1   /*
2    *   Copyright 2004 The Apache Software Foundation
3    *
4    *   Licensed under the Apache License, Version 2.0 (the "License");
5    *   you may not use this file except in compliance with the License.
6    *   You may obtain a copy of the License at
7    *
8    *       http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *   Unless required by applicable law or agreed to in writing, software
11   *   distributed under the License is distributed on an "AS IS" BASIS,
12   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *   See the License for the specific language governing permissions and
14   *   limitations under the License.
15   *
16   */
17  package org.apache.ldap.server.operational;
18  
19  
20  import org.apache.ldap.common.message.DerefAliasesEnum;
21  import org.apache.ldap.server.AbstractCoreTest;
22  
23  import javax.naming.NamingEnumeration;
24  import javax.naming.NamingException;
25  import javax.naming.directory.*;
26  
27  
28  /***
29   * Tests the methods on JNDI contexts that are analogous to entry modify
30   * operations in LDAP.
31   *
32   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
33   * @version $Rev: 165254 $
34   */
35  public class OperationalAttributeServiceTest extends AbstractCoreTest
36  {
37      private static final String CREATORS_NAME = "creatorsName";
38      private static final String CREATE_TIMESTAMP = "createTimestamp";
39  
40  
41      public void testModifyOperationalOpAttrs() throws NamingException
42      {
43          /*
44           * create ou=testing00,ou=system
45           */
46          Attributes attributes = new BasicAttributes();
47          Attribute attribute = new BasicAttribute( "objectClass" );
48          attribute.add( "top" );
49          attribute.add( "organizationalUnit" );
50          attributes.put( attribute );
51          attributes.put( "ou", "testing00" );
52          DirContext ctx = sysRoot.createSubcontext( "ou=testing00", attributes );
53          assertNotNull( ctx );
54  
55          ctx = ( DirContext ) sysRoot.lookup( "ou=testing00" );
56          assertNotNull( ctx );
57  
58          attributes = ctx.getAttributes( "" );
59          assertNotNull( attributes );
60          assertEquals( "testing00", attributes.get( "ou" ).get() );
61          attribute = attributes.get( "objectClass" );
62          assertNotNull( attribute );
63          assertTrue( attribute.contains( "top" ) );
64          assertTrue( attribute.contains( "organizationalUnit" ) );
65          assertNull( attributes.get( CREATE_TIMESTAMP ) );
66          assertNull( attributes.get( CREATORS_NAME ) );
67  
68          SearchControls ctls = new SearchControls();
69          ctls.setReturningAttributes( new String[]
70              { "ou", "createTimestamp", "creatorsName" } );
71  
72          sysRoot.addToEnvironment( DerefAliasesEnum.JNDI_PROP,
73                  DerefAliasesEnum.NEVERDEREFALIASES_NAME );
74          NamingEnumeration list;
75          list = sysRoot.search( "", "(ou=testing00)", ctls );
76          SearchResult result = ( SearchResult ) list.next();
77          list.close();
78  
79          System.out.println( result );
80  
81          assertNotNull( result.getAttributes().get( "ou" ) );
82          assertNotNull( result.getAttributes().get( CREATORS_NAME ) );
83          assertNotNull( result.getAttributes().get( CREATE_TIMESTAMP ) );
84      }
85  
86  
87      /***
88       * Checks to confirm that the system context root ou=system has the
89       * required operational attributes.  Since this is created automatically
90       * on system database creation properties the create attributes must be
91       * specified.  There are no interceptors in effect when this happens so
92       * we must test explicitly.
93       *
94       *
95       * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-57">DIREVE-57:
96       * ou=system does not contain operational attributes</a>
97       */
98      public void testSystemContextRoot() throws NamingException
99      {
100         SearchControls controls = new SearchControls();
101         controls.setSearchScope( SearchControls.OBJECT_SCOPE );
102         NamingEnumeration list;
103         list = sysRoot.search( "", "(objectClass=*)", controls );
104         SearchResult result = ( SearchResult ) list.next();
105 
106         // test to make sure op attribute do not occur - this is the control
107         Attributes attributes = result.getAttributes();
108         assertNull( attributes.get( "creatorsName" ) );
109         assertNull( attributes.get( "createTimestamp" ) );
110 
111         // now we ask for all the op attributes and check to get them
112         String[] ids = new String[] { "creatorsName", "createTimestamp" };
113         controls.setReturningAttributes( ids );
114         list = sysRoot.search( "", "(objectClass=*)", controls );
115         result = ( SearchResult ) list.next();
116         attributes = result.getAttributes();
117         assertNotNull( attributes.get( "creatorsName" ) );
118         assertNotNull( attributes.get( "createTimestamp" ) );
119     }
120 
121 
122     /***
123      * Test which confirms that all new users created under the user's dn
124      * (ou=users,ou=system) have the creatorsName set to the DN of the new
125      * user even though the admin is creating the user.  This is the basis
126      * for some authorization rules to protect passwords.
127      *
128      * NOTE THIS CHANGE WAS REVERTED SO WE ADAPTED THE TEST TO MAKE SURE THE
129      * CHANGE DOES NOT PERSIST!
130      *
131      * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-67">JIRA Issue DIREVE-67</a>
132      */
133     public void testConfirmNonAdminUserDnIsCreatorsName() throws NamingException
134     {
135         Attributes attributes = sysRoot.getAttributes( "uid=akarasulu,ou=users", new String[] { "creatorsName" } );
136         
137         assertFalse( "uid=akarasulu,ou=users,ou=system".equals( attributes.get( "creatorsName" ).get() ) );
138     }
139 }