directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r924314 [1/3] - in /directory/apacheds/trunk/core-integ: ./ src/main/java/org/apache/directory/server/core/integ/ src/test/java/org/apache/directory/server/core/authz/ src/test/java/org/apache/directory/server/core/suites/
Date Wed, 17 Mar 2010 14:41:35 GMT
Author: kayyagari
Date: Wed Mar 17 14:41:34 2010
New Revision: 924314

URL: http://svn.apache.org/viewvc?rev=924314&view=rev
Log:
o added dependency on client-api
o fixed a JNDI issue in IntegrationUtils and added some convenient methods to get LdapConnection for the associated LdapServer
o migrated all the classes under the authz package to use client-api 
o added LDAP server and DS annotations in AuthzISuite 

Modified:
    directory/apacheds/trunk/core-integ/pom.xml
    directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/suites/AuthzISuite.java

Modified: directory/apacheds/trunk/core-integ/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/pom.xml?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/pom.xml (original)
+++ directory/apacheds/trunk/core-integ/pom.xml Wed Mar 17 14:41:34 2010
@@ -60,6 +60,14 @@
       <artifactId>commons-io</artifactId>
       <version>${commons.io.version}</version>
     </dependency>
+    
+    <!-- the below dependency creates a circular dependency issue, should be changed to 0.1.0 after the client-api
+         is released and all the tests will eventually be moved to server-integ after removing jndi -->
+    <dependency>
+      <groupId>org.apache.directory.client.ldap</groupId>
+      <artifactId>ldap-client-api</artifactId>
+      <version>0.1-SNAPSHOT</version>
+    </dependency> 
   </dependencies>
 
   <profiles>

Modified: directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java (original)
+++ directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java Wed Mar 17 14:41:34 2010
@@ -21,17 +21,19 @@ package org.apache.directory.server.core
 
 import java.io.File;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
 
-import javax.naming.InvalidNameException;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.ModificationItem;
 import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.LdapName;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.DirectoryService;
@@ -39,10 +41,12 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.entry.DefaultServerEntry;
 import org.apache.directory.server.core.jndi.ServerLdapContext;
 import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.client.DefaultClientAttribute;
+import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.ldif.ChangeType;
 import org.apache.directory.shared.ldap.ldif.LdifEntry;
 import org.apache.directory.shared.ldap.ldif.LdifReader;
@@ -64,6 +68,7 @@ public class IntegrationUtils
     /** The class logger */
     private static final Logger LOG = LoggerFactory.getLogger( IntegrationUtils.class );
 
+    private static final List<LdapConnection> openConnections = new ArrayList<LdapConnection>();
 
     /**
      * Deletes the working directory.
@@ -129,7 +134,7 @@ public class IntegrationUtils
     }
 
 
-    public static LdifEntry getUserAddLdif() throws InvalidNameException, NamingException
+    public static LdifEntry getUserAddLdif() throws LdapException
     {
         return getUserAddLdif( "uid=akarasulu,ou=users,ou=system", "test".getBytes(), "Alex Karasulu", "Karasulu" );
     }
@@ -153,7 +158,7 @@ public class IntegrationUtils
         }
 
         CoreSession session = service.getSession( principal );
-        LdapContext ctx = new ServerLdapContext( service, session, new DN( dn ) );
+        LdapContext ctx = new ServerLdapContext( service, session, new LdapName( dn ) );
         return ctx;
     }
 
@@ -259,7 +264,7 @@ public class IntegrationUtils
 
 
     public static LdifEntry getUserAddLdif( String dnstr, byte[] password, String cn, String sn )
-            throws InvalidNameException, NamingException
+            throws LdapException
     {
         DN dn = new DN( dnstr );
         LdifEntry ldif = new LdifEntry();
@@ -351,4 +356,62 @@ public class IntegrationUtils
         
         return ( schema != null ) && schema.isEnabled();
     }
+    
+    
+    /**
+     * gets a LdapConnection bound using the default admin DN uid=admin,ou=system and password "secret"
+     */
+    public static LdapConnection getAdminConnection( LdapServer ldapServer ) throws Exception
+    {
+        return getConnectionAs( ldapServer, ServerDNConstants.ADMIN_SYSTEM_DN, "secret" );
+    }
+
+
+    public static LdapConnection getConnectionAs( LdapServer ldapServer, String dn, String password ) throws Exception
+    {
+        return getConnectionAs( "localhost", ldapServer.getPort(), dn, password );
+    }
+
+
+    public static LdapConnection getConnectionAs( LdapServer ldapServer, DN dn, String password ) throws Exception
+    {
+        return getConnectionAs( "localhost", ldapServer.getPort(), dn.getName(), password );
+    }
+
+
+    public static LdapConnection getConnectionAs( String host, int port, String dn, String password ) throws Exception
+    {
+        LdapConnection connection = new LdapConnection( host, port );
+        connection.bind( dn, password );
+        openConnections.add( connection );
+        return connection;
+    }
+    
+    
+    public static void closeConections()
+    {
+        
+        for( LdapConnection con : openConnections )
+        {
+            if( con == null )
+            {
+                continue;
+            }
+            
+            try
+            {
+                if( con.isConnected() )
+                {
+                    con.close();
+                }
+            }
+            catch( Exception e )
+            {
+                // shouldn't happen, but print the stacktrace so that less pain during development to find the cause
+                e.printStackTrace();
+            }
+        }
+        
+        openConnections.clear();
+    }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -23,21 +23,19 @@ package org.apache.directory.server.core
 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAsAdmin;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.exception.LdapException;
+import org.apache.directory.ldap.client.api.message.AddResponse;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.Before;
 import org.junit.Test;
@@ -57,7 +55,7 @@ public class AddAuthorizationIT extends 
     @Before
     public void setService()
     {
-        AutzIntegUtils.service = service;
+        AutzIntegUtils.ldapServer = ldapServer;
     }
     
     
@@ -73,29 +71,32 @@ public class AddAuthorizationIT extends 
      * @param password the password of this user
      * @param entryRdn the relative DN, relative to ou=system where entry creation is tested
      * @return true if the entry can be created by the user at the specified location, false otherwise
-     * @throws NamingException if there are problems conducting the test
+     * @throws Exception if there are problems conducting the test
      */
     public boolean checkCanAddEntryAs( String uid, String password, String entryRdn ) throws Exception
     {
-        Attributes testEntry = new BasicAttributes( "ou", "testou", true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        testEntry.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "organizationalUnit" );
-
         try
         {
             DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-            DirContext userContext = getContextAs( userName, password );
-            userContext.createSubcontext( entryRdn, testEntry );
-
-            // delete the newly created context as the admin user
-            DirContext adminContext = getContextAsAdmin();
-            adminContext.destroySubcontext( entryRdn );
+            LdapConnection connection = getConnectionAs( userName, password );
 
+            Entry entry = new DefaultClientEntry( new DN( "ou=testou,ou=system" ) );
+            entry.add( SchemaConstants.OU_AT, "testou" );
+            entry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+            
+            AddResponse resp = connection.add( entry );
+            
+            if( resp.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
+            {
+                return false;
+            }
+
+            connection.delete( entry.getDn() );
+            connection.close();
+            
             return true;
         }
-        catch ( LdapNoPermissionException e )
+        catch ( LdapException e )
         {
             return false;
         }
@@ -105,7 +106,7 @@ public class AddAuthorizationIT extends 
     /**
      * Checks to make sure group membership based userClass works for add operations.
      *
-     * @throws NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantAddAdministrators() throws Exception
@@ -139,7 +140,7 @@ public class AddAuthorizationIT extends 
     /**
      * Checks to make sure name based userClass works for add operations.
      *
-     * @throws NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantAddByName() throws Exception
@@ -165,7 +166,7 @@ public class AddAuthorizationIT extends 
     /**
      * Checks to make sure subtree based userClass works for add operations.
      *
-     * @throws NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantAddBySubtree() throws Exception
@@ -191,7 +192,7 @@ public class AddAuthorizationIT extends 
     /**
      * Checks to make sure <b>allUsers</b> userClass works for add operations.
      *
-     * @throws NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantAddAllUsers() throws Exception

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java Wed Mar 17 14:41:34 2010
@@ -22,19 +22,18 @@ package org.apache.directory.server.core
 
 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import javax.naming.Name;
-import javax.naming.NamingException;
-import javax.naming.NoPermissionException;
-import javax.naming.directory.DirContext;
 
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.name.DN;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -54,21 +53,27 @@ public class AdministratorsGroupIT exten
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
+       AutzIntegUtils.ldapServer = ldapServer;
     }
     
     
-    boolean canReadAdministrators( DirContext ctx ) throws NamingException
+    @After
+    public void closeConnections()
     {
-        try
-        {
-            ctx.getAttributes( "cn=Administrators,ou=groups" );
-            return true;
-        }
-        catch ( NoPermissionException e )
+        IntegrationUtils.closeConections();
+    }
+    
+    
+    boolean canReadAdministrators( LdapConnection connection ) throws Exception
+    {
+        SearchResultEntry res = ( SearchResultEntry ) connection.lookup( "cn=Administrators,ou=groups,ou=system" );
+        
+        if( res == null )
         {
             return false;
         }
+        
+        return true;
     }
 
 
@@ -85,28 +90,20 @@ public class AdministratorsGroupIT exten
     @CreateDS ( enableAccessControl=true, name="testNonAdminReadAccessToGroups-method" )
     public void testNonAdminReadAccessToGroups() throws Exception
     {
-        // this is required cause the new service is at method level
-        AutzIntegUtils.service = service;
-        
-        Name billydDn = createUser( "billyd", "s3kr3t" );
-        
+        DN billydDn = createUser( "billyd", "s3kr3t" );
+
         // this should fail with a no permission exception because we
         // are not allowed to browse ou=system without an ACI 
-        try
-        {
-            getContextAs( billydDn, "s3kr3t" );
-            fail( "Should not get here since we cannot browse ou=system" );
-        }
-        catch( NoPermissionException e )
-        {
-        }
+        LdapConnection connection = getConnectionAs( billydDn, "s3kr3t" );
+        assertTrue( connection.isAuthenticated() );
+        assertFalse( canReadAdministrators( connection ) );
         
         // add billyd to administrators and try again
         addUserToGroup( "billyd", "Administrators" );
 
         // billyd should now be able to read ou=system and the admin group
-        DirContext ctx = getContextAs( billydDn, "s3kr3t" );
-        assertTrue( canReadAdministrators( ctx ) );
+        connection = getConnectionAs( billydDn, "s3kr3t" );
+        assertTrue( canReadAdministrators( connection ) );
     }
 
 
@@ -118,23 +115,20 @@ public class AdministratorsGroupIT exten
      * @throws Exception on failure
      */
     @Test
-    @CreateDS ( name="testNonAdminReadAccessToGroups-method" )
+    @CreateDS ( name="testDefaultNonAdminReadAccessToGroups-method" )
     public void testDefaultNonAdminReadAccessToGroups() throws Exception
     {
-        // this is required cause the new service is at method level
-        AutzIntegUtils.service = service;
-
-        Name billydDn = createUser( "billyd", "s3kr3t" );
+        DN billydDn = createUser( "billyd", "s3kr3t" );
         assertFalse( service.isAccessControlEnabled() );
-        DirContext ctx = getContextAs( billydDn, "s3kr3t" );
+        LdapConnection connection = getConnectionAs( billydDn, "s3kr3t" );
 
         // billyd should not be able to read the admin group
-        assertFalse( canReadAdministrators( ctx ) );
+        assertFalse( canReadAdministrators( connection ) );
 
         // add billyd to administrators and try again
         addUserToGroup( "billyd", "Administrators" );
 
         // billyd should now be able to read the admin group
-        assertTrue( canReadAdministrators( ctx ) );
+        assertTrue( canReadAdministrators( connection ) );
     }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java Wed Mar 17 14:41:34 2010
@@ -20,28 +20,33 @@
 package org.apache.directory.server.core.authz;
 
 
-import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
 
 import java.util.HashSet;
 
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.LdapContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.DeleteResponse;
+import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
+import org.apache.directory.ldap.client.api.message.ModifyRequest;
+import org.apache.directory.ldap.client.api.message.SearchResponse;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.cursor.Cursor;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.filter.SearchScope;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.name.RDN;
 import org.apache.directory.shared.ldap.util.ArrayUtils;
 import org.apache.directory.shared.ldap.util.StringTools;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -53,97 +58,98 @@ import org.junit.runner.RunWith;
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$
  */
-@RunWith ( FrameworkRunner.class )
+@RunWith(FrameworkRunner.class)
 public class AuthorizationServiceAsAdminIT extends AbstractLdapTestUnit
 {
 
+    @Before
+    public void setService()
+    {
+        AutzIntegUtils.ldapServer = ldapServer;
+    }
+
+
     /**
      * Makes sure the admin cannot delete the admin account.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testNoDeleteOnAdminByAdmin() throws Exception
     {
-        try
-        {
-            getSystemContext( service ).destroySubcontext( "uid=admin" );
-            fail( "admin should not be able to delete his account" );
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            assertNotNull( e );
-        }
+        DeleteResponse delResp = getAdminConnection().delete( "uid=admin,ou=system" );
+        assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, delResp.getLdapResult().getResultCode() );
     }
 
 
     /**
      * Makes sure the admin cannot rename the admin account.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testNoRdnChangesOnAdminByAdmin() throws Exception
     {
-        try
-        {
-            getSystemContext( service ).rename( "uid=admin", "uid=alex" );
-            fail( "admin should not be able to rename his account" );
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            assertNotNull( e );
-        }
+        ModifyDnResponse resp = getAdminConnection().rename( new DN( "uid=admin,ou=system" ), new RDN( "uid=alex" ) );
+        assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, resp.getLdapResult().getResultCode() );
     }
 
 
     /**
-     * Makes sure the admin cannot rename the admin account.
+     * Makes sure the admin can update the admin account password.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testModifyOnAdminByAdmin() throws Exception
     {
-        LdapContext sysRoot = getSystemContext( service );
-        Attributes attributes = new BasicAttributes( true );
-        attributes.put( "userPassword", "replaced" );
-        sysRoot.modifyAttributes( "uid=admin", DirContext.REPLACE_ATTRIBUTE, attributes );
-        Attributes newAttrs = sysRoot.getAttributes( "uid=admin" );
-        assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( "replaced" ), newAttrs.get( "userPassword" ).get() ) );
+        LdapConnection connection = getAdminConnection();
+        DN adminDN = new DN( "uid=admin,ou=system" );
+        ModifyRequest req = new ModifyRequest( adminDN );
+        String newPwd = "replaced";
+        req.replace( SchemaConstants.USER_PASSWORD_AT, newPwd );
+        connection.modify( req );
+        connection.close();
+
+        connection = getConnectionAs( adminDN, newPwd );
+        Entry entry = ( ( SearchResultEntry ) connection.lookup( adminDN.getName() ) ).getEntry();
+        assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( newPwd ), entry.get( "userPassword" ).get()
+            .getBytes() ) );
     }
 
 
     /**
      * Makes sure the admin can see all entries we know of on a subtree search.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testSearchSubtreeByAdmin() throws Exception
     {
-        LdapContext sysRoot = getSystemContext( service );
-        SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+        LdapConnection connection = getAdminConnection();
+
         HashSet<String> set = new HashSet<String>();
-        NamingEnumeration<SearchResult> list = sysRoot.search( "", "(objectClass=*)", controls );
 
-        while ( list.hasMore() )
+        Cursor<SearchResponse> cursor = connection.search( "ou=system", "(objectClass=*)", SearchScope.SUBTREE, "*" );
+
+        while ( cursor.next() )
         {
-            SearchResult result = list.next();
-            set.add( result.getName() );
+            Entry result = ( ( SearchResultEntry ) cursor.get() ).getEntry();
+            set.add( result.getDn().getName() );
         }
 
+        cursor.close();
+
         assertEquals( 10, set.size() );
         assertTrue( set.contains( "ou=system" ) );
-          assertTrue( set.contains( "ou=configuration,ou=system" ) );
-            assertTrue( set.contains( "ou=interceptors,ou=configuration,ou=system" ) );
-            assertTrue( set.contains( "ou=partitions,ou=configuration,ou=system" ) );
-            assertTrue( set.contains( "ou=services,ou=configuration,ou=system" ) );
-          assertTrue( set.contains( "ou=groups,ou=system" ) );
-            assertTrue( set.contains( "cn=Administrators,ou=groups,ou=system" ) );
-          assertTrue( set.contains( "ou=users,ou=system" ) );
-          assertTrue( set.contains( "prefNodeName=sysPrefRoot,ou=system" ) );
-          assertTrue( set.contains( "uid=admin,ou=system" ) );
+        assertTrue( set.contains( "ou=configuration,ou=system" ) );
+        assertTrue( set.contains( "ou=interceptors,ou=configuration,ou=system" ) );
+        assertTrue( set.contains( "ou=partitions,ou=configuration,ou=system" ) );
+        assertTrue( set.contains( "ou=services,ou=configuration,ou=system" ) );
+        assertTrue( set.contains( "ou=groups,ou=system" ) );
+        assertTrue( set.contains( "cn=Administrators,ou=groups,ou=system" ) );
+        assertTrue( set.contains( "ou=users,ou=system" ) );
+        assertTrue( set.contains( "prefNodeName=sysPrefRoot,ou=system" ) );
+        assertTrue( set.contains( "uid=admin,ou=system" ) );
     }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java Wed Mar 17 14:41:34 2010
@@ -29,8 +29,6 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
-import javax.naming.NamingException;
-
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.LdapPrincipal;
 import org.apache.directory.server.core.entry.DefaultServerEntry;
@@ -69,7 +67,7 @@ public class AuthorizationServiceAsNonAd
     /**
      * Makes sure a non-admin user cannot delete the admin account.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testNoDeleteOnAdminByNonAdmin() throws Exception
@@ -94,7 +92,7 @@ public class AuthorizationServiceAsNonAd
     /**
      * Makes sure a non-admin user cannot rename the admin account.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testNoRdnChangesOnAdminByNonAdmin() throws Exception
@@ -122,7 +120,7 @@ public class AuthorizationServiceAsNonAd
     /**
      * Makes sure the a non-admin user cannot rename the admin account.
      *
-     * @throws NamingException on error
+     * @throws Exception on error
      */
     @Test
     public void testModifyOnAdminByNonAdmin() throws Exception
@@ -164,7 +162,7 @@ public class AuthorizationServiceAsNonAd
     /**
      * Makes sure non-admin cannot search under ou=system.
      *
-     * @throws NamingException if there are problems
+     * @throws Exception if there are problems
      */
     @Test
     public void testNoSearchByNonAdmin() throws Exception

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java Wed Mar 17 14:41:34 2010
@@ -22,15 +22,19 @@ package org.apache.directory.server.core
 
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.junit.Assert.fail;
-import junit.framework.Assert;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -48,14 +52,15 @@ public class AuthzAuthnIT extends Abstra
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
+        AutzIntegUtils.ldapServer = ldapServer;
+        AutzIntegUtils.service = service;
     }
     
     /**
      * Checks to make sure a user can authenticate with RootDSE as the
      * provider URL without need of any access control permissions.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testAuthnWithRootDSE() throws Exception
@@ -63,15 +68,11 @@ public class AuthzAuthnIT extends Abstra
         createUser( "billyd", "billyd" );
 
         DN userName = new DN( "uid=billyd,ou=users,ou=system" ); 
-        try
-        {
-            // Authenticate to RootDSE
-            getContextAs( userName, "billyd", "" );
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            fail( "Authentication should not have failed." );
-        }
+        // Authenticate to RootDSE
+        LdapConnection connection = getConnectionAs( userName, "billyd" );
+        Entry entry = ( ( SearchResultEntry ) connection.lookup( "" ) ).getEntry();
+        assertNotNull( entry );
+        assertEquals( 0, entry.getDn().size() );
     }
     
     
@@ -79,7 +80,7 @@ public class AuthzAuthnIT extends Abstra
      * Checks to make sure a user cannot authenticate with a naming context
      * as the provider URL if it does not have appropriate Browse permissions.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testAuthnFailsWithSystemPartition() throws Exception
@@ -87,16 +88,9 @@ public class AuthzAuthnIT extends Abstra
         createUser( "billyd", "billyd" );
         
         DN userName = new DN( "uid=billyd,ou=users,ou=system" ); 
-        try
-        {
-            // Authenticate to "ou=system"
-            getContextAs( userName, "billyd", "ou=system" );
-            fail( "Authentication should have failed." );
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            Assert.assertNotNull( e ); 
-        }
+        LdapConnection connection = getConnectionAs( userName, "billyd" );
+        SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( "ou=system" );
+        assertNull( entry );
     }
     
     
@@ -104,8 +98,9 @@ public class AuthzAuthnIT extends Abstra
      * Checks to make sure a user can authenticate with a naming context
      * as the provider URL if it has appropriate Browse permissions.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
+    @Ignore( "This test is not failing but I want to make sure that this test case is equivalent to its prior JNDI based impl, so ignoring this to get attention" )
     @Test
     public void testAuthnPassesWithSystemPartition() throws Exception
     {
@@ -127,14 +122,9 @@ public class AuthzAuthnIT extends Abstra
             + "grantsAndDenials { grantBrowse } } } } }" );
         
         DN userName = new DN( "uid=billyd,ou=users,ou=system" ); 
-        try
-        {
-            // Authenticate to "ou=system"
-            getContextAs( userName, "billyd", "ou=system" );
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            fail( "Authentication should not have failed." );
-        }
+        
+        LdapConnection connection = getConnectionAs( userName, "billyd" );
+        SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( "ou=system" );
+        assertNull( entry );
     }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java Wed Mar 17 14:41:34 2010
@@ -25,19 +25,24 @@ import static org.apache.directory.serve
 import java.util.Hashtable;
 
 import javax.naming.Name;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.ldap.LdapContext;
 
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.AddResponse;
+import org.apache.directory.ldap.client.api.message.ModifyRequest;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.integ.IntegrationUtils;
 import org.apache.directory.server.core.subtree.SubentryInterceptor;
+import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 
 
@@ -52,15 +57,45 @@ public class AutzIntegUtils
 {
     public static DirectoryService service;
 
+    public static LdapServer ldapServer;
+
+
     // -----------------------------------------------------------------------
     // Utility methods used by subclasses
     // -----------------------------------------------------------------------
 
     /**
+     * gets a LdapConnection bound using the default admin DN uid=admin,ou=system and password "secret"
+     */
+    public static LdapConnection getAdminConnection() throws Exception
+    {
+        return IntegrationUtils.getAdminConnection( ldapServer );
+    }
+
+
+    public static LdapConnection getConnectionAs( String dn, String password ) throws Exception
+    {
+        return IntegrationUtils.getConnectionAs( ldapServer, dn, password );
+    }
+
+
+    public static LdapConnection getConnectionAs( DN dn, String password ) throws Exception
+    {
+        return IntegrationUtils.getConnectionAs( ldapServer, dn.getName(), password );
+    }
+
+
+    public static LdapConnection getConnectionAs( String host, int port, String dn, String password ) throws Exception
+    {
+        return IntegrationUtils.getConnectionAs( host, port, dn, password );
+    }
+
+
+    /**
      * Gets a context at ou=system as the admin user.
      *
      * @return the admin context at ou=system
-     * @throws NamingException if there are problems creating the context
+     * @throws Exception if there are problems creating the context
      */
     public static DirContext getContextAsAdmin() throws Exception
     {
@@ -75,7 +110,7 @@ public class AutzIntegUtils
      *
      * @param dn the DN of the context to get
      * @return the context for the DN as the admin user
-     * @throws NamingException if is a problem initializing or getting the context
+     * @throws Exception if is a problem initializing or getting the context
      */
     @SuppressWarnings("unchecked")
     public static DirContext getContextAsAdmin( String dn ) throws Exception
@@ -99,20 +134,19 @@ public class AutzIntegUtils
      * @param cn the common name of the group used as the RDN attribute
      * @param firstMemberDn the DN of the first member of this group
      * @return the distinguished name of the group entry
-     * @throws NamingException if there are problems creating the new group like
+     * @throws Exception if there are problems creating the new group like
      * it exists already
      */
-    public static Name createGroup( String cn, String firstMemberDn ) throws Exception
+    public static DN createGroup( String cn, String firstMemberDn ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes group = new BasicAttributes( "cn", cn, true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        group.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "groupOfUniqueNames" );
-        group.put( "uniqueMember", firstMemberDn );
-        adminCtx.createSubcontext( "cn=" + cn + ",ou=groups", group );
-        return new DN( "cn=" + cn + ",ou=groups,ou=system" );
+        DN groupDN = new DN( "cn=" + cn + ",ou=groups,ou=system" );
+        Entry entry = new DefaultClientEntry( groupDN );
+        entry.add( SchemaConstants.OBJECT_CLASS_AT, "groupOfUniqueNames" );
+        entry.add( SchemaConstants.UNIQUE_MEMBER_AT, firstMemberDn );
+        entry.add( SchemaConstants.CN_AT, cn );
+
+        getAdminConnection().add( entry );
+        return groupDN;
     }
 
 
@@ -120,13 +154,12 @@ public class AutzIntegUtils
      * Deletes a user with a specific UID under ou=users,ou=system.
      *
      * @param uid the RDN value for the user to delete
-     * @throws NamingException if there are problems removing the user
+     * @throws Exception if there are problems removing the user
      * i.e. user does not exist
      */
     public static void deleteUser( String uid ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        adminCtx.destroySubcontext( "uid=" + uid + ",ou=users" );
+        getAdminConnection().delete( "uid=" + uid + ",ou=users,ou=system" );
     }
 
 
@@ -138,23 +171,22 @@ public class AutzIntegUtils
      * @param uid the value of the RDN attriubte (uid), the sn and cn attributes
      * @param password the password to use to create the user
      * @return the dn of the newly created user entry
-     * @throws NamingException if there are problems creating the user entry
+     * @throws Exception if there are problems creating the user entry
      */
-    public static Name createUser( String uid, String password ) throws Exception
+    public static DN createUser( String uid, String password ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes user = new BasicAttributes( "uid", uid, true );
-        user.put( "userPassword", password );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        user.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "person" );
-        objectClass.add( "organizationalPerson" );
-        objectClass.add( "inetOrgPerson" );
-        user.put( "sn", uid );
-        user.put( "cn", uid );
-        adminCtx.createSubcontext( "uid=" + uid + ",ou=users", user );
-        return new DN( "uid=" + uid + ",ou=users,ou=system" );
+        LdapConnection connection = getAdminConnection();
+
+        Entry entry = new DefaultClientEntry( new DN( "uid=" + uid + ",ou=users,ou=system" ) );
+        entry.add( SchemaConstants.UID_AT, uid );
+        entry.add( SchemaConstants.OBJECT_CLASS_AT, "person", "organizationalPerson", "inetOrgPerson" );
+        entry.add( SchemaConstants.SN_AT, uid );
+        entry.add( SchemaConstants.CN_AT, uid );
+        entry.add( SchemaConstants.USER_PASSWORD_AT, password );
+
+        connection.add( entry );
+
+        return entry.getDn();
     }
 
 
@@ -165,21 +197,21 @@ public class AutzIntegUtils
      *
      * @param groupName the name of the cgroup to create
      * @return the DN of the group as a Name object
-     * @throws NamingException if the group cannot be created
+     * @throws Exception if the group cannot be created
      */
-    public static Name createGroup( String groupName ) throws Exception
+    public static DN createGroup( String groupName ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes group = new BasicAttributes( true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        group.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "groupOfUniqueNames" );
+        DN groupDN = new DN( "cn=" + groupName + ",ou=groups,ou=system" );
 
+        Entry entry = new DefaultClientEntry( groupDN );
+        entry.add( SchemaConstants.OBJECT_CLASS_AT, "groupOfUniqueNames" );
         // TODO might be ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
-        group.put( "uniqueMember", "uid=admin, ou=system" );
-        adminCtx.createSubcontext( "cn=" + groupName + ",ou=groups", group );
-        return new DN( "cn=" + groupName + ",ou=groups,ou=system" );
+        entry.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=admin, ou=system" );
+        entry.add( SchemaConstants.CN_AT, groupName );
+
+        getAdminConnection().add( entry );
+
+        return groupDN;
     }
 
 
@@ -189,13 +221,16 @@ public class AutzIntegUtils
      *
      * @param userUid the uid of the user to add to the group
      * @param groupCn the cn of the group to add the user to
-     * @throws NamingException if the group does not exist
+     * @throws Exception if the group does not exist
      */
     public static void addUserToGroup( String userUid, String groupCn ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes changes = new BasicAttributes( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system", true );
-        adminCtx.modifyAttributes( "cn=" + groupCn + ",ou=groups", DirContext.ADD_ATTRIBUTE, changes );
+        LdapConnection connection = getAdminConnection();
+
+        ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
+        modReq.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system" );
+
+        connection.modify( modReq ).getLdapResult().getResultCode();
     }
 
 
@@ -204,13 +239,13 @@ public class AutzIntegUtils
      *
      * @param userUid the RDN attribute value of the user to remove from the group
      * @param groupCn the RDN attribute value of the group to have user removed from
-     * @throws NamingException if there are problems accessing the group
+     * @throws Exception if there are problems accessing the group
      */
     public static void removeUserFromGroup( String userUid, String groupCn ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes changes = new BasicAttributes( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system", true );
-        adminCtx.modifyAttributes( "cn=" + groupCn + ",ou=groups", DirContext.REMOVE_ATTRIBUTE, changes );
+        ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
+        modReq.remove( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system" );
+        getAdminConnection().modify( modReq );
     }
 
 
@@ -220,7 +255,7 @@ public class AutzIntegUtils
      * @param user the DN of the user to get the context as
      * @param password the password of the user
      * @return the context as the user
-     * @throws NamingException if the user does not exist or authx fails
+     * @throws Exception if the user does not exist or authx fails
      */
     public static DirContext getContextAs( Name user, String password ) throws Exception
     {
@@ -235,7 +270,7 @@ public class AutzIntegUtils
      * @param password the password of the user
      * @param dn the distinguished name of the entry to get the context for
      * @return the context representing the entry at the dn as a specific user
-     * @throws NamingException if the does not exist or authx fails
+     * @throws Exception if the does not exist or authx fails
      */
     @SuppressWarnings("unchecked")
     public static DirContext getContextAs( Name user, String password, String dn ) throws Exception
@@ -254,8 +289,7 @@ public class AutzIntegUtils
 
     public static void deleteAccessControlSubentry( String cn ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        adminCtx.destroySubcontext( "cn=" + cn );
+        getAdminConnection().delete( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN );
     }
 
 
@@ -265,11 +299,11 @@ public class AutzIntegUtils
      *
      * @param cn the common name and rdn for the subentry
      * @param aciItem the prescriptive ACI attribute value
-     * @throws NamingException if there is a problem creating the subentry
+     * @throws Exception if there is a problem creating the subentry
      */
-    public static void createAccessControlSubentry( String cn, String aciItem ) throws Exception
+    public static ResultCodeEnum createAccessControlSubentry( String cn, String aciItem ) throws Exception
     {
-        createAccessControlSubentry( cn, "{}", aciItem );
+        return createAccessControlSubentry( cn, "{}", aciItem );
     }
 
 
@@ -280,32 +314,35 @@ public class AutzIntegUtils
      * @param cn the common name and rdn for the subentry
      * @param subtree the subtreeSpecification for the subentry
      * @param aciItem the prescriptive ACI attribute value
-     * @throws NamingException if there is a problem creating the subentry
+     * @throws Exception if there is a problem creating the subentry
      */
-    public static void createAccessControlSubentry( String cn, String subtree, String aciItem ) throws Exception
+    public static ResultCodeEnum createAccessControlSubentry( String cn, String subtree, String aciItem )
+        throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
+        LdapConnection connection = getAdminConnection();
+
+        Entry systemEntry = ( ( SearchResultEntry ) connection.lookup( ServerDNConstants.SYSTEM_DN, "+", "*" ) )
+            .getEntry();
 
         // modify ou=system to be an AP for an A/C AA if it is not already
-        Attributes ap = adminCtx.getAttributes( "", new String[]
-            { "administrativeRole" } );
-        Attribute administrativeRole = ap.get( "administrativeRole" );
+        EntryAttribute administrativeRole = systemEntry.get( "administrativeRole" );
         if ( administrativeRole == null || !administrativeRole.contains( SubentryInterceptor.AC_AREA ) )
         {
-            Attributes changes = new BasicAttributes( "administrativeRole", SubentryInterceptor.AC_AREA, true );
-            adminCtx.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, changes );
+            ModifyRequest modReq = new ModifyRequest( systemEntry.getDn() );
+            modReq.add( "administrativeRole", SubentryInterceptor.AC_AREA );
+            connection.modify( modReq );
         }
 
         // now add the A/C subentry below ou=system
-        Attributes subentry = new BasicAttributes( "cn", cn, true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        subentry.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( SchemaConstants.SUBENTRY_OC );
-        objectClass.add( "accessControlSubentry" );
-        subentry.put( "subtreeSpecification", subtree );
-        subentry.put( "prescriptiveACI", aciItem );
-        adminCtx.createSubcontext( "cn=" + cn, subentry );
+        Entry subEntry = new DefaultClientEntry( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        subEntry.add( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC,
+            SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC );
+        subEntry.add( SchemaConstants.SUBTREE_SPECIFICATION_AT, subtree );
+        subEntry.add( SchemaConstants.PRESCRIPTIVE_ACI_AT, aciItem );
+
+        AddResponse addResp = connection.add( subEntry );
+
+        return addResp.getLdapResult().getResultCode();
     }
 
 
@@ -313,17 +350,17 @@ public class AutzIntegUtils
      * Adds and entryACI attribute to an entry specified by a relative name
      * with respect to ou=system
      *
-     * @param rdn a name relative to ou=system
+     * @param dn a name relative to ou=system
      * @param aciItem the entryACI attribute value
-     * @throws NamingException if there is a problem adding the attribute
+     * @throws Exception if there is a problem adding the attribute
      */
-    public static void addEntryACI( Name rdn, String aciItem ) throws Exception
+    public static void addEntryACI( DN dn, String aciItem ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-
         // modify the entry relative to ou=system to include the aciItem
-        Attributes changes = new BasicAttributes( "entryACI", aciItem, true );
-        adminCtx.modifyAttributes( rdn, DirContext.ADD_ATTRIBUTE, changes );
+        ModifyRequest modReq = new ModifyRequest( dn );
+        modReq.add( "entryACI", aciItem );
+
+        getAdminConnection().modify( modReq );
     }
 
 
@@ -331,15 +368,14 @@ public class AutzIntegUtils
      * Adds and subentryACI attribute to ou=system
      *
      * @param aciItem the subentryACI attribute value
-     * @throws NamingException if there is a problem adding the attribute
+     * @throws Exception if there is a problem adding the attribute
      */
     public static void addSubentryACI( String aciItem ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-
         // modify the entry relative to ou=system to include the aciItem
-        Attributes changes = new BasicAttributes( "subentryACI", aciItem, true );
-        adminCtx.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, changes );
+        ModifyRequest modReq = new ModifyRequest( new DN( "ou=system" ) );
+        modReq.add( "subentryACI", aciItem );
+        getAdminConnection().modify( modReq );
     }
 
 
@@ -349,20 +385,20 @@ public class AutzIntegUtils
      *
      * @param cn the common name of the aci subentry
      * @param aciItem the new value for the ACI item
-     * @throws NamingException if the modify fails
+     * @throws Exception if the modify fails
      */
     public static void changePresciptiveACI( String cn, String aciItem ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes changes = new BasicAttributes( "prescriptiveACI", aciItem, true );
-        adminCtx.modifyAttributes( "cn=" + cn, DirContext.REPLACE_ATTRIBUTE, changes );
+        ModifyRequest req = new ModifyRequest( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        req.replace( "prescriptiveACI", aciItem );
+        getAdminConnection().modify( req );
     }
 
 
     public static void addPrescriptiveACI( String cn, String aciItem ) throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes changes = new BasicAttributes( "prescriptiveACI", aciItem, true );
-        adminCtx.modifyAttributes( "cn=" + cn, DirContext.ADD_ATTRIBUTE, changes );
+        ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        modReq.add( "prescriptiveACI", aciItem );
+        getAdminConnection().modify( modReq );
     }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -23,21 +23,20 @@ package org.apache.directory.server.core
 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAsAdmin;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.CompareResponse;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.jndi.ServerLdapContext;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.Before;
 import org.junit.Test;
@@ -57,7 +56,7 @@ public class CompareAuthorizationIT exte
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
+        AutzIntegUtils.ldapServer = ldapServer;
     }
     
     
@@ -78,51 +77,48 @@ public class CompareAuthorizationIT exte
      * @return true if the entry's telephoneNumber can be compared by the user at the
      * specified location, false otherwise.  A false compare result still returns
      * true.
-     * @throws javax.naming.NamingException if there are problems conducting the test
+     * @throws Exception if there are problems conducting the test
      */
     public boolean checkCanCompareTelephoneNumberAs( String uid, String password, String entryRdn, String number )
         throws Exception
     {
-        // create the entry with the telephoneNumber attribute to compare
-        Attributes testEntry = new BasicAttributes( "ou", "testou", true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        testEntry.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "organizationalUnit" );
-        testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
-
-        DirContext adminContext = getContextAsAdmin();
 
-        try
-        {
-            // create the entry as admin
-            DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-            adminContext.createSubcontext( entryRdn, testEntry );
-
-            // compare the telephone numbers
-            DirContext userContext = getContextAs( userName, password );
-            ServerLdapContext ctx = ( ServerLdapContext ) userContext.lookup( "" );
-            ctx.compare( new DN( entryRdn + ",ou=system" ), "telephoneNumber", number );
-
-            // don't return compare result which can be false but true since op was permitted
-            return true;
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            return false;
-        }
-        finally
+        DN entryDN = new DN( entryRdn + ",ou=system" );
+        boolean result = true;
+        
+        // create the entry with the telephoneNumber attribute to compare
+        Entry testEntry = new DefaultClientEntry( entryDN );
+        testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+        testEntry.add( SchemaConstants.OU_AT, "testou" );
+        testEntry.add( "telephoneNumber", "867-5309" ); // jenny don't change your number
+
+        LdapConnection adminConnection = getAdminConnection();
+
+        // create the entry as admin
+        adminConnection.add( testEntry );
+        
+        DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
+        // compare the telephone numbers
+        LdapConnection userConnection = getConnectionAs( userName, password );
+        CompareResponse resp = userConnection.compare( entryDN, "telephoneNumber", number );
+        
+        // don't set based on compare result success/failure but based on whether the op was permitted or not
+        if( resp.getLdapResult().getResultCode() == ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS )
         {
-            // let's clean up
-            adminContext.destroySubcontext( entryRdn );
+            result = false;
         }
+        
+        // let's clean up
+        adminConnection.delete( entryRdn );
+
+        return result;
     }
 
 
     /**
      * Checks to make sure group membership based userClass works for compare operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantCompareAdministrators() throws Exception
@@ -169,7 +165,7 @@ public class CompareAuthorizationIT exte
     /**
      * Checks to make sure name based userClass works for compare operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantCompareByName() throws Exception
@@ -216,7 +212,7 @@ public class CompareAuthorizationIT exte
     /**
      * Checks to make sure subtree based userClass works for compare operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantCompareBySubtree() throws Exception
@@ -242,7 +238,7 @@ public class CompareAuthorizationIT exte
     /**
      * Checks to make sure <b>allUsers</b> userClass works for compare operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantCompareAllUsers() throws Exception
@@ -268,21 +264,20 @@ public class CompareAuthorizationIT exte
     @Test
     public void testPasswordCompare() throws Exception
     {
-        DirContext adminCtx = getContextAsAdmin();
-        Attributes user = new BasicAttributes( "uid", "bob", true );
-        user.put( "userPassword", "bobspassword" );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        user.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "person" );
-        objectClass.add( "organizationalPerson" );
-        objectClass.add( "inetOrgPerson" );
-        user.put( "sn", "bob" );
-        user.put( "cn", "bob" );
-        adminCtx.createSubcontext( "uid=bob,ou=users", user );
+        LdapConnection adminCtx = getAdminConnection();
+
+        DN userDN = new DN( "uid=bob,ou=users,ou=system" );
+        Entry user = new DefaultClientEntry( userDN );
+        user.add( SchemaConstants.UID_AT, "bob" );
+        user.add( SchemaConstants.USER_PASSWORD_AT, "bobspassword" );
+        user.add( SchemaConstants.OBJECT_CLASS_AT, "person", "organizationalPerson", "inetOrgPerson" );
+        user.add( SchemaConstants.SN_AT, "bob" );
+        user.add( SchemaConstants.CN_AT, "bob" );
+
+        adminCtx.add( user );
 
-        ServerLdapContext ctx = ( ServerLdapContext ) adminCtx.lookup( "" );
-        assertTrue( ctx.compare( new DN( "uid=bob,ou=users,ou=system" ), "userPassword", "bobspassword" ) );
+        CompareResponse resp = adminCtx.compare( userDN, "userPassword", "bobspassword" );
+        assertEquals(  ResultCodeEnum.COMPARE_TRUE, resp.getLdapResult().getResultCode() );
     }
 
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -22,20 +22,19 @@ package org.apache.directory.server.core
 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAsAdmin;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.DeleteResponse;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.Before;
 import org.junit.Test;
@@ -55,7 +54,7 @@ public class DeleteAuthorizationIT exten
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
+        AutzIntegUtils.ldapServer = ldapServer;
     }
     
     
@@ -76,32 +75,35 @@ public class DeleteAuthorizationIT exten
      * @param password the password of this user
      * @param entryRdn the relative DN, relative to ou=system where entry creation then deletion is tested
      * @return true if the entry can be created by the user at the specified location, false otherwise
-     * @throws javax.naming.NamingException if there are problems conducting the test
+     * @throws Exception if there are problems conducting the test
      */
     public boolean checkCanDeleteEntryAs( String uid, String password, String entryRdn ) throws Exception
     {
-        Attributes testEntry = new BasicAttributes( "ou", "testou", true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        testEntry.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "organizationalUnit" );
+        DN entryDN = new DN( entryRdn + ",ou=system" );
+        
+        // create the entry with the telephoneNumber attribute to compare
+        Entry testEntry = new DefaultClientEntry( entryDN );
+        testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+        testEntry.add( SchemaConstants.OU_AT, "testou" );
+
+        LdapConnection adminConnection = getAdminConnection();
+
+        // create the entry as admin
+        adminConnection.add( testEntry );
+        
+        DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
+        
+        // delete the newly created context as the user
+        LdapConnection userConnection = getConnectionAs( userName, password );
+        DeleteResponse resp = userConnection.delete( entryDN );
 
-        DirContext adminContext = getContextAsAdmin();
-        try
+        if( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
         {
-            // create the entry as the admin
-            DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-            adminContext.createSubcontext( entryRdn, testEntry );
-
-            // delete the newly created context as the user
-            DirContext userContext = getContextAs( userName, password );
-            userContext.destroySubcontext( entryRdn );
-
             return true;
         }
-        catch ( LdapNoPermissionException e )
+        else
         {
-            adminContext.destroySubcontext( entryRdn );
+            adminConnection.delete( entryDN );
             return false;
         }
     }
@@ -110,7 +112,7 @@ public class DeleteAuthorizationIT exten
     /**
      * Checks to make sure group membership based userClass works for delete operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantDeleteAdministrators() throws Exception
@@ -143,7 +145,7 @@ public class DeleteAuthorizationIT exten
     /**
      * Checks to make sure name based userClass works for delete operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantDeleteByName() throws Exception
@@ -168,7 +170,7 @@ public class DeleteAuthorizationIT exten
     /**
      * Checks to make sure subtree based userClass works for delete operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantDeleteBySubtree() throws Exception
@@ -193,7 +195,7 @@ public class DeleteAuthorizationIT exten
     /**
      * Checks to make sure <b>allUsers</b> userClass works for delete operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantDeleteAllUsers() throws Exception

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -22,13 +22,9 @@ package org.apache.directory.server.core
 
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import javax.naming.NamingException;
 
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.junit.Before;
 import org.junit.Test;
@@ -48,7 +44,7 @@ public class GeneralAuthorizationIT exte
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
+        AutzIntegUtils.ldapServer = ldapServer;
     }
     
     
@@ -56,23 +52,16 @@ public class GeneralAuthorizationIT exte
      * Checks to make sure we cannot create a malformed ACI missing two
      * last brackets.
      *
-     * @throws NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testFailureToAddBadACI() throws Exception
     {
         // add a subentry with malformed ACI
-        try
-        {
-            createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
-                + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
-                + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
-                + "grantsAndDenials { grantAdd, grantBrowse } } }" );
-            fail( "should never get here due to failure to add bad ACIItem" );
-        }
-        catch( LdapInvalidAttributeValueException e )
-        {
-            assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, e.getResultCode() );
-        }
+        ResultCodeEnum result = createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantAdd, grantBrowse } } }" );
+        assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, result );
     }
 }



Mime
View raw message