get( "createTimestamp" ) );
114 
115         // now we ask for all the op attributes and check to get them
116         String[] ids = new String[] { "creatorsName", "createTimestamp" };
117         controls.setReturningAttributes( ids );
118         list = sysRoot.search( "", "(objectClass=*)", controls );
119         result = ( SearchResult ) list.next();
120         attributes = result.getAttributes();
121         assertNotNull( attributes.get( "creatorsName" ) );
122         assertNotNull( attributes.get( "createTimestamp" ) );
123     }
124 
125 
126     /***
127      * Test which confirms that all new users created under the user's dn
128      * (ou=users,ou=system) have the creatorsName set to the DN of the new
129      * user even though the admin is creating the user.  This is the basis
130      * for some authorization rules to protect passwords.
131      *
132      * NOTE THIS CHANGE WAS REVERTED SO WE ADAPTED THE TEST TO MAKE SURE THE
133      * CHANGE DOES NOT PERSIST!
134      *
135      * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-67">JIRA Issue DIREVE-67</a>
136      */
137     public void testConfirmNonAdminUserDnIsCreatorsName() throws NamingException
138     {
139         Attributes attributes = sysRoot.getAttributes( "uid=akarasulu,ou=users", new String[] { "creatorsName" } );
140         
141         assertFalse( "uid=akarasulu,ou=users,ou=system".equals( attributes.get( "creatorsName" ).get() ) );
142     }
143 }