From d263bd41696214ad4216ad3cb0786926cd0d736a Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Thu, 16 Jul 2026 17:54:43 +0300 Subject: [PATCH] Run the LDAP connector tests against an embedded OpenDJ The module had surefire skip=true since the ForgeRock era, so none of its tests ran, and LdapConnectorTestBase expected a pre-built OpenDS instance on the test classpath that is no longer in the repository. Set the instance up at run time from the OpenDJ distribution archive instead: configure it, import data.ldif and MakeLDIF-generated Big Company entries, enable replication so it serves the external change log, then restore a pristine copy for each test that asks for a restart. 159 tests now run, up from none. Bump OpenDJ to 5.1.2-SNAPSHOT, which carries the fix for cn=changelog searches failing when aliases are dereferenced (OpenDJ #737); the sync tests read that change log over JNDI, which dereferences aliases by default. Update the expectations that had drifted while the tests were skipped: the server is OpenDJ rather than OpenDS/Sun DSEE, useBlocks defaults to false so searches over the size limit have to ask for blocks, add maps to CREATE and modify/modrdn to UPDATE since the ICF 1.4 upgrade, an add is attributed to creatorsName rather than modifiersName, sync() hands its token back through a SyncTokenResultsHandler, __SERVER_INFO__ is not an LDAP object class, and OpenDJ computes VLV offsets exactly so the Sun DSEE overlap workaround cannot be exercised. testSyncNotSupported becomes testSyncSupported: OpenDJ serves the change log, so the connector reports sync as supported, now proven end to end. Also fix BlindTrustManager.getAcceptedIssuers() returning null, which aborts the TLS handshake once the provider is installed JVM-wide, and drop the reference to a non-existent testng.xml suite file. No product code is changed. --- OpenICF-ldap-connector/opends/config.ldif | 2016 ----------------- OpenICF-ldap-connector/opends/keystore.pin | 1 - OpenICF-ldap-connector/pom.xml | 34 +- .../ldap/BlindTrustProvider.java | 5 +- .../ldap/LdapConfigurationTests.java | 3 +- .../ldap/LdapConnectionTests.java | 4 +- .../ldap/LdapConnectorTestBase.java | 394 +++- .../ldap/SunDSTestBase.java | 32 +- .../ldap/schema/LdapSchemaMappingTests.java | 18 +- .../ldap/search/LdapSearchTests.java | 14 +- .../search/VlvIndexSearchStrategyTests.java | 64 +- .../SunDSChangeLogSyncStrategyTests.java | 58 +- .../test/resources}/opends/admin.ldif | 19 + .../resources}/opends/bigcompany.template | 14 +- .../{ => src/test/resources}/opends/data.ldif | 0 .../test/resources/opends/test-config.ldif | 112 + pom.xml | 3 +- 17 files changed, 612 insertions(+), 2179 deletions(-) delete mode 100644 OpenICF-ldap-connector/opends/config.ldif delete mode 100644 OpenICF-ldap-connector/opends/keystore.pin rename OpenICF-ldap-connector/{ => src/test/resources}/opends/admin.ldif (63%) rename OpenICF-ldap-connector/{ => src/test/resources}/opends/bigcompany.template (78%) rename OpenICF-ldap-connector/{ => src/test/resources}/opends/data.ldif (100%) create mode 100644 OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif diff --git a/OpenICF-ldap-connector/opends/config.ldif b/OpenICF-ldap-connector/opends/config.ldif deleted file mode 100644 index 6f3bf985..00000000 --- a/OpenICF-ldap-connector/opends/config.ldif +++ /dev/null @@ -1,2016 +0,0 @@ -# -- START LICENSE -# ==================== -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. -# -# Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. -# -# The contents of this file are subject to the terms of the Common Development -# and Distribution License("CDDL") (the "License"). You may not use this file -# except in compliance with the License. -# -# You can obtain a copy of the License at -# http://IdentityConnectors.dev.java.net/legal/license.txt -# See the License for the specific language governing permissions and limitations -# under the License. -# -# When distributing the Covered Code, include this CDDL Header Notice in each file -# and include the License file at identityconnectors/legal/license.txt. -# If applicable, add the following below this CDDL Header, with the fields -# enclosed by brackets [] replaced by your own identifying information: -# "Portions Copyrighted [year] [name of copyright owner]" -# ==================== -# -- END LICENSE -dn: cn=config -objectClass: top -objectClass: ds-cfg-root-config -cn: config -ds-cfg-check-schema: true -ds-cfg-add-missing-rdn-attributes: true -ds-cfg-allow-attribute-name-exceptions: false -ds-cfg-invalid-attribute-syntax-behavior: reject -ds-cfg-single-structural-objectclass-behavior: reject -ds-cfg-notify-abandoned-operations: false -ds-cfg-proxied-authorization-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config -ds-cfg-size-limit: 1000 -ds-cfg-time-limit: 60 seconds -ds-cfg-lookthrough-limit: 20000 -ds-cfg-writability-mode: enabled -ds-cfg-bind-with-dn-requires-password: true -ds-cfg-reject-unauthenticated-requests: false -ds-cfg-default-password-policy: cn=Default Password Policy,cn=Password Policies,cn=config -ds-cfg-return-bind-error-messages: false -ds-cfg-idle-time-limit: 0 seconds -ds-cfg-save-config-on-successful-startup: false -ds-cfg-etime-resolution: milliseconds -ds-cfg-entry-cache-preload: false -ds-cfg-max-allowed-client-connections: 0 -ds-cfg-allowed-task: org.opends.server.tasks.AddSchemaFileTask -ds-cfg-allowed-task: org.opends.server.tasks.BackupTask -ds-cfg-allowed-task: org.opends.server.tasks.DisconnectClientTask -ds-cfg-allowed-task: org.opends.server.tasks.EnterLockdownModeTask -ds-cfg-allowed-task: org.opends.server.tasks.ExportTask -ds-cfg-allowed-task: org.opends.server.tasks.ImportTask -ds-cfg-allowed-task: org.opends.server.tasks.InitializeTargetTask -ds-cfg-allowed-task: org.opends.server.tasks.InitializeTask -ds-cfg-allowed-task: org.opends.server.tasks.SetGenerationIdTask -ds-cfg-allowed-task: org.opends.server.tasks.LeaveLockdownModeTask -ds-cfg-allowed-task: org.opends.server.tasks.RebuildTask -ds-cfg-allowed-task: org.opends.server.tasks.RestoreTask -ds-cfg-allowed-task: org.opends.server.tasks.ShutdownTask - -dn: cn=Access Control Handler,cn=config -objectClass: top -objectClass: ds-cfg-access-control-handler -objectClass: ds-cfg-dsee-compat-access-control-handler -ds-cfg-global-aci: (extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.26027.1.6.3 || 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || 1.3.6.1.4.1.4203.1.11.3") (version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetcontrol="2.16.840.1.113730.3.4.2 || 2.16.840.1.113730.3.4.17 || 2.16.840.1.113730.3.4.19 || 1.3.6.1.4.1.4203.1.10.2 || 1.3.6.1.4.1.42.2.27.8.5.1 || 2.16.840.1.113730.3.4.16") (version 3.0; acl "Anonymous control access"; allow(read) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";) -ds-cfg-global-aci: (target="ldap:///cn=schema")(targetscope="base")(targetattr="objectClass||attributeTypes||dITContentRules||dITStructureRules||ldapSyntaxes||matchingRules||matchingRuleUse||nameForms||objectClasses")(version 3.0; acl "User-Visible Schema Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (target="ldap:///")(targetscope="base")(targetattr="objectClass||namingContexts||supportedAuthPasswordSchemes||supportedControl||supportedExtension||supportedFeatures||supportedLDAPVersion||supportedSASLMechanisms||vendorName||vendorVersion")(version 3.0; acl "User-Visible Root DSE Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetattr="createTimestamp||creatorsName||modifiersName||modifyTimestamp||entryDN||entryUUID||subschemaSubentry")(version 3.0; acl "User-Visible Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (target="ldap:///dc=replicationchanges")(targetattr="*")(version 3.0; acl "Replication backend access"; deny (all) userdn="ldap:///anyone";) -cn: Access Control Handler -ds-cfg-java-class: org.opends.server.authorization.dseecompat.AciHandler -ds-cfg-enabled: true - -dn: cn=Crypto Manager,cn=config -objectClass: top -objectClass: ds-cfg-crypto-manager -cn: Crypto Manager -ds-cfg-ssl-cert-nickname: ads-certificate -ds-cfg-ssl-encryption: false - -dn: cn=Account Status Notification Handlers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Account Status Notification Handlers - -dn: cn=Alert Handlers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Alert Handlers - -dn: cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Backends - -dn: ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-local-db-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.jeb.BackendImpl -ds-cfg-backend-id: userRoot -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: dc=example,dc=com -ds-cfg-db-directory: db -ds-cfg-db-directory-permissions: 700 -ds-cfg-index-entry-limit: 4000 -ds-cfg-preload-time-limit: 0 seconds -ds-cfg-import-queue-size: 100 -ds-cfg-import-thread-count: 8 -ds-cfg-entries-compressed: false -ds-cfg-compact-encoding: true -ds-cfg-db-cache-percent: 10 -ds-cfg-db-cache-size: 0 megabytes -ds-cfg-db-txn-no-sync: false -ds-cfg-db-txn-write-no-sync: true -ds-cfg-db-run-cleaner: true -ds-cfg-db-num-cleaner-threads: 1 -ds-cfg-db-cleaner-min-utilization: 75 -ds-cfg-db-evictor-lru-only: true -ds-cfg-db-evictor-nodes-per-scan: 10 -ds-cfg-db-log-file-max: 50 megabytes -ds-cfg-db-logging-file-handler-on: true -ds-cfg-db-logging-level: CONFIG -ds-cfg-db-checkpointer-bytes-interval: 20 megabytes -ds-cfg-db-checkpointer-wakeup-interval: 30 seconds -ds-cfg-db-num-lock-tables: 19 - -dn: cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Index - -dn: ds-cfg-attribute=aci,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: aci -ds-cfg-index-type: presence - -dn: ds-cfg-attribute=cn,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: cn -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=ds-sync-hist,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: ds-sync-hist -ds-cfg-index-type: ordering - -dn: ds-cfg-attribute=entryUUID,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: entryUUID -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=givenName,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: givenName -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=mail,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: mail -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=member,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: member -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=objectClass,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: objectClass -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=sn,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: sn -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=telephoneNumber,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: telephoneNumber -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=uid,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: uid -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=uniqueMember,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: uniqueMember -ds-cfg-index-type: equality - -dn: cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: VLV Index - -dn: ds-cfg-name=index-uid,cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: ds-cfg-local-db-vlv-index -objectClass: top -ds-cfg-filter: (&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)(objectClass=person)(objectClass=top)) -ds-cfg-base-dn: dc=example,dc=com -ds-cfg-sort-order: uid -ds-cfg-scope: whole-subtree -ds-cfg-name: index-uid - -dn: ds-cfg-backend-id=backup,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-backup-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.BackupBackend -ds-cfg-backend-id: backup -ds-cfg-writability-mode: disabled -ds-cfg-base-dn: cn=backups -ds-cfg-backup-directory: bak - -dn: ds-cfg-backend-id=config,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-config-file-handler-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.extensions.ConfigFileHandler -ds-cfg-backend-id: config -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=config - -dn: ds-cfg-backend-id=ads-truststore,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-trust-store-backend -ds-cfg-backend-id: ads-truststore -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.TrustStoreBackend -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=ads-truststore -ds-cfg-trust-store-type: JKS -ds-cfg-trust-store-file: config/ads-truststore -ds-cfg-trust-store-pin-file: config/ads-truststore.pin - -dn: ds-cfg-backend-id=schema,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-schema-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.SchemaBackend -ds-cfg-backend-id: schema -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=schema -ds-cfg-show-all-attributes: false - -dn: ds-cfg-backend-id=adminRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-ldif-backend -ds-cfg-backend-id: adminRoot -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.LDIFBackend -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=admin data -ds-cfg-ldif-file: config/admin-backend.ldif -ds-cfg-is-private-backend: true - -dn: cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Certificate Mappers - -dn: cn=Subject Equals DN,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-subject-equals-dn-certificate-mapper -cn: Subject Equals DN -ds-cfg-java-class: org.opends.server.extensions.SubjectEqualsDNCertificateMapper -ds-cfg-enabled: true - -dn: cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-subject-dn-to-user-attribute-certificate-mapper -cn: Subject DN to User Attribute -ds-cfg-java-class: org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper -ds-cfg-enabled: true -ds-cfg-subject-attribute: ds-certificate-subject-dn - -dn: cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-subject-attribute-to-user-attribute-certificate-mapper -cn: Subject Attribute to User Attribute -ds-cfg-java-class: org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper -ds-cfg-enabled: true -ds-cfg-subject-attribute-mapping: cn:cn -ds-cfg-subject-attribute-mapping: e:mail - -dn: cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-fingerprint-certificate-mapper -cn: Fingerprint Mapper -ds-cfg-java-class: org.opends.server.extensions.FingerprintCertificateMapper -ds-cfg-enabled: true -ds-cfg-fingerprint-attribute: ds-certificate-fingerprint -ds-cfg-fingerprint-algorithm: MD5 - -dn: cn=Connection Handlers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Connection Handlers - -dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config -objectClass: top -objectClass: ds-cfg-connection-handler -objectClass: ds-cfg-ldap-connection-handler -cn: LDAP Connection Handler -ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler -ds-cfg-enabled: true -ds-cfg-listen-address: 0.0.0.0 -ds-cfg-listen-port: 2389 -ds-cfg-accept-backlog: 128 -ds-cfg-allow-ldap-v2: true -ds-cfg-keep-stats: true -ds-cfg-use-tcp-keep-alive: true -ds-cfg-use-tcp-no-delay: true -ds-cfg-allow-tcp-reuse-address: true -ds-cfg-send-rejection-notice: true -ds-cfg-max-request-size: 5 megabytes -ds-cfg-max-blocked-write-time-limit: 2 minutes -ds-cfg-num-request-handlers: 2 -ds-cfg-allow-start-tls: false -ds-cfg-use-ssl: false -ds-cfg-ssl-client-auth-policy: optional -ds-cfg-ssl-cert-nickname: server-cert - -dn: cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config -objectClass: top -objectClass: ds-cfg-connection-handler -objectClass: ds-cfg-ldap-connection-handler -cn: LDAPS Connection Handler -ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler -ds-cfg-enabled: true -ds-cfg-listen-address: 0.0.0.0 -ds-cfg-listen-port: 2636 -ds-cfg-accept-backlog: 128 -ds-cfg-allow-ldap-v2: true -ds-cfg-keep-stats: true -ds-cfg-use-tcp-keep-alive: true -ds-cfg-use-tcp-no-delay: true -ds-cfg-allow-tcp-reuse-address: true -ds-cfg-send-rejection-notice: true -ds-cfg-max-request-size: 5 megabytes -ds-cfg-max-blocked-write-time-limit: 2 minutes -ds-cfg-num-request-handlers: 2 -ds-cfg-allow-start-tls: false -ds-cfg-use-ssl: true -ds-cfg-ssl-client-auth-policy: optional -ds-cfg-ssl-cert-nickname: server-cert -ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config -ds-cfg-trust-manager-provider: cn=Blind Trust,cn=Trust Manager Providers,cn=config - -dn: cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Entry Caches - -dn: cn=FIFO,cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-entry-cache -objectClass: ds-cfg-fifo-entry-cache -cn: FIFO -ds-cfg-enabled: false -ds-cfg-cache-level: 1 -ds-cfg-java-class: org.opends.server.extensions.FIFOEntryCache - -dn: cn=Soft Reference,cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-entry-cache -objectClass: ds-cfg-soft-reference-entry-cache -cn: Soft Reference -ds-cfg-enabled: false -ds-cfg-cache-level: 2 -ds-cfg-java-class: org.opends.server.extensions.SoftReferenceEntryCache - -dn: cn=File System,cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-entry-cache -objectClass: ds-cfg-file-system-entry-cache -cn: File System -ds-cfg-enabled: false -ds-cfg-cache-level: 3 -ds-cfg-java-class: org.opends.server.extensions.FileSystemEntryCache - -dn: cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Extended Operations - -dn: cn=Cancel,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-cancel-extended-operation-handler -cn: Cancel -ds-cfg-java-class: org.opends.server.extensions.CancelExtendedOperation -ds-cfg-enabled: true - -dn: cn=Get Connection ID,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-get-connection-id-extended-operation-handler -cn: Get Connection ID -ds-cfg-java-class: org.opends.server.extensions.GetConnectionIDExtendedOperation -ds-cfg-enabled: true - -dn: cn=Password Modify,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-password-modify-extended-operation-handler -cn: Password Modify -ds-cfg-java-class: org.opends.server.extensions.PasswordModifyExtendedOperation -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=Password Policy State,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-password-policy-state-extended-operation-handler -cn: Password Policy State -ds-cfg-java-class: org.opends.server.extensions.PasswordPolicyStateExtendedOperation -ds-cfg-enabled: true - -dn: cn=StartTLS,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-start-tls-extended-operation-handler -cn: StartTLS -ds-cfg-java-class: org.opends.server.extensions.StartTLSExtendedOperation -ds-cfg-enabled: true - -dn: cn=Get Symmetric Key,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-get-symmetric-key-extended-operation-handler -cn: Get Symmetric Key -ds-cfg-java-class: org.opends.server.crypto.GetSymmetricKeyExtendedOperation -ds-cfg-enabled: true - -dn: cn=Who Am I,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-who-am-i-extended-operation-handler -cn: Who Am I -ds-cfg-java-class: org.opends.server.extensions.WhoAmIExtendedOperation -ds-cfg-enabled: true - -dn: cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Group Implementations - -dn: cn=Dynamic,cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-group-implementation -objectClass: ds-cfg-dynamic-group-implementation -cn: Dynamic -ds-cfg-java-class: org.opends.server.extensions.DynamicGroup -ds-cfg-enabled: true - -dn: cn=Static,cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-group-implementation -objectClass: ds-cfg-static-group-implementation -cn: Static -ds-cfg-java-class: org.opends.server.extensions.StaticGroup -ds-cfg-enabled: true - -dn: cn=Virtual Static,cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-group-implementation -objectClass: ds-cfg-virtual-static-group-implementation -cn: Virtual Static -ds-cfg-java-class: org.opends.server.extensions.VirtualStaticGroup -ds-cfg-enabled: true - -dn: cn=Identity Mappers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Identity Mappers - -dn: cn=Exact Match,cn=Identity Mappers,cn=config -objectClass: top -objectClass: ds-cfg-identity-mapper -objectClass: ds-cfg-exact-match-identity-mapper -cn: Exact Match -ds-cfg-java-class: org.opends.server.extensions.ExactMatchIdentityMapper -ds-cfg-enabled: true -ds-cfg-match-attribute: uid - -dn: cn=Regular Expression,cn=Identity Mappers,cn=config -objectClass: top -objectClass: ds-cfg-identity-mapper -objectClass: ds-cfg-regular-expression-identity-mapper -cn: Regular Expression -ds-cfg-java-class: org.opends.server.extensions.RegularExpressionIdentityMapper -ds-cfg-enabled: true -ds-cfg-match-attribute: uid -ds-cfg-match-pattern: ^([^@]+)@.+$ -ds-cfg-replace-pattern: $1 - -dn: cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Key Manager Providers - -dn: cn=JKS,cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-key-manager-provider -objectClass: ds-cfg-file-based-key-manager-provider -cn: JKS -ds-cfg-java-class: org.opends.server.extensions.FileBasedKeyManagerProvider -ds-cfg-enabled: true -ds-cfg-key-store-type: JKS -ds-cfg-key-store-file: config/keystore -ds-cfg-key-store-pin-file: config/keystore.pin - -dn: cn=PKCS12,cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-key-manager-provider -objectClass: ds-cfg-file-based-key-manager-provider -cn: PKCS12 -ds-cfg-java-class: org.opends.server.extensions.FileBasedKeyManagerProvider -ds-cfg-enabled: false -ds-cfg-key-store-type: PKCS12 -ds-cfg-key-store-file: config/keystore.p12 -ds-cfg-key-store-pin-file: config/keystore.pin - -dn: cn=PKCS11,cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-key-manager-provider -objectClass: ds-cfg-pkcs11-key-manager-provider -cn: PKCS11 -ds-cfg-java-class: org.opends.server.extensions.PKCS11KeyManagerProvider -ds-cfg-enabled: false -ds-cfg-key-store-pin-file: config/keystore.pin - -dn: cn=Loggers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Loggers - -dn: cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Matching Rules - -dn: cn=Auth Password Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Auth Password Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.AuthPasswordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Auth Password Exact Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Auth Password Exact Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.AuthPasswordExactEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Bit String Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Bit String Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.BitStringEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Boolean Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Boolean Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.BooleanEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Exact Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Case Exact Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Exact Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact IA5 Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Exact IA5 Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactIA5EqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact IA5 Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Exact IA5 Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactIA5SubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Ignore Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Case Ignore Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Ignore Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore IA5 Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Ignore IA5 Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreIA5EqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore IA5 Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Ignore IA5 Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreIA5SubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore List Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Ignore List Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreListEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore List Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Ignore List Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreListSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Directory String First Component Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Directory String First Component Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.DirectoryStringFirstComponentEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Distinguished Name Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Distinguished Name Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.DistinguishedNameEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Double Metaphone Approximate Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-approximate-matching-rule -cn: Double Metaphone Approximate Matching Rule -ds-cfg-java-class: org.opends.server.schema.DoubleMetaphoneApproximateMatchingRule -ds-cfg-enabled: true - -dn: cn=Generalized Time Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Generalized Time Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.GeneralizedTimeEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Generalized Time Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Generalized Time Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.GeneralizedTimeOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Historical CSN Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: ds-cfg-ordering-matching-rule -objectClass: top -objectClass: ds-cfg-matching-rule -ds-cfg-java-class: org.opends.server.replication.plugin.HistoricalCsnOrderingMatchingRule -ds-cfg-enabled: true -cn: Historical CSN Ordering Matching Rule - -dn: cn=Integer Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Integer Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.IntegerEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Integer Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Integer Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.IntegerOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Integer First Component Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Integer First Component Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.IntegerFirstComponentEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Keyword Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Keyword Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.KeywordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Numeric String Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Numeric String Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.NumericStringEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Numeric String Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Numeric String Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.NumericStringOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Numeric String Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Numeric String Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.NumericStringSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Object Identifier Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Object Identifier Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.ObjectIdentifierEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Object Identifier First Component Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Object Identifier First Component Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.ObjectIdentifierFirstComponentEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Octet String Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Octet String Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.OctetStringEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Octet String Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Octet String Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.OctetStringOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Octet String Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Octet String Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.OctetStringSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Presentation Address Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Presentation Address Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.PresentationAddressEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Protocol Information Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Protocol Information Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.ProtocolInformationEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Telephone Number Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Telephone Number Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.TelephoneNumberEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Telephone Number Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Telephone Number Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.TelephoneNumberSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Unique Member Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Unique Member Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UniqueMemberEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=User Password Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: User Password Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UserPasswordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=User Password Exact Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: User Password Exact Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UserPasswordExactEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=UUID Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: UUID Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UUIDEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=UUID Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: UUID Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.UUIDOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Word Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Word Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.WordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Monitor Providers - -dn: cn=Client Connections,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-client-connection-monitor-provider -cn: Client Connections -ds-cfg-java-class: org.opends.server.monitors.ClientConnectionMonitorProvider -ds-cfg-enabled: true - -dn: cn=Entry Caches,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-entry-cache-monitor-provider -cn: Entry Caches -ds-cfg-java-class: org.opends.server.monitors.EntryCacheMonitorProvider -ds-cfg-enabled: true - -dn: cn=JVM Memory Usage,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-memory-usage-monitor-provider -cn: JVM Memory Usage -ds-cfg-java-class: org.opends.server.monitors.MemoryUsageMonitorProvider -ds-cfg-enabled: true - -dn: cn=JVM Stack Trace,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-stack-trace-monitor-provider -cn: JVM Stack Trace -ds-cfg-java-class: org.opends.server.monitors.StackTraceMonitorProvider -ds-cfg-enabled: true - -dn: cn=System Info,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-system-info-monitor-provider -cn: System Info -ds-cfg-java-class: org.opends.server.monitors.SystemInfoMonitorProvider -ds-cfg-enabled: true - -dn: cn=Version,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-version-monitor-provider -cn: Version -ds-cfg-java-class: org.opends.server.monitors.VersionMonitorProvider -ds-cfg-enabled: true - -dn: cn=Password Generators,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Generators - -dn: cn=Random Password Generator,cn=Password Generators,cn=config -objectClass: top -objectClass: ds-cfg-password-generator -objectClass: ds-cfg-random-password-generator -cn: Random Password Generator -ds-cfg-java-class: org.opends.server.extensions.RandomPasswordGenerator -ds-cfg-enabled: true -ds-cfg-password-character-set: alpha:abcdefghijklmnopqrstuvwxyz -ds-cfg-password-character-set: numeric:0123456789 -ds-cfg-password-format: alpha:3,numeric:2,alpha:3 - -dn: cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Policies - -dn: cn=Default Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Default Password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: false -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: false -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 0 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 0 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 5 days -ds-cfg-password-generator: cn=Random Password Generator,cn=Password Generators,cn=config -ds-cfg-password-change-requires-current-password: false -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: reactive -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Root Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Root Password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Salted SHA-512,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: false -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: false -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 0 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 0 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 5 days -ds-cfg-password-change-requires-current-password: true -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: ignore -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Quickly Expiring Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Quickly Expiring password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: false -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: true -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 42 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 2 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 1 seconds -ds-cfg-password-generator: cn=Random Password Generator,cn=Password Generators,cn=config -ds-cfg-password-change-requires-current-password: false -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: reactive -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Clear Text Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Default Password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Clear,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: true -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: false -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 0 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 0 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 5 days -ds-cfg-password-generator: cn=Random Password Generator,cn=Password Generators,cn=config -ds-cfg-password-change-requires-current-password: false -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: reactive -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Storage Schemes - -dn: cn=Base64,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-base64-password-storage-scheme -cn: Base64 -ds-cfg-java-class: org.opends.server.extensions.Base64PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Clear,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-clear-password-storage-scheme -cn: Clear -ds-cfg-java-class: org.opends.server.extensions.ClearPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=CRYPT,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-crypt-password-storage-scheme -cn: CRYPT -ds-cfg-java-class: org.opends.server.extensions.CryptPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=MD5,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-md5-password-storage-scheme -cn: MD5 -ds-cfg-java-class: org.opends.server.extensions.MD5PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted MD5,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-md5-password-storage-scheme -cn: Salted MD5 -ds-cfg-java-class: org.opends.server.extensions.SaltedMD5PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha1-password-storage-scheme -cn: Salted SHA-1 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA1PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-256,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha256-password-storage-scheme -cn: Salted SHA-256 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA256PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-384,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha384-password-storage-scheme -cn: Salted SHA-384 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA384PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-512,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha512-password-storage-scheme -cn: Salted SHA-512 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA512PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=SHA-1,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-sha1-password-storage-scheme -cn: SHA-1 -ds-cfg-java-class: org.opends.server.extensions.SHA1PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=3DES,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-triple-des-password-storage-scheme -cn: 3DES -ds-cfg-java-class: org.opends.server.extensions.TripleDESPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=AES,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-aes-password-storage-scheme -cn: AES -ds-cfg-java-class: org.opends.server.extensions.AESPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Blowfish,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-blowfish-password-storage-scheme -cn: Blowfish -ds-cfg-java-class: org.opends.server.extensions.BlowfishPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=RC4,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-rc4-password-storage-scheme -cn: RC4 -ds-cfg-java-class: org.opends.server.extensions.RC4PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Validators - -dn: cn=Attribute Value,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-attribute-value-password-validator -cn: Attribute Value -ds-cfg-java-class: org.opends.server.extensions.AttributeValuePasswordValidator -ds-cfg-enabled: true -ds-cfg-test-reversed-password: true - -dn: cn=Character Set,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-character-set-password-validator -cn: Character Set -ds-cfg-java-class: org.opends.server.extensions.CharacterSetPasswordValidator -ds-cfg-enabled: true -ds-cfg-character-set: 1:abcdefghijklmnopqrstuvwxyz -ds-cfg-character-set: 1:ABCDEFGHIJKLMNOPQRSTUVWXYZ -ds-cfg-character-set: 1:0123456789 -ds-cfg-character-set: 1:~!@#$%^&*()-_=+[]{}|;:,.<>/? -ds-cfg-allow-unclassified-characters: true - -dn: cn=Dictionary,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-dictionary-password-validator -cn: Dictionary -ds-cfg-java-class: org.opends.server.extensions.DictionaryPasswordValidator -ds-cfg-enabled: false -ds-cfg-dictionary-file: config/wordlist.txt -ds-cfg-case-sensitive-validation: false -ds-cfg-test-reversed-password: true - -dn: cn=Length-Based Password Validator,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-length-based-password-validator -cn: Length-Based Password Validator -ds-cfg-java-class: org.opends.server.extensions.LengthBasedPasswordValidator -ds-cfg-enabled: true -ds-cfg-min-password-length: 6 -ds-cfg-max-password-length: 0 - -dn: cn=Repeated Characters,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-repeated-characters-password-validator -cn: Repeated Characters -ds-cfg-java-class: org.opends.server.extensions.RepeatedCharactersPasswordValidator -ds-cfg-enabled: true -ds-cfg-max-consecutive-length: 2 -ds-cfg-case-sensitive-validation: false - -dn: cn=Similarity-Based Password Validator,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-similarity-based-password-validator -cn: Similarity-Based Password Validator -ds-cfg-java-class: org.opends.server.extensions.SimilarityBasedPasswordValidator -ds-cfg-enabled: true -ds-cfg-min-password-difference: 3 - -dn: cn=Unique Characters,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-unique-characters-password-validator -cn: Unique Characters -ds-cfg-java-class: org.opends.server.extensions.UniqueCharactersPasswordValidator -ds-cfg-enabled: true -ds-cfg-min-unique-characters: 5 -ds-cfg-case-sensitive-validation: false - -dn: cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-branch -objectClass: ds-cfg-plugin-root -cn: Plugins - -dn: cn=7-Bit Clean,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-seven-bit-clean-plugin -cn: 7-Bit Clean -ds-cfg-java-class: org.opends.server.plugins.SevenBitCleanPlugin -ds-cfg-enabled: false -ds-cfg-plugin-type: ldifImport -ds-cfg-plugin-type: preParseAdd -ds-cfg-plugin-type: preParseModify -ds-cfg-plugin-type: preParseModifyDN -ds-cfg-attribute-type: uid -ds-cfg-attribute-type: mail -ds-cfg-attribute-type: userPassword -ds-cfg-invoke-for-internal-operations: true - -dn: cn=Entry UUID,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-entry-uuid-plugin -cn: Entry UUID -ds-cfg-java-class: org.opends.server.plugins.EntryUUIDPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: ldifImport -ds-cfg-plugin-type: preOperationAdd -ds-cfg-invoke-for-internal-operations: true - -dn: cn=LastMod,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-last-mod-plugin -cn: LastMod -ds-cfg-java-class: org.opends.server.plugins.LastModPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: preOperationAdd -ds-cfg-plugin-type: preOperationModify -ds-cfg-plugin-type: preOperationModifyDN -ds-cfg-invoke-for-internal-operations: true - -dn: cn=LDAP Attribute Description List,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-ldap-attribute-description-list-plugin -cn: LDAP Attribute Description List -ds-cfg-java-class: org.opends.server.plugins.LDAPADListPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: preParseSearch -ds-cfg-invoke-for-internal-operations: true - -dn: cn=Password Policy Import,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-password-policy-import-plugin -cn: Password Policy Import -ds-cfg-java-class: org.opends.server.plugins.PasswordPolicyImportPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: ldifImport -ds-cfg-default-user-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-default-auth-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-invoke-for-internal-operations: false - -dn: cn=Referential Integrity,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-referential-integrity-plugin -cn: Referential Integrity -ds-cfg-java-class: org.opends.server.plugins.ReferentialIntegrityPlugin -ds-cfg-enabled: false -ds-cfg-plugin-type: postOperationDelete -ds-cfg-plugin-type: postOperationModifyDN -ds-cfg-plugin-type: subordinateModifyDN -ds-cfg-attribute-type: member -ds-cfg-attribute-type: uniqueMember -ds-cfg-invoke-for-internal-operations: true - -dn: cn=UID Unique Attribute,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-unique-attribute-plugin -cn: UID Unique Attribute -ds-cfg-java-class: org.opends.server.plugins.UniqueAttributePlugin -ds-cfg-enabled: false -ds-cfg-plugin-type: preOperationAdd -ds-cfg-plugin-type: preOperationModify -ds-cfg-plugin-type: preOperationModifyDN -ds-cfg-plugin-type: postSynchronizationAdd -ds-cfg-plugin-type: postSynchronizationModify -ds-cfg-plugin-type: postSynchronizationModifyDN -ds-cfg-type: uid -ds-cfg-invoke-for-internal-operations: true - -dn: cn=Root DNs,cn=config -objectClass: top -objectClass: ds-cfg-root-dn -cn: Root DNs -ds-cfg-default-root-privilege-name: bypass-acl -ds-cfg-default-root-privilege-name: modify-acl -ds-cfg-default-root-privilege-name: config-read -ds-cfg-default-root-privilege-name: config-write -ds-cfg-default-root-privilege-name: ldif-import -ds-cfg-default-root-privilege-name: ldif-export -ds-cfg-default-root-privilege-name: backend-backup -ds-cfg-default-root-privilege-name: backend-restore -ds-cfg-default-root-privilege-name: server-shutdown -ds-cfg-default-root-privilege-name: server-restart -ds-cfg-default-root-privilege-name: disconnect-client -ds-cfg-default-root-privilege-name: cancel-request -ds-cfg-default-root-privilege-name: password-reset -ds-cfg-default-root-privilege-name: update-schema -ds-cfg-default-root-privilege-name: privilege-change -ds-cfg-default-root-privilege-name: unindexed-search - -dn: cn=Directory Manager,cn=Root DNs,cn=config -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: ds-cfg-root-dn-user -cn: Directory Manager -givenName: Directory -sn: Manager -userPassword: {SSHA512}l1t43vVl7Uh03PpQ2vCsT0B7Q0HTi+tKJmH7tZTmSGaKrMHWHO1czfwEsjMgfbeQoiYQDGDuxolipR0H6ajMu1YHlTjPNG9Z -ds-cfg-alternate-bind-dn: cn=Directory Manager -ds-rlim-size-limit: 0 -ds-rlim-time-limit: 0 -ds-rlim-idle-time-limit: 0 -ds-rlim-lookthrough-limit: 0 -ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config - -dn: cn=Root DSE,cn=config -objectClass: top -objectClass: ds-cfg-root-dse-backend -cn: Root DSE -ds-cfg-show-all-attributes: false - -dn: cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: SASL Mechanisms - -dn: cn=ANONYMOUS,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-anonymous-sasl-mechanism-handler -cn: ANONYMOUS -ds-cfg-java-class: org.opends.server.extensions.AnonymousSASLMechanismHandler -ds-cfg-enabled: false - -dn: cn=CRAM-MD5,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-cram-md5-sasl-mechanism-handler -cn: CRAM-MD5 -ds-cfg-java-class: org.opends.server.extensions.CRAMMD5SASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=DIGEST-MD5,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-digest-md5-sasl-mechanism-handler -cn: DIGEST-MD5 -ds-cfg-java-class: org.opends.server.extensions.DigestMD5SASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=EXTERNAL,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-external-sasl-mechanism-handler -cn: EXTERNAL -ds-cfg-java-class: org.opends.server.extensions.ExternalSASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-certificate-validation-policy: ifpresent -ds-cfg-certificate-attribute: userCertificate -ds-cfg-certificate-mapper: cn=Subject Equals DN,cn=Certificate Mappers,cn=config - -dn: cn=GSSAPI,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-gssapi-sasl-mechanism-handler -cn: GSSAPI -ds-cfg-java-class: org.opends.server.extensions.GSSAPISASLMechanismHandler -ds-cfg-enabled: false -ds-cfg-identity-mapper: cn=Regular Expression,cn=Identity Mappers,cn=config -ds-cfg-keytab: /etc/krb5/krb5.keytab - -dn: cn=PLAIN,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-plain-sasl-mechanism-handler -cn: PLAIN -ds-cfg-java-class: org.opends.server.extensions.PlainSASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=Synchronization Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Synchronization Providers - -dn: cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config -objectClass: top -objectClass: ds-cfg-synchronization-provider -objectClass: ds-cfg-replication-synchronization-provider -cn: Multimaster Synchronization -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.replication.plugin.MultimasterReplication - -dn: cn=domains,cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: domains - -dn: cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Syntaxes - -dn: cn=Absolute Subtree Specification,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Absolute Subtree Specification -ds-cfg-java-class: org.opends.server.schema.AbsoluteSubtreeSpecificationSyntax -ds-cfg-enabled: true - -dn: cn=Sun-defined Access Control Information,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Sun-defined Access Control Information -ds-cfg-java-class: org.opends.server.schema.AciSyntax -ds-cfg-enabled: true - -dn: cn=Attribute Type Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -objectClass: ds-cfg-attribute-type-description-attribute-syntax -cn: Attribute Type Description -ds-cfg-java-class: org.opends.server.schema.AttributeTypeSyntax -ds-cfg-enabled: true -ds-cfg-strip-syntax-min-upper-bound: false - -dn: cn=Authentication Password,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Authentiation Password -ds-cfg-java-class: org.opends.server.schema.AuthPasswordSyntax -ds-cfg-enabled: true - -dn: cn=Binary,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Binary -ds-cfg-java-class: org.opends.server.schema.BinarySyntax -ds-cfg-enabled: true - -dn: cn=Bit String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Bit String -ds-cfg-java-class: org.opends.server.schema.BitStringSyntax -ds-cfg-enabled: true - -dn: cn=Boolean,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Boolean -ds-cfg-java-class: org.opends.server.schema.BooleanSyntax -ds-cfg-enabled: true - -dn: cn=Certificate,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Certificate -ds-cfg-java-class: org.opends.server.schema.CertificateSyntax -ds-cfg-enabled: true - -dn: cn=Certificate List,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Certificate List -ds-cfg-java-class: org.opends.server.schema.CertificateListSyntax -ds-cfg-enabled: true - -dn: cn=Certificate Pair,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Certificate Pair -ds-cfg-java-class: org.opends.server.schema.CertificatePairSyntax -ds-cfg-enabled: true - -dn: cn=Country String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Country String -ds-cfg-java-class: org.opends.server.schema.CountryStringSyntax -ds-cfg-enabled: true - -dn: cn=Delivery Method,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Delivery Method -ds-cfg-java-class: org.opends.server.schema.DeliveryMethodSyntax -ds-cfg-enabled: true - -dn: cn=Directory String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -objectClass: ds-cfg-directory-string-attribute-syntax -cn: Directory String -ds-cfg-java-class: org.opends.server.schema.DirectoryStringSyntax -ds-cfg-enabled: true -ds-cfg-allow-zero-length-values: false - -dn: cn=Distinguished Name,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Distinguished Name -ds-cfg-java-class: org.opends.server.schema.DistinguishedNameSyntax -ds-cfg-enabled: true - -dn: cn=DIT Content Rule Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: DIT Content Rule Description -ds-cfg-java-class: org.opends.server.schema.DITContentRuleSyntax -ds-cfg-enabled: true - -dn: cn=DIT Structure Rule Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: DIT Structure Rule Description -ds-cfg-java-class: org.opends.server.schema.DITStructureRuleSyntax -ds-cfg-enabled: true - -dn: cn=Enhanced Guide,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Enhanced Guide -ds-cfg-java-class: org.opends.server.schema.EnhancedGuideSyntax -ds-cfg-enabled: true - -dn: cn=Facsimile Telephone Number,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Facsimile Telephone Number -ds-cfg-java-class: org.opends.server.schema.FaxNumberSyntax -ds-cfg-enabled: true - -dn: cn=Fax,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Fax -ds-cfg-java-class: org.opends.server.schema.FaxSyntax -ds-cfg-enabled: true - -dn: cn=Generalized Time,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Generalized Time -ds-cfg-java-class: org.opends.server.schema.GeneralizedTimeSyntax -ds-cfg-enabled: true - -dn: cn=Guide,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Guide -ds-cfg-java-class: org.opends.server.schema.GuideSyntax -ds-cfg-enabled: true - -dn: cn=IA5 String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: IA5 String -ds-cfg-java-class: org.opends.server.schema.IA5StringSyntax -ds-cfg-enabled: true - -dn: cn=Integer,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Integer -ds-cfg-java-class: org.opends.server.schema.IntegerSyntax -ds-cfg-enabled: true - -dn: cn=JPEG,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: JPEG -ds-cfg-java-class: org.opends.server.schema.JPEGSyntax -ds-cfg-enabled: true - -dn: cn=LDAP Syntax Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: LDAP Syntax Description -ds-cfg-java-class: org.opends.server.schema.LDAPSyntaxDescriptionSyntax -ds-cfg-enabled: true - -dn: cn=Matching Rule Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Matching Rule Description -ds-cfg-java-class: org.opends.server.schema.MatchingRuleSyntax -ds-cfg-enabled: true - -dn: cn=Matching Rule Use Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Matching Rule Use Description -ds-cfg-java-class: org.opends.server.schema.MatchingRuleUseSyntax -ds-cfg-enabled: true - -dn: cn=Name and Optional UID,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Name and Optional UID -ds-cfg-java-class: org.opends.server.schema.NameAndOptionalUIDSyntax -ds-cfg-enabled: true - -dn: cn=Name Form Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Name Form Description -ds-cfg-java-class: org.opends.server.schema.NameFormSyntax -ds-cfg-enabled: true - -dn: cn=Numeric String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Numeric String -ds-cfg-java-class: org.opends.server.schema.NumericStringSyntax -ds-cfg-enabled: true - -dn: cn=Object Class Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Object Class Description -ds-cfg-java-class: org.opends.server.schema.ObjectClassSyntax -ds-cfg-enabled: true - -dn: cn=Object Identifier,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Object Identifier -ds-cfg-java-class: org.opends.server.schema.OIDSyntax -ds-cfg-enabled: true - -dn: cn=Octet String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Octet String -ds-cfg-java-class: org.opends.server.schema.OctetStringSyntax -ds-cfg-enabled: true - -dn: cn=Other Mailbox,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Other Mailbox -ds-cfg-java-class: org.opends.server.schema.OtherMailboxSyntax -ds-cfg-enabled: true - -dn: cn=Postal Address,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Postal Address -ds-cfg-java-class: org.opends.server.schema.PostalAddressSyntax -ds-cfg-enabled: true - -dn: cn=Presentation Address,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Presentation Address -ds-cfg-java-class: org.opends.server.schema.PresentationAddressSyntax -ds-cfg-enabled: true - -dn: cn=Printable String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Printable String -ds-cfg-java-class: org.opends.server.schema.PrintableStringSyntax -ds-cfg-enabled: true - -dn: cn=Protocol Information,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Protocol Information -ds-cfg-java-class: org.opends.server.schema.ProtocolInformationSyntax -ds-cfg-enabled: true - -dn: cn=Relative Subtree Specification,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Relative Subtree Specification -ds-cfg-java-class: org.opends.server.schema.RelativeSubtreeSpecificationSyntax -ds-cfg-enabled: true - -dn: cn=Substring Assertion,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Substring Assertion -ds-cfg-java-class: org.opends.server.schema.SubstringAssertionSyntax -ds-cfg-enabled: true - -dn: cn=Subtree Specification,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Subtree Specification -ds-cfg-java-class: org.opends.server.schema.RFC3672SubtreeSpecificationSyntax -ds-cfg-enabled: true - -dn: cn=Supported Algorithm,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Supported Algorithm -ds-cfg-java-class: org.opends.server.schema.SupportedAlgorithmSyntax -ds-cfg-enabled: true - -dn: cn=Telephone Number,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -objectClass: ds-cfg-telephone-number-attribute-syntax -cn: Telephone Number -ds-cfg-java-class: org.opends.server.schema.TelephoneNumberSyntax -ds-cfg-enabled: true -ds-cfg-strict-format: false - -dn: cn=Teletex Terminal Identifier,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Teletex Terminal Identifier -ds-cfg-java-class: org.opends.server.schema.TeletexTerminalIdentifierSyntax -ds-cfg-enabled: true - -dn: cn=Telex Number,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Telex Number -ds-cfg-java-class: org.opends.server.schema.TelexNumberSyntax -ds-cfg-enabled: true - -dn: cn=UTC Time,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: UTC Time -ds-cfg-java-class: org.opends.server.schema.UTCTimeSyntax -ds-cfg-enabled: true - -dn: cn=User Password,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: User Password -ds-cfg-java-class: org.opends.server.schema.UserPasswordSyntax -ds-cfg-enabled: true - -dn: cn=UUID,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: UUID -ds-cfg-java-class: org.opends.server.schema.UUIDSyntax -ds-cfg-enabled: true - -dn: cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Trust Manager Providers - -dn: cn=Blind Trust,cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-trust-manager-provider -objectClass: ds-cfg-blind-trust-manager-provider -cn: Blind Trust -ds-cfg-java-class: org.opends.server.extensions.BlindTrustManagerProvider -ds-cfg-enabled: true - -dn: cn=JKS,cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-trust-manager-provider -objectClass: ds-cfg-file-based-trust-manager-provider -cn: JKS -ds-cfg-java-class: org.opends.server.extensions.FileBasedTrustManagerProvider -ds-cfg-enabled: false -ds-cfg-trust-store-type: JKS -ds-cfg-trust-store-file: config/truststore - -dn: cn=PKCS12,cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-trust-manager-provider -objectClass: ds-cfg-file-based-trust-manager-provider -cn: PKCS12 -ds-cfg-java-class: org.opends.server.extensions.FileBasedTrustManagerProvider -ds-cfg-enabled: false -ds-cfg-trust-store-type: PKCS12 -ds-cfg-trust-store-file: config/truststore.p12 - -dn: cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Virtual Attributes - -dn: cn=entryDN,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-entry-dn-virtual-attribute -cn: entryDN -ds-cfg-java-class: org.opends.server.extensions.EntryDNVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: entryDN -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=entryUUID,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-entry-uuid-virtual-attribute -cn: entryUUIUD -ds-cfg-java-class: org.opends.server.extensions.EntryUUIDVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: entryUUID -ds-cfg-conflict-behavior: real-overrides-virtual - -dn: cn=hasSubordinates,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-has-subordinates-virtual-attribute -cn: hasSubordinates -ds-cfg-java-class: org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: hasSubordinates -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=isMemberOf,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-is-member-of-virtual-attribute -cn: isMemberOf -ds-cfg-java-class: org.opends.server.extensions.IsMemberOfVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: isMemberOf -ds-cfg-filter: (objectClass=person) -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=numSubordinates,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-num-subordinates-virtual-attribute -cn: numSubordinates -ds-cfg-java-class: org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: numSubordinates -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=subschemaSubentry,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-subschema-subentry-virtual-attribute -cn: subschemaSubentry -ds-cfg-java-class: org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: subschemaSubentry -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=Virtual Static member,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-member-virtual-attribute -cn: Virtual Static member -ds-cfg-java-class: org.opends.server.extensions.MemberVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: member -ds-cfg-conflict-behavior: virtual-overrides-real -ds-cfg-filter: (&(objectClass=groupOfNames)(objectClass=ds-virtual-static-group)) -ds-cfg-allow-retrieving-membership: false - -dn: cn=Virtual Static uniqueMember,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-member-virtual-attribute -cn: Virtual Static uniqueMember -ds-cfg-java-class: org.opends.server.extensions.MemberVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: uniqueMember -ds-cfg-conflict-behavior: virtual-overrides-real -ds-cfg-filter: (&(objectClass=groupOfUniqueNames)(objectClass=ds-virtual-static-group)) -ds-cfg-allow-retrieving-membership: false - -dn: cn=Work Queue,cn=config -objectClass: top -objectClass: ds-cfg-work-queue -objectClass: ds-cfg-traditional-work-queue -cn: Work Queue -ds-cfg-java-class: org.opends.server.extensions.TraditionalWorkQueue -ds-cfg-num-worker-threads: 24 -ds-cfg-max-work-queue-capacity: 0 diff --git a/OpenICF-ldap-connector/opends/keystore.pin b/OpenICF-ldap-connector/opends/keystore.pin deleted file mode 100644 index f3097ab1..00000000 --- a/OpenICF-ldap-connector/opends/keystore.pin +++ /dev/null @@ -1 +0,0 @@ -password diff --git a/OpenICF-ldap-connector/pom.xml b/OpenICF-ldap-connector/pom.xml index 0997a98f..6c247401 100755 --- a/OpenICF-ldap-connector/pom.xml +++ b/OpenICF-ldap-connector/pom.xml @@ -22,7 +22,7 @@ your own identifying information: "Portions Copyrighted [year] [name of copyright owner]" - Portions Copyrighted 2018-2025 3A Systems, LLC + Portions Copyrighted 2018-2026 3A Systems, LLC --> 4.0.0 @@ -107,6 +107,18 @@ opendj-server test + + + org.openidentityplatform.opendj + opendj-server-legacy + ${opendj.version} + slim + zip + test + org.mockito mockito-all @@ -128,15 +140,27 @@ org.apache.maven.plugins maven-surefire-plugin - true - - testng.xml - ${opendj.port} + + ${org.openidentityplatform.opendj:opendj-server-legacy:zip:slim} + + org.apache.maven.plugins + maven-dependency-plugin + + + + resolve-opendj-archive + process-test-resources + + properties + + + + org.codehaus.mojo build-helper-maven-plugin diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java index 2506d30f..59897818 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -86,7 +87,9 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) throws } public X509Certificate[] getAcceptedIssuers() { - return null; + // Not null: this provider is installed as the JVM-wide default, so the embedded + // server picks it up for its own side of the handshake too, and null there aborts it. + return new X509Certificate[0]; } } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java index 04d9e614..2e244aba 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -306,7 +307,7 @@ public void testDefaultValues() { assertFalse(config.isMaintainPosixGroupMembership()); assertFalse(config.isRespectResourcePasswordPolicyChangeAfterReset()); assertNull(config.getPasswordHashAlgorithm()); - assertTrue(config.isUseBlocks()); + assertFalse(config.isUseBlocks()); assertEquals(100, config.getBlockSize()); assertFalse(config.isUsePagedResultControl()); assertEquals("uid", config.getVlvSortAttribute()); diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java index b742db40..c387b546 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -172,6 +173,7 @@ public void testSupportedControls() { @Test public void testServerType() { LdapConnection conn = new LdapConnection(newConfiguration()); - assertEquals(ServerType.OPENDS, conn.getServerType()); + // The test instance is OpenDJ; it was OpenDS back when this test last ran. + assertEquals(ServerType.OPENDJ, conn.getServerType()); } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java index e86e74fa..385c589c 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java @@ -19,19 +19,40 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; +import static org.forgerock.opendj.server.embedded.ConfigParameters.configParams; +import static org.forgerock.opendj.server.embedded.ConnectionParameters.connectionParams; +import static org.forgerock.opendj.server.embedded.SetupParameters.setupParams; + import org.testng.annotations.AfterClass; import org.testng.annotations.AfterMethod; import org.testng.annotations.BeforeMethod; import org.testng.Assert; import java.io.File; import java.io.IOException; +import java.io.InputStream; +import java.io.StringReader; import java.net.InetAddress; +import java.net.ServerSocket; import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.nio.file.FileVisitResult; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.SimpleFileVisitor; +import java.nio.file.StandardCopyOption; +import java.nio.file.attribute.BasicFileAttributes; import java.util.List; +import com.forgerock.opendj.ldap.tools.MakeLDIF; +import org.forgerock.opendj.ldap.Connection; +import org.forgerock.opendj.ldif.ConnectionChangeRecordWriter; +import org.forgerock.opendj.ldif.LDIFChangeRecordReader; +import org.forgerock.opendj.server.embedded.EmbeddedDirectoryServer; +import org.forgerock.opendj.server.embedded.EmbeddedDirectoryServerException; import org.identityconnectors.common.IOUtil; import org.identityconnectors.common.security.GuardedString; import org.identityconnectors.framework.api.APIConfiguration; @@ -45,17 +66,18 @@ import org.identityconnectors.framework.common.objects.OperationOptionsBuilder; import org.identityconnectors.framework.common.objects.filter.FilterBuilder; import org.identityconnectors.test.common.TestHelpers; -import org.opends.server.config.ConfigException; -import org.opends.server.types.DirectoryEnvironmentConfig; -import org.opends.server.types.InitializationException; +import org.opends.server.tools.ImportLDIF; import org.opends.server.util.EmbeddedUtils; public abstract class LdapConnectorTestBase { - // Cf. data.ldif and bigcompany.ldif. + // Cf. data.ldif and bigcompany.template. - public static final int PORT = 2389; - public static final int SSL_PORT = 2636; + // Picked at run time rather than fixed, so that a developer box already running a directory + // server on the traditional 2389/2636 does not break the build. The instance is set up from + // these, so config and tests cannot drift apart. + public static final int PORT = findFreePort(); + public static final int SSL_PORT = findFreePort(); public static final String EXAMPLE_COM_DN = "dc=example,dc=com"; @@ -108,27 +130,33 @@ public abstract class LdapConnectorTestBase { public static final String USER_0_SN = "Amar"; public static final String USER_0_GIVEN_NAME = "Aaccf"; - // Cf. test/opends/config/config.ldif and setup-test-opends.xml. - - private static final String[] FILES = { - "config/config.ldif", - "config/admin-backend.ldif", - "config/keystore", - "config/keystore.pin", - "config/schema/00-core.ldif", - "config/schema/01-pwpolicy.ldif", - "config/schema/02-config.ldif", - "config/schema/03-changelog.ldif", - "config/schema/03-rfc2713.ldif", - "config/schema/03-rfc2714.ldif", - "config/schema/03-rfc2739.ldif", - "config/schema/03-rfc2926.ldif", - "config/schema/03-rfc3112.ldif", - "config/schema/03-rfc3712.ldif", - "config/schema/03-uddiv3.ldif", - "config/schema/04-rfc2307bis.ldif", - "db/userRoot/00000000.jdb" - }; + private static final int ADMIN_PORT = findFreePort(); + private static final int JMX_PORT = findFreePort(); + /** Replication carries the change log the sync tests read, even with nothing to replicate to. */ + private static final int REPLICATION_PORT = findFreePort(); + + private static final String ROOT_DN = "cn=Directory Manager"; + private static final String ROOT_PASSWORD = "password"; + + /** EmbeddedDirectoryServer.extractArchiveForSetup() insists on this server root name. */ + private static final String SERVER_ROOT_NAME = "opendj"; + + private static final File WORK_DIR = new File(System.getProperty("java.io.tmpdir"), "openicf-ldap-opendj"); + private static final File SERVER_ROOT = new File(new File(WORK_DIR, "instance"), SERVER_ROOT_NAME); + /** Pristine copy of the directories below, taken once the instance is fully populated. */ + private static final File PRISTINE_DIR = new File(WORK_DIR, "pristine"); + /** The parts of the instance the tests write to; restored from PRISTINE_DIR on every start. */ + private static final String[] MUTABLE_DIRS = { "config", "db", "changelogDb" }; + + private static EmbeddedDirectoryServer server; + private static boolean instanceCreated; + + static { + // testSSL() registers this too, but by then the embedded server has started and brought + // SSL up with it. The default SSL context is built once and cached, so registering after + // that has no effect on it and the test would fail to trust the generated certificate. + BlindTrustProvider.register(); + } @AfterClass public static void afterClass() { @@ -208,64 +236,288 @@ public static ConnectorObject findByAttribute(List objects, Str return null; } + /** + * Starts the embedded directory, restoring its data to the state the tests expect. + * + * The instance is only built once per JVM: setting it up and importing the Big Company + * entries is far too slow to repeat for every test that asks for a restart. Afterwards a + * pristine copy of the mutable directories is kept aside, and starting means putting that + * copy back, which is what makes each test see the same data. + */ protected void startServer() throws IOException { - File root = new File(System.getProperty("java.io.tmpdir"), "opends"); - IOUtil.delete(root); - if (!root.mkdirs()) { - throw new IOException(); + try { + createInstance(); + restorePristineState(); + server = manageServer(); + server.start(); + waitUntilListening(); + } catch (EmbeddedDirectoryServerException e) { + throw (IOException) new IOException(e.getMessage()).initCause(e); } - for (String path : FILES) { - File file = new File(root, path); - File parent = file.getParentFile(); - if (!parent.exists() && !parent.mkdirs()) { - throw new IOException(file.getAbsolutePath()); + } + + /** + * Starting is asynchronous: it reports the server as running before the connection handler + * has bound its port, so a test that connected straight away would be refused. + */ + private static void waitUntilListening() throws IOException { + final int WAIT = 200; // ms + final int ITERATIONS = 50; + for (int i = 1; !isListening(PORT) || !isListening(SSL_PORT); i++) { + if (i >= ITERATIONS) { + throw new IOException("OpenDJ is not listening on ports " + PORT + " and " + SSL_PORT + + " " + (WAIT * ITERATIONS) + "ms after being started"); } - IOUtil.extractResourceToFile(LdapConnectorTestBase.class, "opends/" + path, file); + try { + Thread.sleep(WAIT); + } catch (InterruptedException e) {} } + } - File configDir = new File(root, "config"); - File configFile = new File(configDir, "config.ldif"); - File schemaDir = new File(configDir, "schema"); - File lockDir = new File(root, "locks"); - if (!lockDir.mkdirs()) { - throw new IOException(); + protected static void stopServer() { + if (server != null) { + server.stop(LdapConnectorTestBase.class.getName(), null); + server = null; } - - try { - DirectoryEnvironmentConfig config = new DirectoryEnvironmentConfig(); - config.setServerRoot(root); - config.setConfigFile(configFile); - config.setSchemaDirectory(schemaDir); - //config.setLockDirectory(lockDir); - EmbeddedUtils.startServer(config); -// } catch (ConfigException e) { -// throw (IOException) new IOException(e.getMessage()).initCause(e); - } catch (InitializationException e) { - throw (IOException) new IOException(e.getMessage()).initCause(e); + if (!waitUntilStopped()) { + Assert.fail("OpenDJ failed to stop"); } } - protected static void stopServer() { - EmbeddedUtils.stopServer("org.test.opends.EmbeddedOpenDS", null); - // It seems that EmbeddedUtils.stopServer() returns before the server has stopped listening on its port, - // causing the next test to fail when starting the server. + /** + * Shutting down is asynchronous, so wait for it to finish. Both conditions matter: the port + * has to be free before the next start can bind it again, and isRunning() has to agree the + * server is down, or before() would decide there is nothing to restart and leave the next + * test without a server. + */ + private static boolean waitUntilStopped() { final int WAIT = 200; // ms final int ITERATIONS = 25; - for (int i = 1; ; i++) { + for (int i = 1; EmbeddedUtils.isRunning() || isAnyPortStillBound(); i++) { + if (i >= ITERATIONS) { + return false; + } try { - new Socket(InetAddress.getLocalHost(), PORT).close(); - } catch (IOException e) { - // Okay, server has stopped. - return; + Thread.sleep(WAIT); + } catch (InterruptedException e) {} + } + return true; + } + + /** Every port the server binds, since starting again fails on whichever is not free yet. */ + private static boolean isAnyPortStillBound() { + return isListening(PORT) || isListening(SSL_PORT) || isListening(ADMIN_PORT) + || isListening(REPLICATION_PORT); + } + + private static boolean isListening(int port) { + try { + new Socket(InetAddress.getLocalHost(), port).close(); + return true; + } catch (IOException e) { + return false; + } + } + + private static EmbeddedDirectoryServer manageServer() { + return EmbeddedDirectoryServer.manageEmbeddedDirectoryServer( + configParams() + .serverRootDirectory(SERVER_ROOT.getPath()) + .configurationFile(new File(SERVER_ROOT, "config/config.ldif").getPath()), + connectionParams() + .hostName("localhost") + .ldapPort(PORT) + .ldapSecurePort(SSL_PORT) + .adminPort(ADMIN_PORT) + .bindDn(ROOT_DN) + .bindPassword(ROOT_PASSWORD), + System.out, System.err); + } + + private static void createInstance() throws IOException, EmbeddedDirectoryServerException { + if (instanceCreated) { + return; + } + IOUtil.delete(WORK_DIR); + if (!SERVER_ROOT.mkdirs()) { + throw new IOException("Cannot create " + SERVER_ROOT); + } + + EmbeddedDirectoryServer setupServer = manageServer(); + setupServer.extractArchiveForSetup(archive()); + // Set up empty: the data is imported further down, once the configuration it has to + // satisfy is in place. --ldapsPort implies a generated self-signed certificate, which is + // all testSSL() needs, as it registers a blind trust provider. + setupServer.setup(setupParams() + .baseDn(EXAMPLE_COM_DN) + .backendType("je") + .jmxPort(JMX_PORT)); + + // Configuration goes in over a connection, so the server has to be up for it. + startAndApply(setupServer, "test-config.ldif"); + + // Now that the server will accept the entries and knows which indexes to build for them, + // import. Doing this before the configuration above would get entries rejected and leave + // the VLV index empty. + importData(); + + // uid=admin and the ACIs granting it access can only be added once the entries they refer + // to exist. + startAndApply(setupServer, "admin.ldif"); + + for (String dir : MUTABLE_DIRS) { + copyDirectory(new File(SERVER_ROOT, dir).toPath(), new File(PRISTINE_DIR, dir).toPath()); + } + instanceCreated = true; + } + + private static void restorePristineState() throws IOException { + for (String dir : MUTABLE_DIRS) { + File target = new File(SERVER_ROOT, dir); + IOUtil.delete(target); + copyDirectory(new File(PRISTINE_DIR, dir).toPath(), target.toPath()); + } + } + + /** The OpenDJ distribution archive, handed over by the build; cf. the pom. */ + private static File archive() throws IOException { + String path = System.getProperty("opendj.archive"); + if (path == null) { + throw new IOException("The opendj.archive system property is not set; " + + "it should point at the OpenDJ distribution archive to set the test instance up from."); + } + File archive = new File(path); + if (!archive.isFile()) { + throw new IOException("No OpenDJ distribution archive at " + archive); + } + return archive; + } + + private static File generateBigCompanyLdif() throws IOException { + File template = copyResourceToWorkDir("bigcompany.template"); + File ldif = new File(WORK_DIR, "bigcompany.ldif"); + // The name dictionaries the template draws from ship with the distribution. + File resourcePath = new File(SERVER_ROOT, "template/config/MakeLDIF"); + // A fixed seed keeps the generated entries stable from run to run. + int rc = MakeLDIF.run(System.out, System.err, + "--outputLDIF", ldif.getPath(), + "--resourcePath", resourcePath.getPath(), + "--randomSeed", "1", + template.getPath()); + if (rc != 0) { + throw new IOException("Generating " + ldif + " from " + template + " failed with code " + rc); + } + return ldif; + } + + /** + * Grants uid=admin the privileges and ACIs the tests rely on. Kept as an LDIF changes file + * because part of it modifies cn=config, which cannot be expressed in imported data. + */ + private static void applyChanges(EmbeddedDirectoryServer target, String resource) + throws IOException, EmbeddedDirectoryServerException { + // The ports are only known at run time, so the files spell them as placeholders. + String ldif = readResource(resource) + .replace("%REPLICATION_PORT%", String.valueOf(REPLICATION_PORT)); + try (Connection connection = target.getInternalConnection(); + LDIFChangeRecordReader reader = new LDIFChangeRecordReader(new StringReader(ldif)); + ConnectionChangeRecordWriter writer = new ConnectionChangeRecordWriter(connection)) { + while (reader.hasNext()) { + writer.writeChangeRecord(reader.readChangeRecord()); + } + } + } + + private static String readResource(String name) throws IOException { + try (InputStream in = openResource(name)) { + return new String(in.readAllBytes(), StandardCharsets.UTF_8); + } + } + + /** Brings the server up, feeds it an LDIF changes file, and puts it back down. */ + private static void startAndApply(EmbeddedDirectoryServer target, String resource) + throws IOException, EmbeddedDirectoryServerException { + target.start(); + waitUntilListening(); + try { + applyChanges(target, resource); + } finally { + target.stop(LdapConnectorTestBase.class.getName(), null); + } + if (!waitUntilStopped()) { + throw new IOException("OpenDJ failed to stop after applying " + resource); + } + } + + /** + * Imports the test entries with the server down. + * + * This drives the tool directly rather than through EmbeddedDirectoryServer.importLDIF(), + * which requires a running server, and an online import would go through the task backend + * and the admin connector for no benefit here. + */ + private static void importData() throws IOException { + File rejects = new File(WORK_DIR, "rejects.ldif"); + int rc = ImportLDIF.mainImportLDIF(new String[] { + "--configFile", new File(SERVER_ROOT, "config/config.ldif").getPath(), + "--backendID", "userRoot", + "--ldifFile", copyResourceToWorkDir("data.ldif").getPath(), + "--ldifFile", generateBigCompanyLdif().getPath(), + "--rejectFile", rejects.getPath(), + "--offline", + "--noPropertiesFile" }, true, System.out, System.err); + if (rc != 0) { + throw new IOException("Importing the test entries into " + SERVER_ROOT + " failed with code " + rc); + } + // A rejected entry does not fail the import, it just quietly goes missing and surfaces + // much later as a test looking for data that is not there. + if (rejects.length() > 0) { + throw new IOException("The server rejected some of the test entries; see " + rejects); + } + } + + private static InputStream openResource(String name) throws IOException { + InputStream in = LdapConnectorTestBase.class.getClassLoader().getResourceAsStream("opends/" + name); + if (in == null) { + throw new IOException("Missing resource: opends/" + name); + } + return in; + } + + private static File copyResourceToWorkDir(String name) throws IOException { + File file = new File(WORK_DIR, name); + try (InputStream in = openResource(name)) { + Files.copy(in, file.toPath(), StandardCopyOption.REPLACE_EXISTING); + } + return file; + } + + private static void copyDirectory(final Path source, final Path target) throws IOException { + if (!Files.isDirectory(source)) { + // The server only creates some of these once it has something to put in them. + return; + } + Files.walkFileTree(source, new SimpleFileVisitor() { + @Override + public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException { + Files.createDirectories(target.resolve(source.relativize(dir))); + return FileVisitResult.CONTINUE; } - if (i < ITERATIONS) { - try { - Thread.sleep(WAIT); - } catch (InterruptedException e) {} - } else { - break; + + @Override + public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { + Files.copy(file, target.resolve(source.relativize(file)), StandardCopyOption.REPLACE_EXISTING); + return FileVisitResult.CONTINUE; } + }); + } + + private static int findFreePort() { + try (ServerSocket socket = new ServerSocket(0)) { + socket.setReuseAddress(true); + return socket.getLocalPort(); + } catch (IOException e) { + throw new RuntimeException("Cannot reserve a port for the test directory server", e); } - Assert.fail("OpenDS failed to stop"); } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java index 7b64da33..45109ab3 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -34,27 +35,40 @@ import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; -import org.identityconnectors.common.security.GuardedString; import org.identityconnectors.framework.api.APIConfiguration; import org.identityconnectors.framework.api.ConnectorFacade; import org.identityconnectors.framework.api.ConnectorFacadeFactory; import org.identityconnectors.ldap.search.DefaultSearchStrategy; import org.identityconnectors.ldap.search.LdapInternalSearch; import org.identityconnectors.ldap.search.LdapSearchResultsHandler; -import org.identityconnectors.test.common.PropertyBag; import org.identityconnectors.test.common.TestHelpers; -public class SunDSTestBase { +/** + * Base for the tests written against Sun DSEE, run against the embedded OpenDJ instance. + * + * OpenDJ serves the change log these tests read and supports the VLV searches they make, so it + * stands in for the Sun DSEE they were pointed at through sunds.* properties, which nobody can + * supply any more. + * + * The tests here empty their base context and repopulate it, so they get one of their own rather + * than the contexts the other tests read. Whatever they leave behind is cleared up anyway: the + * server stops when the class ends, and the next start puts the data back as it was. + */ +public class SunDSTestBase extends LdapConnectorTestBase { + + @Override + protected boolean restartServerAfterEachTest() { + return false; + } public static LdapConfiguration newConfiguration() { LdapConfiguration config = new LdapConfiguration(); config.setConnectorMessages(TestHelpers.createDummyMessages()); - PropertyBag testProps = TestHelpers.getProperties(LdapConnector.class); - config.setHost(testProps.getStringProperty("sunds.host")); - config.setPort(testProps.getProperty("sunds.port", Integer.class, 389)); - config.setPrincipal(testProps.getStringProperty("sunds.principal")); - config.setCredentials(testProps.getProperty("sunds.credentials", GuardedString.class)); - config.setBaseContexts(testProps.getStringProperty("sunds.baseContext")); + config.setHost("localhost"); + config.setPort(PORT); + config.setPrincipal(ADMIN_DN); + config.setCredentials(ADMIN_PASSWORD); + config.setBaseContexts(SMALL_COMPANY_DN); config.setUidAttribute("entryDN"); config.setReadSchema(false); // To be compatible with IdM. config.validate(); diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java index c2504bc3..62028914 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap.schema; @@ -46,6 +47,7 @@ import org.identityconnectors.ldap.LdapConnectorTestBase; import org.identityconnectors.ldap.LdapConstants; import org.identityconnectors.ldap.LdapConstants.ServerType; +import org.identityconnectors.ldap.LdapUtil; public class LdapSchemaMappingTests extends LdapConnectorTestBase { @@ -62,6 +64,11 @@ public void testObjectClassAttrIsReadOnly() { LdapConfiguration config = newConfiguration(true); Schema schema = newFacade(config).schema(); for (ObjectClassInfo oci : schema.getObjectClassInfo()) { + if (oci.is(LdapUtil.SERVER_INFO_NAME)) { + // Not an LDAP object class: the connector makes this one up to report server + // information through, and it has no attributes at all, objectClass included. + continue; + } AttributeInfo attrInfo = AttributeInfoUtil.find("objectClass", oci.getAttributeInfo()); assertFalse(attrInfo.isRequired()); assertFalse(attrInfo.isCreateable()); @@ -165,11 +172,16 @@ public void testAttributeTypes() { } @Test - public void testSyncNotSupported() { + public void testSyncSupported() { LdapConfiguration config = newConfiguration(); LdapConnection conn = new LdapConnection(config); - assertEquals(ServerType.OPENDS, conn.getServerType()); + // The test instance is OpenDJ; it was OpenDS back when this test last ran, and used to + // assert the opposite. OpenDJ serves the change log, so the connector reports sync as + // supported (it only takes it away for OpenDS), and SunDSChangeLogSyncStrategyTests + // exercises it end to end. + assertEquals(ServerType.OPENDJ, conn.getServerType()); Schema schema = newFacade(config).schema(); - assertTrue(schema.getSupportedObjectClassesByOperation().get(SyncApiOp.class).isEmpty()); + ObjectClassInfo accountInfo = schema.findObjectClassInfo(ObjectClass.ACCOUNT_NAME); + assertTrue(schema.getSupportedObjectClassesByOperation().get(SyncApiOp.class).contains(accountInfo)); } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java index be25dfab..5d00f142 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java @@ -20,6 +20,7 @@ * "Portions Copyrighted [year] [name of copyright owner]" * ==================== * "Portions Copyrighted 2014 ForgeRock AS" + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap.search; @@ -271,7 +272,11 @@ public void testAttributesToGetNotPresentInEntryAreEmpty() { @Test public void testScope() { - ConnectorFacade facade = newFacade(); + // The subtree search below returns more accounts than the server will hand over in one + // go; cf. testMultipleBaseDNs. + LdapConfiguration config = newConfiguration(); + config.setUseBlocks(true); + ConnectorFacade facade = newFacade(config); // Find an organization to pass in OP_CONTAINER. ObjectClass oclass = new ObjectClass("organization"); ConnectorObject organization = searchByAttribute(facade, oclass, new Name(BIG_COMPANY_DN)); @@ -334,7 +339,12 @@ public void testMissingParenthesesAddedToAccountSearchFilter() { @Test public void testMultipleBaseDNs() { - ConnectorFacade facade = newFacade(); + // Big Company holds more accounts than the server will return in one search, so the + // search has to be broken up. This used to be the default, until useBlocks was changed + // to default to false. + LdapConfiguration config = newConfiguration(); + config.setUseBlocks(true); + ConnectorFacade facade = newFacade(config); // This should find accounts from both base DNs. List objects = TestHelpers.searchToList(facade, ObjectClass.ACCOUNT, null); diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java index a1fe67b3..a900d95b 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java @@ -19,19 +19,15 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap.search; import static org.testng.AssertJUnit.assertEquals; -import static org.testng.AssertJUnit.assertTrue; import org.testng.annotations.Test; -import java.lang.reflect.Method; import java.util.HashSet; import java.util.Set; -import org.identityconnectors.common.logging.Log; -import org.identityconnectors.common.logging.LogSpi; -import org.identityconnectors.common.logging.Log.Level; import org.identityconnectors.framework.api.APIConfiguration; import org.identityconnectors.framework.api.ConnectorFacade; import org.identityconnectors.framework.api.ConnectorFacadeFactory; @@ -92,59 +88,13 @@ public void testOverlapWorkaround() throws Exception { } ToListResultsHandler handler = new ToListResultsHandler(); + facade.search(ObjectClass.ACCOUNT, null, handler, null); - Log oldLog = VlvIndexSearchStrategy.getLog(); - OverlapLogImpl overlapLog = new OverlapLogImpl(oldLog); - try { - VlvIndexSearchStrategy.setLog(createLog(VlvIndexSearchStrategy.class, overlapLog)); - facade.search(ObjectClass.ACCOUNT, null, handler, null); - } finally { - VlvIndexSearchStrategy.setLog(oldLog); - } - - assertTrue("The server should have sent overlapping blocks", overlapLog.hasOverlap()); + // Blocks of two mean the VLV search strategy makes 45 round trips to gather the 90 + // accounts; getting all of them back is what shows its paging loop stitches the blocks + // together correctly. This used to also assert the server returned overlapping blocks, a + // VLV offset rounding bug specific to Sun DSEE; OpenDJ computes the offsets exactly and + // never overlaps, so that half of the check no longer applies. assertEquals(COUNT, handler.getObjects().size()); } - - private static Log createLog(Class clazz, LogSpi spi) throws Exception { - Method getLogMethod = Log.class.getDeclaredMethod("getLog", Class.class, LogSpi.class); - getLogMethod.setAccessible(true); - return (Log) getLogMethod.invoke(null, clazz, spi); - } - - static class OverlapLogImpl implements LogSpi { - - private final Log delegate; - - private boolean overlap = false; - - public OverlapLogImpl(Log delegate) { - this.delegate = delegate; - } - - public boolean isLoggable(Class clazz, Level level) { - return true; // We need to, in order to ensure log() will be called. - } - - public void log(Class clazz, StackTraceElement caller, Level level, String message, Throwable ex) { - log(clazz,"unknown", level, message, ex); - } - - public boolean needToInferCaller(Class clazz, Level level) { - return false; - } - - public void log(Class clazz, String method, Level level, String message, Throwable ex) { - if (VlvIndexSearchStrategy.class.equals(clazz) && message != null && message.contains("overlap")) { - overlap = true; - } - if (delegate.isLoggable(level)) { - delegate.log(clazz, method, level, message, ex); - } - } - - public boolean hasOverlap() { - return overlap; - } - } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java index 3a6151a8..72628a76 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java @@ -47,6 +47,7 @@ import org.identityconnectors.framework.common.objects.SyncResultsHandler; import org.identityconnectors.framework.common.objects.SyncToken; import org.identityconnectors.framework.common.objects.Uid; +import org.identityconnectors.framework.spi.SyncTokenResultsHandler; import org.identityconnectors.ldap.LdapConfiguration; import org.identityconnectors.ldap.LdapConnection; import org.identityconnectors.ldap.SunDSTestBase; @@ -94,11 +95,18 @@ private List doTest(LdapConnection conn, String ldif, int expected) t OperationOptions options = builder.build(); final List result = new ArrayList(); - sync.sync(token, new SyncResultsHandler() { + // SyncTokenResultsHandler rather than a plain SyncResultsHandler because the strategy + // hands the final token back through handleResult(); in production the framework always + // passes a handler of this type. + sync.sync(token, new SyncTokenResultsHandler() { public boolean handle(SyncDelta delta) { result.add(delta); return true; } + + public void handleResult(SyncToken token) { + // The tests assert on the deltas, not the returned token. + } }, options); return result; } @@ -122,7 +130,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); SyncDelta delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // add maps to CREATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE when this last ran. + assertEquals(SyncDeltaType.CREATE, delta.getDeltaType()); ConnectorObject object = delta.getObject(); assertEquals(new Uid(entryDN), object.getUid()); assertEquals(new Name(entryDN), object.getName()); @@ -138,7 +147,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modrdn maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(new Uid(entryDN), object.getUid()); assertEquals(new Name(entryDN), object.getName()); @@ -154,7 +164,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modify maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(AttributeBuilder.build("cn", "Foo Bar", "Dummy User"), object.getAttributeByName("cn")); @@ -167,7 +178,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modrdn maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(new Uid(entryDN), object.getUid()); assertEquals(new Name(entryDN), object.getName()); @@ -181,7 +193,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modify maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(AttributeBuilder.build("cn", "Dummy User"), object.getAttributeByName("cn")); @@ -246,9 +259,34 @@ public void testFilterOutByBaseContexts() throws NamingException { @Test public void testFilterOutByModifiersNames() throws NamingException { LdapConfiguration config = newConfiguration(); - config.setModifiersNamesToFilterOut("cn=Directory Manager"); + // The DN the connection binds as, which the server records as the modifier of the modify + // below; on Sun DSEE this was cn=Directory Manager. + config.setModifiersNamesToFilterOut(ADMIN_DN); LdapConnection conn = newConnection(config); - testExpectingNoDelta(conn); + String baseContext = conn.getConfiguration().getBaseContexts()[0]; + String entryDN = "uid=foobar," + baseContext; + + // Unlike the other filter tests this one drives a modify, not the shared add: OpenDJ + // attributes an add to creatorsName and records modifiersName only on a modify, which is + // what this filter matches. The add that creates the entry is synced from a token taken + // before it, in a separate window, so it does not count towards the assertion below. + doTest(conn, + "dn: " + entryDN + "\n" + + "changetype: add\n" + + "objectClass: inetOrgPerson\n" + + "objectClass: organizationalPerson\n" + + "objectClass: person\n" + + "objectClass: top\n" + + "uid: foobar\n" + + "cn: Foo Bar\n" + + "sn: Bar\n", 1); + + List result = doTest(conn, + "dn: " + entryDN + "\n" + + "changeType: modify\n" + + "add: description\n" + + "description: changed", 0); + assertTrue(result.isEmpty()); } @Test @@ -296,7 +334,9 @@ private void testExpectingNoDelta(LdapConnection conn) throws NamingException { public void testSyncSupported() throws NamingException { LdapConfiguration config = newConfiguration(); LdapConnection conn = newConnection(config); - assertEquals(ServerType.SUN_DSEE, conn.getServerType()); + // The test instance is OpenDJ; it was Sun DSEE back when this test last ran. Both serve + // the change log this strategy reads, so sync stays supported either way. + assertEquals(ServerType.OPENDJ, conn.getServerType()); Schema schema = newFacade(config).schema(); ObjectClassInfo accountInfo = schema.findObjectClassInfo(ObjectClass.ACCOUNT_NAME); assertTrue(schema.getSupportedObjectClassesByOperation().get(SyncApiOp.class).contains(accountInfo)); diff --git a/OpenICF-ldap-connector/opends/admin.ldif b/OpenICF-ldap-connector/src/test/resources/opends/admin.ldif similarity index 63% rename from OpenICF-ldap-connector/opends/admin.ldif rename to OpenICF-ldap-connector/src/test/resources/opends/admin.ldif index efe20c5d..cb99ec3c 100644 --- a/OpenICF-ldap-connector/opends/admin.ldif +++ b/OpenICF-ldap-connector/src/test/resources/opends/admin.ldif @@ -19,6 +19,7 @@ # enclosed by brackets [] replaced by your own identifying information: # "Portions Copyrighted [year] [name of copyright owner]" # ==================== +# Portions Copyrighted 2026 3A Systems, LLC # -- END LICENSE dn: uid=admin,dc=example,dc=com changetype: add @@ -35,6 +36,8 @@ userPassword: password ds-privilege-name: unindexed-search # To be able to change passwords. ds-privilege-name: password-reset +# To be able to read cn=changelog, which sync() works off. +ds-privilege-name: changelog-read dn: dc=example,dc=com changetype: modify @@ -55,3 +58,19 @@ dn: cn=Access Control Handler,cn=config changetype: modify add: ds-cfg-global-aci ds-cfg-global-aci: (targetcontrol = "2.16.840.1.113730.3.4.9")(version 3.0; acl "Allow Virtual List View Control Admin Access"; allow(read) userdn = "ldap:///uid=admin,dc=example,dc=com";) + +# sync() finds the change log by reading changelog, firstChangeNumber and lastChangeNumber from +# the root DSE. They are operational attributes, so targetattr="*" does not cover them and the +# stock "User-Visible Root DSE Operational Attributes" ACI does not list them. +dn: cn=Access Control Handler,cn=config +changetype: modify +add: ds-cfg-global-aci +ds-cfg-global-aci: (target = "ldap:///")(targetscope = "base")(targetattr = "changelog||firstChangeNumber||lastChangeNumber")(version 3.0; acl "Allow Change Log Root DSE Attributes Admin Access"; allow(read,search,compare) userdn = "ldap:///uid=admin,dc=example,dc=com";) + +# cn=changelog sits outside dc=example,dc=com, so the ACI on that suffix does not reach it. The +# attributes are named one by one because the stock "Anonymous read access" global ACI excludes +# exactly these from targetattr="*". +dn: cn=Access Control Handler,cn=config +changetype: modify +add: ds-cfg-global-aci +ds-cfg-global-aci: (target = "ldap:///cn=changelog")(targetattr = "*||changeNumber||targetDN||changeType||changes||newRDN||deleteOldRDN||newSuperior||targetEntryUUID||changeTime||changeInitiatorsName")(version 3.0; acl "Allow Change Log Admin Access"; allow(read,search,compare) userdn = "ldap:///uid=admin,dc=example,dc=com";) diff --git a/OpenICF-ldap-connector/opends/bigcompany.template b/OpenICF-ldap-connector/src/test/resources/opends/bigcompany.template similarity index 78% rename from OpenICF-ldap-connector/opends/bigcompany.template rename to OpenICF-ldap-connector/src/test/resources/opends/bigcompany.template index a31a62be..350db0c7 100644 --- a/OpenICF-ldap-connector/opends/bigcompany.template +++ b/OpenICF-ldap-connector/src/test/resources/opends/bigcompany.template @@ -19,16 +19,26 @@ # enclosed by brackets [] replaced by your own identifying information: # "Portions Copyrighted [year] [name of copyright owner]" # ==================== +# Portions Copyrighted 2026 3A Systems, LLC # -- END LICENSE +# +# The suffix entry itself is not generated here: data.ldif already defines +# dc=example,dc=com, and both files are imported into the same backend. +# +# Branches must spell out their objectClasses. The Sun-era MakeLDIF derived them +# from the RDN attribute; the OpenDJ one does not, and leaves the entry without a +# structural objectClass, which the server then rejects on import. define suffix=dc=example,dc=com define maildomain=example.com define numusers=2000 -branch: [suffix] - branch: o=Big Company,[suffix] +objectClass: top +objectClass: organization branch: ou=People,o=Big Company,[suffix] +objectClass: top +objectClass: organizationalUnit subordinateTemplate: person:[numusers] template: person diff --git a/OpenICF-ldap-connector/opends/data.ldif b/OpenICF-ldap-connector/src/test/resources/opends/data.ldif similarity index 100% rename from OpenICF-ldap-connector/opends/data.ldif rename to OpenICF-ldap-connector/src/test/resources/opends/data.ldif diff --git a/OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif b/OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif new file mode 100644 index 00000000..3d9fa9c7 --- /dev/null +++ b/OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif @@ -0,0 +1,112 @@ +# The contents of this file are subject to the terms of the Common Development and +# Distribution License (the License). You may not use this file except in compliance with the +# License. +# +# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the +# specific language governing permission and limitations under the License. +# +# When distributing Covered Software, include this CDDL Header Notice in each file and include +# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL +# Header, with the fields enclosed by brackets [] replaced by your own identifying +# information: "Portions copyright [year] [name of copyright owner]". +# +# Copyright 2026 3A Systems, LLC. +# +# Server configuration the tests need on top of a stock setup. Carried over from the OpenDS-era +# config.ldif this module used to ship, adapted to OpenDJ 5. +# +# The default search size limit of 1000 is deliberately left alone: testSimplePagedSearch and +# testVlvIndexSearch assert they get more than 1000 entries back, which only proves anything +# about paging while the server would otherwise cut the search off. + +# data.ldif carries "c: Czech Republic", which is not the two-letter code the country string +# syntax calls for. OpenDS let it through; OpenDJ rejects the entry outright, and +# testSearchArbitraryObjectClass is then left with nothing to find. Warn instead of reject, so +# the entry is imported as it always was. +# +# ds-cfg-strict-format-country-string on cn=Core Schema,cn=Schema Providers would be the +# narrower knob, but the schema providers are only consulted when the server starts, and the +# entries are imported offline, where that setting has no bearing. +dn: cn=config +changetype: modify +replace: ds-cfg-invalid-attribute-syntax-behavior +ds-cfg-invalid-attribute-syntax-behavior: warn + +# uid=expired in data.ldif is bound to this one. The password expires two seconds after it is +# set, but the grace logins let the bind through, and the server flags it with the password +# expired control; that pair is what testAuthenticateExpiredPassword exercises. +dn: cn=Quickly Expiring Password Policy,cn=Password Policies,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-password-policy +cn: Quickly Expiring Password Policy +ds-cfg-java-class: org.opends.server.core.PasswordPolicyFactory +ds-cfg-password-attribute: userPassword +ds-cfg-default-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config +ds-cfg-max-password-age: 2 seconds +# Has to stay below the maximum password age, or the server rejects the policy. +ds-cfg-password-expiration-warning-interval: 1 seconds +ds-cfg-grace-login-count: 42 +ds-cfg-expire-passwords-without-warning: true + +# AdapterCompatibilityTests puts the accounts it hashes passwords for under this policy, so that +# it can read back what it stored. +dn: cn=Clear Text Password Policy,cn=Password Policies,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-password-policy +cn: Clear Text Password Policy +ds-cfg-java-class: org.opends.server.core.PasswordPolicyFactory +ds-cfg-password-attribute: userPassword +ds-cfg-default-password-storage-scheme: cn=Clear,cn=Password Storage Schemes,cn=config +ds-cfg-allow-pre-encoded-passwords: true + +# When a search asks for debugsearchindex, the server answers with a single made-up entry, +# cn=debugsearch, describing the indexes it used. That entry sits outside dc=example,dc=com, so +# the ACIs in admin.ldif do not reach it and it would be filtered out of the results before +# testVlvIndexSearch ever saw it. +dn: cn=Access Control Handler,cn=config +changetype: modify +add: ds-cfg-global-aci +ds-cfg-global-aci: (target = "ldap:///cn=debugsearch")(targetattr = "debugsearchindex")(version 3.0; acl "Allow Debug Search Index Admin Access"; allow(read,search) userdn = "ldap:///uid=admin,dc=example,dc=com";) + +# SunDSChangeLogSyncStrategyTests reads the change log at cn=changelog. OpenDJ serves it out of +# the replication machinery, so replication has to be configured even though there is no second +# server to replicate to. compute-change-number is what fills in the changeNumber attribute the +# strategy keys off; without it the log is only readable by cookie. +dn: cn=replication server,cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-replication-server +cn: replication server +ds-cfg-replication-port: %REPLICATION_PORT% +ds-cfg-replication-server-id: 1 +ds-cfg-compute-change-number: true + +dn: cn=example,cn=domains,cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-replication-domain +cn: example +ds-cfg-base-dn: dc=example,dc=com +ds-cfg-replication-server: localhost:%REPLICATION_PORT% +ds-cfg-server-id: 1 + +# testVlvIndexSearch checks that the server reports having used a VLV index for its search. +dn: cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-branch +cn: VLV Index + +dn: ds-cfg-name=index-uid,cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-backend-vlv-index +ds-cfg-name: index-uid +ds-cfg-base-dn: dc=example,dc=com +ds-cfg-scope: whole-subtree +# Spelled in the order the connector builds it from the default account object classes: the +# server only picks the index up for a search whose filter matches this one. +ds-cfg-filter: (&(objectClass=top)(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)) +ds-cfg-sort-order: uid diff --git a/pom.xml b/pom.xml index c81f7ea7..3b3cd0a3 100644 --- a/pom.xml +++ b/pom.xml @@ -43,6 +43,7 @@ UTF-8 all,-missing + 5.1.2-SNAPSHOT @@ -178,7 +179,7 @@ org.openidentityplatform.opendj opendj-parent - 5.1.1 + ${opendj.version} pom import