diff --git a/OpenICF-ldap-connector/opends/config.ldif b/OpenICF-ldap-connector/opends/config.ldif deleted file mode 100644 index 6f3bf985..00000000 --- a/OpenICF-ldap-connector/opends/config.ldif +++ /dev/null @@ -1,2016 +0,0 @@ -# -- START LICENSE -# ==================== -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. -# -# Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. -# -# The contents of this file are subject to the terms of the Common Development -# and Distribution License("CDDL") (the "License"). You may not use this file -# except in compliance with the License. -# -# You can obtain a copy of the License at -# http://IdentityConnectors.dev.java.net/legal/license.txt -# See the License for the specific language governing permissions and limitations -# under the License. -# -# When distributing the Covered Code, include this CDDL Header Notice in each file -# and include the License file at identityconnectors/legal/license.txt. -# If applicable, add the following below this CDDL Header, with the fields -# enclosed by brackets [] replaced by your own identifying information: -# "Portions Copyrighted [year] [name of copyright owner]" -# ==================== -# -- END LICENSE -dn: cn=config -objectClass: top -objectClass: ds-cfg-root-config -cn: config -ds-cfg-check-schema: true -ds-cfg-add-missing-rdn-attributes: true -ds-cfg-allow-attribute-name-exceptions: false -ds-cfg-invalid-attribute-syntax-behavior: reject -ds-cfg-single-structural-objectclass-behavior: reject -ds-cfg-notify-abandoned-operations: false -ds-cfg-proxied-authorization-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config -ds-cfg-size-limit: 1000 -ds-cfg-time-limit: 60 seconds -ds-cfg-lookthrough-limit: 20000 -ds-cfg-writability-mode: enabled -ds-cfg-bind-with-dn-requires-password: true -ds-cfg-reject-unauthenticated-requests: false -ds-cfg-default-password-policy: cn=Default Password Policy,cn=Password Policies,cn=config -ds-cfg-return-bind-error-messages: false -ds-cfg-idle-time-limit: 0 seconds -ds-cfg-save-config-on-successful-startup: false -ds-cfg-etime-resolution: milliseconds -ds-cfg-entry-cache-preload: false -ds-cfg-max-allowed-client-connections: 0 -ds-cfg-allowed-task: org.opends.server.tasks.AddSchemaFileTask -ds-cfg-allowed-task: org.opends.server.tasks.BackupTask -ds-cfg-allowed-task: org.opends.server.tasks.DisconnectClientTask -ds-cfg-allowed-task: org.opends.server.tasks.EnterLockdownModeTask -ds-cfg-allowed-task: org.opends.server.tasks.ExportTask -ds-cfg-allowed-task: org.opends.server.tasks.ImportTask -ds-cfg-allowed-task: org.opends.server.tasks.InitializeTargetTask -ds-cfg-allowed-task: org.opends.server.tasks.InitializeTask -ds-cfg-allowed-task: org.opends.server.tasks.SetGenerationIdTask -ds-cfg-allowed-task: org.opends.server.tasks.LeaveLockdownModeTask -ds-cfg-allowed-task: org.opends.server.tasks.RebuildTask -ds-cfg-allowed-task: org.opends.server.tasks.RestoreTask -ds-cfg-allowed-task: org.opends.server.tasks.ShutdownTask - -dn: cn=Access Control Handler,cn=config -objectClass: top -objectClass: ds-cfg-access-control-handler -objectClass: ds-cfg-dsee-compat-access-control-handler -ds-cfg-global-aci: (extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.26027.1.6.3 || 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || 1.3.6.1.4.1.4203.1.11.3") (version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetcontrol="2.16.840.1.113730.3.4.2 || 2.16.840.1.113730.3.4.17 || 2.16.840.1.113730.3.4.19 || 1.3.6.1.4.1.4203.1.10.2 || 1.3.6.1.4.1.42.2.27.8.5.1 || 2.16.840.1.113730.3.4.16") (version 3.0; acl "Anonymous control access"; allow(read) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";) -ds-cfg-global-aci: (target="ldap:///cn=schema")(targetscope="base")(targetattr="objectClass||attributeTypes||dITContentRules||dITStructureRules||ldapSyntaxes||matchingRules||matchingRuleUse||nameForms||objectClasses")(version 3.0; acl "User-Visible Schema Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (target="ldap:///")(targetscope="base")(targetattr="objectClass||namingContexts||supportedAuthPasswordSchemes||supportedControl||supportedExtension||supportedFeatures||supportedLDAPVersion||supportedSASLMechanisms||vendorName||vendorVersion")(version 3.0; acl "User-Visible Root DSE Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (targetattr="createTimestamp||creatorsName||modifiersName||modifyTimestamp||entryDN||entryUUID||subschemaSubentry")(version 3.0; acl "User-Visible Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";) -ds-cfg-global-aci: (target="ldap:///dc=replicationchanges")(targetattr="*")(version 3.0; acl "Replication backend access"; deny (all) userdn="ldap:///anyone";) -cn: Access Control Handler -ds-cfg-java-class: org.opends.server.authorization.dseecompat.AciHandler -ds-cfg-enabled: true - -dn: cn=Crypto Manager,cn=config -objectClass: top -objectClass: ds-cfg-crypto-manager -cn: Crypto Manager -ds-cfg-ssl-cert-nickname: ads-certificate -ds-cfg-ssl-encryption: false - -dn: cn=Account Status Notification Handlers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Account Status Notification Handlers - -dn: cn=Alert Handlers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Alert Handlers - -dn: cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Backends - -dn: ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-local-db-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.jeb.BackendImpl -ds-cfg-backend-id: userRoot -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: dc=example,dc=com -ds-cfg-db-directory: db -ds-cfg-db-directory-permissions: 700 -ds-cfg-index-entry-limit: 4000 -ds-cfg-preload-time-limit: 0 seconds -ds-cfg-import-queue-size: 100 -ds-cfg-import-thread-count: 8 -ds-cfg-entries-compressed: false -ds-cfg-compact-encoding: true -ds-cfg-db-cache-percent: 10 -ds-cfg-db-cache-size: 0 megabytes -ds-cfg-db-txn-no-sync: false -ds-cfg-db-txn-write-no-sync: true -ds-cfg-db-run-cleaner: true -ds-cfg-db-num-cleaner-threads: 1 -ds-cfg-db-cleaner-min-utilization: 75 -ds-cfg-db-evictor-lru-only: true -ds-cfg-db-evictor-nodes-per-scan: 10 -ds-cfg-db-log-file-max: 50 megabytes -ds-cfg-db-logging-file-handler-on: true -ds-cfg-db-logging-level: CONFIG -ds-cfg-db-checkpointer-bytes-interval: 20 megabytes -ds-cfg-db-checkpointer-wakeup-interval: 30 seconds -ds-cfg-db-num-lock-tables: 19 - -dn: cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Index - -dn: ds-cfg-attribute=aci,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: aci -ds-cfg-index-type: presence - -dn: ds-cfg-attribute=cn,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: cn -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=ds-sync-hist,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: ds-sync-hist -ds-cfg-index-type: ordering - -dn: ds-cfg-attribute=entryUUID,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: entryUUID -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=givenName,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: givenName -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=mail,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: mail -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=member,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: member -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=objectClass,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: objectClass -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=sn,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: sn -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=telephoneNumber,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: telephoneNumber -ds-cfg-index-type: equality -ds-cfg-index-type: substring - -dn: ds-cfg-attribute=uid,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: uid -ds-cfg-index-type: equality - -dn: ds-cfg-attribute=uniqueMember,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-local-db-index -ds-cfg-attribute: uniqueMember -ds-cfg-index-type: equality - -dn: cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: VLV Index - -dn: ds-cfg-name=index-uid,cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config -objectClass: ds-cfg-local-db-vlv-index -objectClass: top -ds-cfg-filter: (&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)(objectClass=person)(objectClass=top)) -ds-cfg-base-dn: dc=example,dc=com -ds-cfg-sort-order: uid -ds-cfg-scope: whole-subtree -ds-cfg-name: index-uid - -dn: ds-cfg-backend-id=backup,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-backup-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.BackupBackend -ds-cfg-backend-id: backup -ds-cfg-writability-mode: disabled -ds-cfg-base-dn: cn=backups -ds-cfg-backup-directory: bak - -dn: ds-cfg-backend-id=config,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-config-file-handler-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.extensions.ConfigFileHandler -ds-cfg-backend-id: config -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=config - -dn: ds-cfg-backend-id=ads-truststore,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-trust-store-backend -ds-cfg-backend-id: ads-truststore -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.TrustStoreBackend -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=ads-truststore -ds-cfg-trust-store-type: JKS -ds-cfg-trust-store-file: config/ads-truststore -ds-cfg-trust-store-pin-file: config/ads-truststore.pin - -dn: ds-cfg-backend-id=schema,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-schema-backend -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.SchemaBackend -ds-cfg-backend-id: schema -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=schema -ds-cfg-show-all-attributes: false - -dn: ds-cfg-backend-id=adminRoot,cn=Backends,cn=config -objectClass: top -objectClass: ds-cfg-backend -objectClass: ds-cfg-ldif-backend -ds-cfg-backend-id: adminRoot -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.backends.LDIFBackend -ds-cfg-writability-mode: enabled -ds-cfg-base-dn: cn=admin data -ds-cfg-ldif-file: config/admin-backend.ldif -ds-cfg-is-private-backend: true - -dn: cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Certificate Mappers - -dn: cn=Subject Equals DN,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-subject-equals-dn-certificate-mapper -cn: Subject Equals DN -ds-cfg-java-class: org.opends.server.extensions.SubjectEqualsDNCertificateMapper -ds-cfg-enabled: true - -dn: cn=Subject DN to User Attribute,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-subject-dn-to-user-attribute-certificate-mapper -cn: Subject DN to User Attribute -ds-cfg-java-class: org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper -ds-cfg-enabled: true -ds-cfg-subject-attribute: ds-certificate-subject-dn - -dn: cn=Subject Attribute to User Attribute,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-subject-attribute-to-user-attribute-certificate-mapper -cn: Subject Attribute to User Attribute -ds-cfg-java-class: org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper -ds-cfg-enabled: true -ds-cfg-subject-attribute-mapping: cn:cn -ds-cfg-subject-attribute-mapping: e:mail - -dn: cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config -objectClass: top -objectClass: ds-cfg-certificate-mapper -objectClass: ds-cfg-fingerprint-certificate-mapper -cn: Fingerprint Mapper -ds-cfg-java-class: org.opends.server.extensions.FingerprintCertificateMapper -ds-cfg-enabled: true -ds-cfg-fingerprint-attribute: ds-certificate-fingerprint -ds-cfg-fingerprint-algorithm: MD5 - -dn: cn=Connection Handlers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Connection Handlers - -dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config -objectClass: top -objectClass: ds-cfg-connection-handler -objectClass: ds-cfg-ldap-connection-handler -cn: LDAP Connection Handler -ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler -ds-cfg-enabled: true -ds-cfg-listen-address: 0.0.0.0 -ds-cfg-listen-port: 2389 -ds-cfg-accept-backlog: 128 -ds-cfg-allow-ldap-v2: true -ds-cfg-keep-stats: true -ds-cfg-use-tcp-keep-alive: true -ds-cfg-use-tcp-no-delay: true -ds-cfg-allow-tcp-reuse-address: true -ds-cfg-send-rejection-notice: true -ds-cfg-max-request-size: 5 megabytes -ds-cfg-max-blocked-write-time-limit: 2 minutes -ds-cfg-num-request-handlers: 2 -ds-cfg-allow-start-tls: false -ds-cfg-use-ssl: false -ds-cfg-ssl-client-auth-policy: optional -ds-cfg-ssl-cert-nickname: server-cert - -dn: cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config -objectClass: top -objectClass: ds-cfg-connection-handler -objectClass: ds-cfg-ldap-connection-handler -cn: LDAPS Connection Handler -ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler -ds-cfg-enabled: true -ds-cfg-listen-address: 0.0.0.0 -ds-cfg-listen-port: 2636 -ds-cfg-accept-backlog: 128 -ds-cfg-allow-ldap-v2: true -ds-cfg-keep-stats: true -ds-cfg-use-tcp-keep-alive: true -ds-cfg-use-tcp-no-delay: true -ds-cfg-allow-tcp-reuse-address: true -ds-cfg-send-rejection-notice: true -ds-cfg-max-request-size: 5 megabytes -ds-cfg-max-blocked-write-time-limit: 2 minutes -ds-cfg-num-request-handlers: 2 -ds-cfg-allow-start-tls: false -ds-cfg-use-ssl: true -ds-cfg-ssl-client-auth-policy: optional -ds-cfg-ssl-cert-nickname: server-cert -ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config -ds-cfg-trust-manager-provider: cn=Blind Trust,cn=Trust Manager Providers,cn=config - -dn: cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Entry Caches - -dn: cn=FIFO,cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-entry-cache -objectClass: ds-cfg-fifo-entry-cache -cn: FIFO -ds-cfg-enabled: false -ds-cfg-cache-level: 1 -ds-cfg-java-class: org.opends.server.extensions.FIFOEntryCache - -dn: cn=Soft Reference,cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-entry-cache -objectClass: ds-cfg-soft-reference-entry-cache -cn: Soft Reference -ds-cfg-enabled: false -ds-cfg-cache-level: 2 -ds-cfg-java-class: org.opends.server.extensions.SoftReferenceEntryCache - -dn: cn=File System,cn=Entry Caches,cn=config -objectClass: top -objectClass: ds-cfg-entry-cache -objectClass: ds-cfg-file-system-entry-cache -cn: File System -ds-cfg-enabled: false -ds-cfg-cache-level: 3 -ds-cfg-java-class: org.opends.server.extensions.FileSystemEntryCache - -dn: cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Extended Operations - -dn: cn=Cancel,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-cancel-extended-operation-handler -cn: Cancel -ds-cfg-java-class: org.opends.server.extensions.CancelExtendedOperation -ds-cfg-enabled: true - -dn: cn=Get Connection ID,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-get-connection-id-extended-operation-handler -cn: Get Connection ID -ds-cfg-java-class: org.opends.server.extensions.GetConnectionIDExtendedOperation -ds-cfg-enabled: true - -dn: cn=Password Modify,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-password-modify-extended-operation-handler -cn: Password Modify -ds-cfg-java-class: org.opends.server.extensions.PasswordModifyExtendedOperation -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=Password Policy State,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-password-policy-state-extended-operation-handler -cn: Password Policy State -ds-cfg-java-class: org.opends.server.extensions.PasswordPolicyStateExtendedOperation -ds-cfg-enabled: true - -dn: cn=StartTLS,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-start-tls-extended-operation-handler -cn: StartTLS -ds-cfg-java-class: org.opends.server.extensions.StartTLSExtendedOperation -ds-cfg-enabled: true - -dn: cn=Get Symmetric Key,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-get-symmetric-key-extended-operation-handler -cn: Get Symmetric Key -ds-cfg-java-class: org.opends.server.crypto.GetSymmetricKeyExtendedOperation -ds-cfg-enabled: true - -dn: cn=Who Am I,cn=Extended Operations,cn=config -objectClass: top -objectClass: ds-cfg-extended-operation-handler -objectClass: ds-cfg-who-am-i-extended-operation-handler -cn: Who Am I -ds-cfg-java-class: org.opends.server.extensions.WhoAmIExtendedOperation -ds-cfg-enabled: true - -dn: cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Group Implementations - -dn: cn=Dynamic,cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-group-implementation -objectClass: ds-cfg-dynamic-group-implementation -cn: Dynamic -ds-cfg-java-class: org.opends.server.extensions.DynamicGroup -ds-cfg-enabled: true - -dn: cn=Static,cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-group-implementation -objectClass: ds-cfg-static-group-implementation -cn: Static -ds-cfg-java-class: org.opends.server.extensions.StaticGroup -ds-cfg-enabled: true - -dn: cn=Virtual Static,cn=Group Implementations,cn=config -objectClass: top -objectClass: ds-cfg-group-implementation -objectClass: ds-cfg-virtual-static-group-implementation -cn: Virtual Static -ds-cfg-java-class: org.opends.server.extensions.VirtualStaticGroup -ds-cfg-enabled: true - -dn: cn=Identity Mappers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Identity Mappers - -dn: cn=Exact Match,cn=Identity Mappers,cn=config -objectClass: top -objectClass: ds-cfg-identity-mapper -objectClass: ds-cfg-exact-match-identity-mapper -cn: Exact Match -ds-cfg-java-class: org.opends.server.extensions.ExactMatchIdentityMapper -ds-cfg-enabled: true -ds-cfg-match-attribute: uid - -dn: cn=Regular Expression,cn=Identity Mappers,cn=config -objectClass: top -objectClass: ds-cfg-identity-mapper -objectClass: ds-cfg-regular-expression-identity-mapper -cn: Regular Expression -ds-cfg-java-class: org.opends.server.extensions.RegularExpressionIdentityMapper -ds-cfg-enabled: true -ds-cfg-match-attribute: uid -ds-cfg-match-pattern: ^([^@]+)@.+$ -ds-cfg-replace-pattern: $1 - -dn: cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Key Manager Providers - -dn: cn=JKS,cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-key-manager-provider -objectClass: ds-cfg-file-based-key-manager-provider -cn: JKS -ds-cfg-java-class: org.opends.server.extensions.FileBasedKeyManagerProvider -ds-cfg-enabled: true -ds-cfg-key-store-type: JKS -ds-cfg-key-store-file: config/keystore -ds-cfg-key-store-pin-file: config/keystore.pin - -dn: cn=PKCS12,cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-key-manager-provider -objectClass: ds-cfg-file-based-key-manager-provider -cn: PKCS12 -ds-cfg-java-class: org.opends.server.extensions.FileBasedKeyManagerProvider -ds-cfg-enabled: false -ds-cfg-key-store-type: PKCS12 -ds-cfg-key-store-file: config/keystore.p12 -ds-cfg-key-store-pin-file: config/keystore.pin - -dn: cn=PKCS11,cn=Key Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-key-manager-provider -objectClass: ds-cfg-pkcs11-key-manager-provider -cn: PKCS11 -ds-cfg-java-class: org.opends.server.extensions.PKCS11KeyManagerProvider -ds-cfg-enabled: false -ds-cfg-key-store-pin-file: config/keystore.pin - -dn: cn=Loggers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Loggers - -dn: cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Matching Rules - -dn: cn=Auth Password Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Auth Password Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.AuthPasswordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Auth Password Exact Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Auth Password Exact Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.AuthPasswordExactEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Bit String Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Bit String Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.BitStringEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Boolean Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Boolean Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.BooleanEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Exact Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Case Exact Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Exact Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact IA5 Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Exact IA5 Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactIA5EqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Exact IA5 Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Exact IA5 Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseExactIA5SubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Ignore Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Case Ignore Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Ignore Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore IA5 Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Ignore IA5 Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreIA5EqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore IA5 Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Ignore IA5 Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreIA5SubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore List Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Case Ignore List Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreListEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Case Ignore List Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Case Ignore List Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.CaseIgnoreListSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Directory String First Component Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Directory String First Component Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.DirectoryStringFirstComponentEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Distinguished Name Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Distinguished Name Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.DistinguishedNameEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Double Metaphone Approximate Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-approximate-matching-rule -cn: Double Metaphone Approximate Matching Rule -ds-cfg-java-class: org.opends.server.schema.DoubleMetaphoneApproximateMatchingRule -ds-cfg-enabled: true - -dn: cn=Generalized Time Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Generalized Time Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.GeneralizedTimeEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Generalized Time Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Generalized Time Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.GeneralizedTimeOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Historical CSN Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: ds-cfg-ordering-matching-rule -objectClass: top -objectClass: ds-cfg-matching-rule -ds-cfg-java-class: org.opends.server.replication.plugin.HistoricalCsnOrderingMatchingRule -ds-cfg-enabled: true -cn: Historical CSN Ordering Matching Rule - -dn: cn=Integer Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Integer Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.IntegerEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Integer Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Integer Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.IntegerOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Integer First Component Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Integer First Component Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.IntegerFirstComponentEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Keyword Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Keyword Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.KeywordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Numeric String Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Numeric String Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.NumericStringEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Numeric String Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Numeric String Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.NumericStringOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Numeric String Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Numeric String Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.NumericStringSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Object Identifier Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Object Identifier Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.ObjectIdentifierEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Object Identifier First Component Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Object Identifier First Component Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.ObjectIdentifierFirstComponentEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Octet String Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Octet String Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.OctetStringEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Octet String Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: Octet String Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.OctetStringOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Octet String Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Octet String Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.OctetStringSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Presentation Address Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Presentation Address Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.PresentationAddressEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Protocol Information Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Protocol Information Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.ProtocolInformationEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Telephone Number Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Telephone Number Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.TelephoneNumberEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Telephone Number Substring Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-substring-matching-rule -cn: Telephone Number Substring Matching Rule -ds-cfg-java-class: org.opends.server.schema.TelephoneNumberSubstringMatchingRule -ds-cfg-enabled: true - -dn: cn=Unique Member Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Unique Member Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UniqueMemberEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=User Password Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: User Password Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UserPasswordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=User Password Exact Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: User Password Exact Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UserPasswordExactEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=UUID Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: UUID Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.UUIDEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=UUID Ordering Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-ordering-matching-rule -cn: UUID Ordering Matching Rule -ds-cfg-java-class: org.opends.server.schema.UUIDOrderingMatchingRule -ds-cfg-enabled: true - -dn: cn=Word Equality Matching Rule,cn=Matching Rules,cn=config -objectClass: top -objectClass: ds-cfg-matching-rule -objectClass: ds-cfg-equality-matching-rule -cn: Word Equality Matching Rule -ds-cfg-java-class: org.opends.server.schema.WordEqualityMatchingRule -ds-cfg-enabled: true - -dn: cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Monitor Providers - -dn: cn=Client Connections,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-client-connection-monitor-provider -cn: Client Connections -ds-cfg-java-class: org.opends.server.monitors.ClientConnectionMonitorProvider -ds-cfg-enabled: true - -dn: cn=Entry Caches,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-entry-cache-monitor-provider -cn: Entry Caches -ds-cfg-java-class: org.opends.server.monitors.EntryCacheMonitorProvider -ds-cfg-enabled: true - -dn: cn=JVM Memory Usage,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-memory-usage-monitor-provider -cn: JVM Memory Usage -ds-cfg-java-class: org.opends.server.monitors.MemoryUsageMonitorProvider -ds-cfg-enabled: true - -dn: cn=JVM Stack Trace,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-stack-trace-monitor-provider -cn: JVM Stack Trace -ds-cfg-java-class: org.opends.server.monitors.StackTraceMonitorProvider -ds-cfg-enabled: true - -dn: cn=System Info,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-system-info-monitor-provider -cn: System Info -ds-cfg-java-class: org.opends.server.monitors.SystemInfoMonitorProvider -ds-cfg-enabled: true - -dn: cn=Version,cn=Monitor Providers,cn=config -objectClass: top -objectClass: ds-cfg-monitor-provider -objectClass: ds-cfg-version-monitor-provider -cn: Version -ds-cfg-java-class: org.opends.server.monitors.VersionMonitorProvider -ds-cfg-enabled: true - -dn: cn=Password Generators,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Generators - -dn: cn=Random Password Generator,cn=Password Generators,cn=config -objectClass: top -objectClass: ds-cfg-password-generator -objectClass: ds-cfg-random-password-generator -cn: Random Password Generator -ds-cfg-java-class: org.opends.server.extensions.RandomPasswordGenerator -ds-cfg-enabled: true -ds-cfg-password-character-set: alpha:abcdefghijklmnopqrstuvwxyz -ds-cfg-password-character-set: numeric:0123456789 -ds-cfg-password-format: alpha:3,numeric:2,alpha:3 - -dn: cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Policies - -dn: cn=Default Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Default Password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: false -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: false -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 0 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 0 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 5 days -ds-cfg-password-generator: cn=Random Password Generator,cn=Password Generators,cn=config -ds-cfg-password-change-requires-current-password: false -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: reactive -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Root Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Root Password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Salted SHA-512,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: false -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: false -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 0 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 0 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 5 days -ds-cfg-password-change-requires-current-password: true -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: ignore -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Quickly Expiring Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Quickly Expiring password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: false -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: true -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 42 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 2 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 1 seconds -ds-cfg-password-generator: cn=Random Password Generator,cn=Password Generators,cn=config -ds-cfg-password-change-requires-current-password: false -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: reactive -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Clear Text Password Policy,cn=Password Policies,cn=config -objectClass: top -objectClass: ds-cfg-password-policy -cn: Default Password Policy -ds-cfg-password-attribute: userPassword -ds-cfg-default-password-storage-scheme: cn=Clear,cn=Password Storage Schemes,cn=config -ds-cfg-allow-expired-password-changes: false -ds-cfg-allow-multiple-password-values: false -ds-cfg-allow-pre-encoded-passwords: true -ds-cfg-allow-user-password-changes: true -ds-cfg-expire-passwords-without-warning: false -ds-cfg-force-change-on-add: false -ds-cfg-force-change-on-reset: false -ds-cfg-grace-login-count: 0 -ds-cfg-idle-lockout-interval: 0 seconds -ds-cfg-lockout-failure-count: 0 -ds-cfg-lockout-duration: 0 seconds -ds-cfg-lockout-failure-expiration-interval: 0 seconds -ds-cfg-min-password-age: 0 seconds -ds-cfg-max-password-age: 0 seconds -ds-cfg-max-password-reset-age: 0 seconds -ds-cfg-password-expiration-warning-interval: 5 days -ds-cfg-password-generator: cn=Random Password Generator,cn=Password Generators,cn=config -ds-cfg-password-change-requires-current-password: false -ds-cfg-require-secure-authentication: false -ds-cfg-require-secure-password-changes: false -ds-cfg-skip-validation-for-administrators: false -ds-cfg-state-update-failure-policy: reactive -ds-cfg-password-history-count: 0 -ds-cfg-password-history-duration: 0 seconds - -dn: cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Storage Schemes - -dn: cn=Base64,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-base64-password-storage-scheme -cn: Base64 -ds-cfg-java-class: org.opends.server.extensions.Base64PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Clear,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-clear-password-storage-scheme -cn: Clear -ds-cfg-java-class: org.opends.server.extensions.ClearPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=CRYPT,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-crypt-password-storage-scheme -cn: CRYPT -ds-cfg-java-class: org.opends.server.extensions.CryptPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=MD5,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-md5-password-storage-scheme -cn: MD5 -ds-cfg-java-class: org.opends.server.extensions.MD5PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted MD5,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-md5-password-storage-scheme -cn: Salted MD5 -ds-cfg-java-class: org.opends.server.extensions.SaltedMD5PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha1-password-storage-scheme -cn: Salted SHA-1 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA1PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-256,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha256-password-storage-scheme -cn: Salted SHA-256 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA256PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-384,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha384-password-storage-scheme -cn: Salted SHA-384 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA384PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Salted SHA-512,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-salted-sha512-password-storage-scheme -cn: Salted SHA-512 -ds-cfg-java-class: org.opends.server.extensions.SaltedSHA512PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=SHA-1,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-sha1-password-storage-scheme -cn: SHA-1 -ds-cfg-java-class: org.opends.server.extensions.SHA1PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=3DES,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-triple-des-password-storage-scheme -cn: 3DES -ds-cfg-java-class: org.opends.server.extensions.TripleDESPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=AES,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-aes-password-storage-scheme -cn: AES -ds-cfg-java-class: org.opends.server.extensions.AESPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Blowfish,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-blowfish-password-storage-scheme -cn: Blowfish -ds-cfg-java-class: org.opends.server.extensions.BlowfishPasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=RC4,cn=Password Storage Schemes,cn=config -objectClass: top -objectClass: ds-cfg-password-storage-scheme -objectClass: ds-cfg-rc4-password-storage-scheme -cn: RC4 -ds-cfg-java-class: org.opends.server.extensions.RC4PasswordStorageScheme -ds-cfg-enabled: true - -dn: cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Password Validators - -dn: cn=Attribute Value,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-attribute-value-password-validator -cn: Attribute Value -ds-cfg-java-class: org.opends.server.extensions.AttributeValuePasswordValidator -ds-cfg-enabled: true -ds-cfg-test-reversed-password: true - -dn: cn=Character Set,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-character-set-password-validator -cn: Character Set -ds-cfg-java-class: org.opends.server.extensions.CharacterSetPasswordValidator -ds-cfg-enabled: true -ds-cfg-character-set: 1:abcdefghijklmnopqrstuvwxyz -ds-cfg-character-set: 1:ABCDEFGHIJKLMNOPQRSTUVWXYZ -ds-cfg-character-set: 1:0123456789 -ds-cfg-character-set: 1:~!@#$%^&*()-_=+[]{}|;:,.<>/? -ds-cfg-allow-unclassified-characters: true - -dn: cn=Dictionary,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-dictionary-password-validator -cn: Dictionary -ds-cfg-java-class: org.opends.server.extensions.DictionaryPasswordValidator -ds-cfg-enabled: false -ds-cfg-dictionary-file: config/wordlist.txt -ds-cfg-case-sensitive-validation: false -ds-cfg-test-reversed-password: true - -dn: cn=Length-Based Password Validator,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-length-based-password-validator -cn: Length-Based Password Validator -ds-cfg-java-class: org.opends.server.extensions.LengthBasedPasswordValidator -ds-cfg-enabled: true -ds-cfg-min-password-length: 6 -ds-cfg-max-password-length: 0 - -dn: cn=Repeated Characters,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-repeated-characters-password-validator -cn: Repeated Characters -ds-cfg-java-class: org.opends.server.extensions.RepeatedCharactersPasswordValidator -ds-cfg-enabled: true -ds-cfg-max-consecutive-length: 2 -ds-cfg-case-sensitive-validation: false - -dn: cn=Similarity-Based Password Validator,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-similarity-based-password-validator -cn: Similarity-Based Password Validator -ds-cfg-java-class: org.opends.server.extensions.SimilarityBasedPasswordValidator -ds-cfg-enabled: true -ds-cfg-min-password-difference: 3 - -dn: cn=Unique Characters,cn=Password Validators,cn=config -objectClass: top -objectClass: ds-cfg-password-validator -objectClass: ds-cfg-unique-characters-password-validator -cn: Unique Characters -ds-cfg-java-class: org.opends.server.extensions.UniqueCharactersPasswordValidator -ds-cfg-enabled: true -ds-cfg-min-unique-characters: 5 -ds-cfg-case-sensitive-validation: false - -dn: cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-branch -objectClass: ds-cfg-plugin-root -cn: Plugins - -dn: cn=7-Bit Clean,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-seven-bit-clean-plugin -cn: 7-Bit Clean -ds-cfg-java-class: org.opends.server.plugins.SevenBitCleanPlugin -ds-cfg-enabled: false -ds-cfg-plugin-type: ldifImport -ds-cfg-plugin-type: preParseAdd -ds-cfg-plugin-type: preParseModify -ds-cfg-plugin-type: preParseModifyDN -ds-cfg-attribute-type: uid -ds-cfg-attribute-type: mail -ds-cfg-attribute-type: userPassword -ds-cfg-invoke-for-internal-operations: true - -dn: cn=Entry UUID,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-entry-uuid-plugin -cn: Entry UUID -ds-cfg-java-class: org.opends.server.plugins.EntryUUIDPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: ldifImport -ds-cfg-plugin-type: preOperationAdd -ds-cfg-invoke-for-internal-operations: true - -dn: cn=LastMod,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-last-mod-plugin -cn: LastMod -ds-cfg-java-class: org.opends.server.plugins.LastModPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: preOperationAdd -ds-cfg-plugin-type: preOperationModify -ds-cfg-plugin-type: preOperationModifyDN -ds-cfg-invoke-for-internal-operations: true - -dn: cn=LDAP Attribute Description List,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-ldap-attribute-description-list-plugin -cn: LDAP Attribute Description List -ds-cfg-java-class: org.opends.server.plugins.LDAPADListPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: preParseSearch -ds-cfg-invoke-for-internal-operations: true - -dn: cn=Password Policy Import,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-password-policy-import-plugin -cn: Password Policy Import -ds-cfg-java-class: org.opends.server.plugins.PasswordPolicyImportPlugin -ds-cfg-enabled: true -ds-cfg-plugin-type: ldifImport -ds-cfg-default-user-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-default-auth-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config -ds-cfg-invoke-for-internal-operations: false - -dn: cn=Referential Integrity,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-referential-integrity-plugin -cn: Referential Integrity -ds-cfg-java-class: org.opends.server.plugins.ReferentialIntegrityPlugin -ds-cfg-enabled: false -ds-cfg-plugin-type: postOperationDelete -ds-cfg-plugin-type: postOperationModifyDN -ds-cfg-plugin-type: subordinateModifyDN -ds-cfg-attribute-type: member -ds-cfg-attribute-type: uniqueMember -ds-cfg-invoke-for-internal-operations: true - -dn: cn=UID Unique Attribute,cn=Plugins,cn=config -objectClass: top -objectClass: ds-cfg-plugin -objectClass: ds-cfg-unique-attribute-plugin -cn: UID Unique Attribute -ds-cfg-java-class: org.opends.server.plugins.UniqueAttributePlugin -ds-cfg-enabled: false -ds-cfg-plugin-type: preOperationAdd -ds-cfg-plugin-type: preOperationModify -ds-cfg-plugin-type: preOperationModifyDN -ds-cfg-plugin-type: postSynchronizationAdd -ds-cfg-plugin-type: postSynchronizationModify -ds-cfg-plugin-type: postSynchronizationModifyDN -ds-cfg-type: uid -ds-cfg-invoke-for-internal-operations: true - -dn: cn=Root DNs,cn=config -objectClass: top -objectClass: ds-cfg-root-dn -cn: Root DNs -ds-cfg-default-root-privilege-name: bypass-acl -ds-cfg-default-root-privilege-name: modify-acl -ds-cfg-default-root-privilege-name: config-read -ds-cfg-default-root-privilege-name: config-write -ds-cfg-default-root-privilege-name: ldif-import -ds-cfg-default-root-privilege-name: ldif-export -ds-cfg-default-root-privilege-name: backend-backup -ds-cfg-default-root-privilege-name: backend-restore -ds-cfg-default-root-privilege-name: server-shutdown -ds-cfg-default-root-privilege-name: server-restart -ds-cfg-default-root-privilege-name: disconnect-client -ds-cfg-default-root-privilege-name: cancel-request -ds-cfg-default-root-privilege-name: password-reset -ds-cfg-default-root-privilege-name: update-schema -ds-cfg-default-root-privilege-name: privilege-change -ds-cfg-default-root-privilege-name: unindexed-search - -dn: cn=Directory Manager,cn=Root DNs,cn=config -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: ds-cfg-root-dn-user -cn: Directory Manager -givenName: Directory -sn: Manager -userPassword: {SSHA512}l1t43vVl7Uh03PpQ2vCsT0B7Q0HTi+tKJmH7tZTmSGaKrMHWHO1czfwEsjMgfbeQoiYQDGDuxolipR0H6ajMu1YHlTjPNG9Z -ds-cfg-alternate-bind-dn: cn=Directory Manager -ds-rlim-size-limit: 0 -ds-rlim-time-limit: 0 -ds-rlim-idle-time-limit: 0 -ds-rlim-lookthrough-limit: 0 -ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config - -dn: cn=Root DSE,cn=config -objectClass: top -objectClass: ds-cfg-root-dse-backend -cn: Root DSE -ds-cfg-show-all-attributes: false - -dn: cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: SASL Mechanisms - -dn: cn=ANONYMOUS,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-anonymous-sasl-mechanism-handler -cn: ANONYMOUS -ds-cfg-java-class: org.opends.server.extensions.AnonymousSASLMechanismHandler -ds-cfg-enabled: false - -dn: cn=CRAM-MD5,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-cram-md5-sasl-mechanism-handler -cn: CRAM-MD5 -ds-cfg-java-class: org.opends.server.extensions.CRAMMD5SASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=DIGEST-MD5,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-digest-md5-sasl-mechanism-handler -cn: DIGEST-MD5 -ds-cfg-java-class: org.opends.server.extensions.DigestMD5SASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=EXTERNAL,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-external-sasl-mechanism-handler -cn: EXTERNAL -ds-cfg-java-class: org.opends.server.extensions.ExternalSASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-certificate-validation-policy: ifpresent -ds-cfg-certificate-attribute: userCertificate -ds-cfg-certificate-mapper: cn=Subject Equals DN,cn=Certificate Mappers,cn=config - -dn: cn=GSSAPI,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-gssapi-sasl-mechanism-handler -cn: GSSAPI -ds-cfg-java-class: org.opends.server.extensions.GSSAPISASLMechanismHandler -ds-cfg-enabled: false -ds-cfg-identity-mapper: cn=Regular Expression,cn=Identity Mappers,cn=config -ds-cfg-keytab: /etc/krb5/krb5.keytab - -dn: cn=PLAIN,cn=SASL Mechanisms,cn=config -objectClass: top -objectClass: ds-cfg-sasl-mechanism-handler -objectClass: ds-cfg-plain-sasl-mechanism-handler -cn: PLAIN -ds-cfg-java-class: org.opends.server.extensions.PlainSASLMechanismHandler -ds-cfg-enabled: true -ds-cfg-identity-mapper: cn=Exact Match,cn=Identity Mappers,cn=config - -dn: cn=Synchronization Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Synchronization Providers - -dn: cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config -objectClass: top -objectClass: ds-cfg-synchronization-provider -objectClass: ds-cfg-replication-synchronization-provider -cn: Multimaster Synchronization -ds-cfg-enabled: true -ds-cfg-java-class: org.opends.server.replication.plugin.MultimasterReplication - -dn: cn=domains,cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: domains - -dn: cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Syntaxes - -dn: cn=Absolute Subtree Specification,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Absolute Subtree Specification -ds-cfg-java-class: org.opends.server.schema.AbsoluteSubtreeSpecificationSyntax -ds-cfg-enabled: true - -dn: cn=Sun-defined Access Control Information,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Sun-defined Access Control Information -ds-cfg-java-class: org.opends.server.schema.AciSyntax -ds-cfg-enabled: true - -dn: cn=Attribute Type Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -objectClass: ds-cfg-attribute-type-description-attribute-syntax -cn: Attribute Type Description -ds-cfg-java-class: org.opends.server.schema.AttributeTypeSyntax -ds-cfg-enabled: true -ds-cfg-strip-syntax-min-upper-bound: false - -dn: cn=Authentication Password,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Authentiation Password -ds-cfg-java-class: org.opends.server.schema.AuthPasswordSyntax -ds-cfg-enabled: true - -dn: cn=Binary,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Binary -ds-cfg-java-class: org.opends.server.schema.BinarySyntax -ds-cfg-enabled: true - -dn: cn=Bit String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Bit String -ds-cfg-java-class: org.opends.server.schema.BitStringSyntax -ds-cfg-enabled: true - -dn: cn=Boolean,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Boolean -ds-cfg-java-class: org.opends.server.schema.BooleanSyntax -ds-cfg-enabled: true - -dn: cn=Certificate,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Certificate -ds-cfg-java-class: org.opends.server.schema.CertificateSyntax -ds-cfg-enabled: true - -dn: cn=Certificate List,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Certificate List -ds-cfg-java-class: org.opends.server.schema.CertificateListSyntax -ds-cfg-enabled: true - -dn: cn=Certificate Pair,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Certificate Pair -ds-cfg-java-class: org.opends.server.schema.CertificatePairSyntax -ds-cfg-enabled: true - -dn: cn=Country String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Country String -ds-cfg-java-class: org.opends.server.schema.CountryStringSyntax -ds-cfg-enabled: true - -dn: cn=Delivery Method,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Delivery Method -ds-cfg-java-class: org.opends.server.schema.DeliveryMethodSyntax -ds-cfg-enabled: true - -dn: cn=Directory String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -objectClass: ds-cfg-directory-string-attribute-syntax -cn: Directory String -ds-cfg-java-class: org.opends.server.schema.DirectoryStringSyntax -ds-cfg-enabled: true -ds-cfg-allow-zero-length-values: false - -dn: cn=Distinguished Name,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Distinguished Name -ds-cfg-java-class: org.opends.server.schema.DistinguishedNameSyntax -ds-cfg-enabled: true - -dn: cn=DIT Content Rule Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: DIT Content Rule Description -ds-cfg-java-class: org.opends.server.schema.DITContentRuleSyntax -ds-cfg-enabled: true - -dn: cn=DIT Structure Rule Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: DIT Structure Rule Description -ds-cfg-java-class: org.opends.server.schema.DITStructureRuleSyntax -ds-cfg-enabled: true - -dn: cn=Enhanced Guide,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Enhanced Guide -ds-cfg-java-class: org.opends.server.schema.EnhancedGuideSyntax -ds-cfg-enabled: true - -dn: cn=Facsimile Telephone Number,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Facsimile Telephone Number -ds-cfg-java-class: org.opends.server.schema.FaxNumberSyntax -ds-cfg-enabled: true - -dn: cn=Fax,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Fax -ds-cfg-java-class: org.opends.server.schema.FaxSyntax -ds-cfg-enabled: true - -dn: cn=Generalized Time,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Generalized Time -ds-cfg-java-class: org.opends.server.schema.GeneralizedTimeSyntax -ds-cfg-enabled: true - -dn: cn=Guide,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Guide -ds-cfg-java-class: org.opends.server.schema.GuideSyntax -ds-cfg-enabled: true - -dn: cn=IA5 String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: IA5 String -ds-cfg-java-class: org.opends.server.schema.IA5StringSyntax -ds-cfg-enabled: true - -dn: cn=Integer,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Integer -ds-cfg-java-class: org.opends.server.schema.IntegerSyntax -ds-cfg-enabled: true - -dn: cn=JPEG,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: JPEG -ds-cfg-java-class: org.opends.server.schema.JPEGSyntax -ds-cfg-enabled: true - -dn: cn=LDAP Syntax Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: LDAP Syntax Description -ds-cfg-java-class: org.opends.server.schema.LDAPSyntaxDescriptionSyntax -ds-cfg-enabled: true - -dn: cn=Matching Rule Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Matching Rule Description -ds-cfg-java-class: org.opends.server.schema.MatchingRuleSyntax -ds-cfg-enabled: true - -dn: cn=Matching Rule Use Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Matching Rule Use Description -ds-cfg-java-class: org.opends.server.schema.MatchingRuleUseSyntax -ds-cfg-enabled: true - -dn: cn=Name and Optional UID,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Name and Optional UID -ds-cfg-java-class: org.opends.server.schema.NameAndOptionalUIDSyntax -ds-cfg-enabled: true - -dn: cn=Name Form Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Name Form Description -ds-cfg-java-class: org.opends.server.schema.NameFormSyntax -ds-cfg-enabled: true - -dn: cn=Numeric String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Numeric String -ds-cfg-java-class: org.opends.server.schema.NumericStringSyntax -ds-cfg-enabled: true - -dn: cn=Object Class Description,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Object Class Description -ds-cfg-java-class: org.opends.server.schema.ObjectClassSyntax -ds-cfg-enabled: true - -dn: cn=Object Identifier,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Object Identifier -ds-cfg-java-class: org.opends.server.schema.OIDSyntax -ds-cfg-enabled: true - -dn: cn=Octet String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Octet String -ds-cfg-java-class: org.opends.server.schema.OctetStringSyntax -ds-cfg-enabled: true - -dn: cn=Other Mailbox,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Other Mailbox -ds-cfg-java-class: org.opends.server.schema.OtherMailboxSyntax -ds-cfg-enabled: true - -dn: cn=Postal Address,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Postal Address -ds-cfg-java-class: org.opends.server.schema.PostalAddressSyntax -ds-cfg-enabled: true - -dn: cn=Presentation Address,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Presentation Address -ds-cfg-java-class: org.opends.server.schema.PresentationAddressSyntax -ds-cfg-enabled: true - -dn: cn=Printable String,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Printable String -ds-cfg-java-class: org.opends.server.schema.PrintableStringSyntax -ds-cfg-enabled: true - -dn: cn=Protocol Information,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Protocol Information -ds-cfg-java-class: org.opends.server.schema.ProtocolInformationSyntax -ds-cfg-enabled: true - -dn: cn=Relative Subtree Specification,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Relative Subtree Specification -ds-cfg-java-class: org.opends.server.schema.RelativeSubtreeSpecificationSyntax -ds-cfg-enabled: true - -dn: cn=Substring Assertion,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Substring Assertion -ds-cfg-java-class: org.opends.server.schema.SubstringAssertionSyntax -ds-cfg-enabled: true - -dn: cn=Subtree Specification,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Subtree Specification -ds-cfg-java-class: org.opends.server.schema.RFC3672SubtreeSpecificationSyntax -ds-cfg-enabled: true - -dn: cn=Supported Algorithm,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Supported Algorithm -ds-cfg-java-class: org.opends.server.schema.SupportedAlgorithmSyntax -ds-cfg-enabled: true - -dn: cn=Telephone Number,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -objectClass: ds-cfg-telephone-number-attribute-syntax -cn: Telephone Number -ds-cfg-java-class: org.opends.server.schema.TelephoneNumberSyntax -ds-cfg-enabled: true -ds-cfg-strict-format: false - -dn: cn=Teletex Terminal Identifier,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Teletex Terminal Identifier -ds-cfg-java-class: org.opends.server.schema.TeletexTerminalIdentifierSyntax -ds-cfg-enabled: true - -dn: cn=Telex Number,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: Telex Number -ds-cfg-java-class: org.opends.server.schema.TelexNumberSyntax -ds-cfg-enabled: true - -dn: cn=UTC Time,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: UTC Time -ds-cfg-java-class: org.opends.server.schema.UTCTimeSyntax -ds-cfg-enabled: true - -dn: cn=User Password,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: User Password -ds-cfg-java-class: org.opends.server.schema.UserPasswordSyntax -ds-cfg-enabled: true - -dn: cn=UUID,cn=Syntaxes,cn=config -objectClass: top -objectClass: ds-cfg-attribute-syntax -cn: UUID -ds-cfg-java-class: org.opends.server.schema.UUIDSyntax -ds-cfg-enabled: true - -dn: cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Trust Manager Providers - -dn: cn=Blind Trust,cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-trust-manager-provider -objectClass: ds-cfg-blind-trust-manager-provider -cn: Blind Trust -ds-cfg-java-class: org.opends.server.extensions.BlindTrustManagerProvider -ds-cfg-enabled: true - -dn: cn=JKS,cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-trust-manager-provider -objectClass: ds-cfg-file-based-trust-manager-provider -cn: JKS -ds-cfg-java-class: org.opends.server.extensions.FileBasedTrustManagerProvider -ds-cfg-enabled: false -ds-cfg-trust-store-type: JKS -ds-cfg-trust-store-file: config/truststore - -dn: cn=PKCS12,cn=Trust Manager Providers,cn=config -objectClass: top -objectClass: ds-cfg-trust-manager-provider -objectClass: ds-cfg-file-based-trust-manager-provider -cn: PKCS12 -ds-cfg-java-class: org.opends.server.extensions.FileBasedTrustManagerProvider -ds-cfg-enabled: false -ds-cfg-trust-store-type: PKCS12 -ds-cfg-trust-store-file: config/truststore.p12 - -dn: cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-branch -cn: Virtual Attributes - -dn: cn=entryDN,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-entry-dn-virtual-attribute -cn: entryDN -ds-cfg-java-class: org.opends.server.extensions.EntryDNVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: entryDN -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=entryUUID,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-entry-uuid-virtual-attribute -cn: entryUUIUD -ds-cfg-java-class: org.opends.server.extensions.EntryUUIDVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: entryUUID -ds-cfg-conflict-behavior: real-overrides-virtual - -dn: cn=hasSubordinates,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-has-subordinates-virtual-attribute -cn: hasSubordinates -ds-cfg-java-class: org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: hasSubordinates -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=isMemberOf,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-is-member-of-virtual-attribute -cn: isMemberOf -ds-cfg-java-class: org.opends.server.extensions.IsMemberOfVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: isMemberOf -ds-cfg-filter: (objectClass=person) -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=numSubordinates,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-num-subordinates-virtual-attribute -cn: numSubordinates -ds-cfg-java-class: org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: numSubordinates -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=subschemaSubentry,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-subschema-subentry-virtual-attribute -cn: subschemaSubentry -ds-cfg-java-class: org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: subschemaSubentry -ds-cfg-conflict-behavior: virtual-overrides-real - -dn: cn=Virtual Static member,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-member-virtual-attribute -cn: Virtual Static member -ds-cfg-java-class: org.opends.server.extensions.MemberVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: member -ds-cfg-conflict-behavior: virtual-overrides-real -ds-cfg-filter: (&(objectClass=groupOfNames)(objectClass=ds-virtual-static-group)) -ds-cfg-allow-retrieving-membership: false - -dn: cn=Virtual Static uniqueMember,cn=Virtual Attributes,cn=config -objectClass: top -objectClass: ds-cfg-virtual-attribute -objectClass: ds-cfg-member-virtual-attribute -cn: Virtual Static uniqueMember -ds-cfg-java-class: org.opends.server.extensions.MemberVirtualAttributeProvider -ds-cfg-enabled: true -ds-cfg-attribute-type: uniqueMember -ds-cfg-conflict-behavior: virtual-overrides-real -ds-cfg-filter: (&(objectClass=groupOfUniqueNames)(objectClass=ds-virtual-static-group)) -ds-cfg-allow-retrieving-membership: false - -dn: cn=Work Queue,cn=config -objectClass: top -objectClass: ds-cfg-work-queue -objectClass: ds-cfg-traditional-work-queue -cn: Work Queue -ds-cfg-java-class: org.opends.server.extensions.TraditionalWorkQueue -ds-cfg-num-worker-threads: 24 -ds-cfg-max-work-queue-capacity: 0 diff --git a/OpenICF-ldap-connector/opends/keystore.pin b/OpenICF-ldap-connector/opends/keystore.pin deleted file mode 100644 index f3097ab1..00000000 --- a/OpenICF-ldap-connector/opends/keystore.pin +++ /dev/null @@ -1 +0,0 @@ -password diff --git a/OpenICF-ldap-connector/pom.xml b/OpenICF-ldap-connector/pom.xml index 0997a98f..6c247401 100755 --- a/OpenICF-ldap-connector/pom.xml +++ b/OpenICF-ldap-connector/pom.xml @@ -22,7 +22,7 @@ your own identifying information: "Portions Copyrighted [year] [name of copyright owner]" - Portions Copyrighted 2018-2025 3A Systems, LLC + Portions Copyrighted 2018-2026 3A Systems, LLC --> 4.0.0 @@ -107,6 +107,18 @@ opendj-server test + + + org.openidentityplatform.opendj + opendj-server-legacy + ${opendj.version} + slim + zip + test + org.mockito mockito-all @@ -128,15 +140,27 @@ org.apache.maven.plugins maven-surefire-plugin - true - - testng.xml - ${opendj.port} + + ${org.openidentityplatform.opendj:opendj-server-legacy:zip:slim} + + org.apache.maven.plugins + maven-dependency-plugin + + + + resolve-opendj-archive + process-test-resources + + properties + + + + org.codehaus.mojo build-helper-maven-plugin diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java index 2506d30f..59897818 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/BlindTrustProvider.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -86,7 +87,9 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) throws } public X509Certificate[] getAcceptedIssuers() { - return null; + // Not null: this provider is installed as the JVM-wide default, so the embedded + // server picks it up for its own side of the handshake too, and null there aborts it. + return new X509Certificate[0]; } } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java index 04d9e614..2e244aba 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConfigurationTests.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -306,7 +307,7 @@ public void testDefaultValues() { assertFalse(config.isMaintainPosixGroupMembership()); assertFalse(config.isRespectResourcePasswordPolicyChangeAfterReset()); assertNull(config.getPasswordHashAlgorithm()); - assertTrue(config.isUseBlocks()); + assertFalse(config.isUseBlocks()); assertEquals(100, config.getBlockSize()); assertFalse(config.isUsePagedResultControl()); assertEquals("uid", config.getVlvSortAttribute()); diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java index b742db40..c387b546 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectionTests.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -172,6 +173,7 @@ public void testSupportedControls() { @Test public void testServerType() { LdapConnection conn = new LdapConnection(newConfiguration()); - assertEquals(ServerType.OPENDS, conn.getServerType()); + // The test instance is OpenDJ; it was OpenDS back when this test last ran. + assertEquals(ServerType.OPENDJ, conn.getServerType()); } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java index e86e74fa..385c589c 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/LdapConnectorTestBase.java @@ -19,19 +19,40 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; +import static org.forgerock.opendj.server.embedded.ConfigParameters.configParams; +import static org.forgerock.opendj.server.embedded.ConnectionParameters.connectionParams; +import static org.forgerock.opendj.server.embedded.SetupParameters.setupParams; + import org.testng.annotations.AfterClass; import org.testng.annotations.AfterMethod; import org.testng.annotations.BeforeMethod; import org.testng.Assert; import java.io.File; import java.io.IOException; +import java.io.InputStream; +import java.io.StringReader; import java.net.InetAddress; +import java.net.ServerSocket; import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.nio.file.FileVisitResult; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.SimpleFileVisitor; +import java.nio.file.StandardCopyOption; +import java.nio.file.attribute.BasicFileAttributes; import java.util.List; +import com.forgerock.opendj.ldap.tools.MakeLDIF; +import org.forgerock.opendj.ldap.Connection; +import org.forgerock.opendj.ldif.ConnectionChangeRecordWriter; +import org.forgerock.opendj.ldif.LDIFChangeRecordReader; +import org.forgerock.opendj.server.embedded.EmbeddedDirectoryServer; +import org.forgerock.opendj.server.embedded.EmbeddedDirectoryServerException; import org.identityconnectors.common.IOUtil; import org.identityconnectors.common.security.GuardedString; import org.identityconnectors.framework.api.APIConfiguration; @@ -45,17 +66,18 @@ import org.identityconnectors.framework.common.objects.OperationOptionsBuilder; import org.identityconnectors.framework.common.objects.filter.FilterBuilder; import org.identityconnectors.test.common.TestHelpers; -import org.opends.server.config.ConfigException; -import org.opends.server.types.DirectoryEnvironmentConfig; -import org.opends.server.types.InitializationException; +import org.opends.server.tools.ImportLDIF; import org.opends.server.util.EmbeddedUtils; public abstract class LdapConnectorTestBase { - // Cf. data.ldif and bigcompany.ldif. + // Cf. data.ldif and bigcompany.template. - public static final int PORT = 2389; - public static final int SSL_PORT = 2636; + // Picked at run time rather than fixed, so that a developer box already running a directory + // server on the traditional 2389/2636 does not break the build. The instance is set up from + // these, so config and tests cannot drift apart. + public static final int PORT = findFreePort(); + public static final int SSL_PORT = findFreePort(); public static final String EXAMPLE_COM_DN = "dc=example,dc=com"; @@ -108,27 +130,33 @@ public abstract class LdapConnectorTestBase { public static final String USER_0_SN = "Amar"; public static final String USER_0_GIVEN_NAME = "Aaccf"; - // Cf. test/opends/config/config.ldif and setup-test-opends.xml. - - private static final String[] FILES = { - "config/config.ldif", - "config/admin-backend.ldif", - "config/keystore", - "config/keystore.pin", - "config/schema/00-core.ldif", - "config/schema/01-pwpolicy.ldif", - "config/schema/02-config.ldif", - "config/schema/03-changelog.ldif", - "config/schema/03-rfc2713.ldif", - "config/schema/03-rfc2714.ldif", - "config/schema/03-rfc2739.ldif", - "config/schema/03-rfc2926.ldif", - "config/schema/03-rfc3112.ldif", - "config/schema/03-rfc3712.ldif", - "config/schema/03-uddiv3.ldif", - "config/schema/04-rfc2307bis.ldif", - "db/userRoot/00000000.jdb" - }; + private static final int ADMIN_PORT = findFreePort(); + private static final int JMX_PORT = findFreePort(); + /** Replication carries the change log the sync tests read, even with nothing to replicate to. */ + private static final int REPLICATION_PORT = findFreePort(); + + private static final String ROOT_DN = "cn=Directory Manager"; + private static final String ROOT_PASSWORD = "password"; + + /** EmbeddedDirectoryServer.extractArchiveForSetup() insists on this server root name. */ + private static final String SERVER_ROOT_NAME = "opendj"; + + private static final File WORK_DIR = new File(System.getProperty("java.io.tmpdir"), "openicf-ldap-opendj"); + private static final File SERVER_ROOT = new File(new File(WORK_DIR, "instance"), SERVER_ROOT_NAME); + /** Pristine copy of the directories below, taken once the instance is fully populated. */ + private static final File PRISTINE_DIR = new File(WORK_DIR, "pristine"); + /** The parts of the instance the tests write to; restored from PRISTINE_DIR on every start. */ + private static final String[] MUTABLE_DIRS = { "config", "db", "changelogDb" }; + + private static EmbeddedDirectoryServer server; + private static boolean instanceCreated; + + static { + // testSSL() registers this too, but by then the embedded server has started and brought + // SSL up with it. The default SSL context is built once and cached, so registering after + // that has no effect on it and the test would fail to trust the generated certificate. + BlindTrustProvider.register(); + } @AfterClass public static void afterClass() { @@ -208,64 +236,288 @@ public static ConnectorObject findByAttribute(List objects, Str return null; } + /** + * Starts the embedded directory, restoring its data to the state the tests expect. + * + * The instance is only built once per JVM: setting it up and importing the Big Company + * entries is far too slow to repeat for every test that asks for a restart. Afterwards a + * pristine copy of the mutable directories is kept aside, and starting means putting that + * copy back, which is what makes each test see the same data. + */ protected void startServer() throws IOException { - File root = new File(System.getProperty("java.io.tmpdir"), "opends"); - IOUtil.delete(root); - if (!root.mkdirs()) { - throw new IOException(); + try { + createInstance(); + restorePristineState(); + server = manageServer(); + server.start(); + waitUntilListening(); + } catch (EmbeddedDirectoryServerException e) { + throw (IOException) new IOException(e.getMessage()).initCause(e); } - for (String path : FILES) { - File file = new File(root, path); - File parent = file.getParentFile(); - if (!parent.exists() && !parent.mkdirs()) { - throw new IOException(file.getAbsolutePath()); + } + + /** + * Starting is asynchronous: it reports the server as running before the connection handler + * has bound its port, so a test that connected straight away would be refused. + */ + private static void waitUntilListening() throws IOException { + final int WAIT = 200; // ms + final int ITERATIONS = 50; + for (int i = 1; !isListening(PORT) || !isListening(SSL_PORT); i++) { + if (i >= ITERATIONS) { + throw new IOException("OpenDJ is not listening on ports " + PORT + " and " + SSL_PORT + + " " + (WAIT * ITERATIONS) + "ms after being started"); } - IOUtil.extractResourceToFile(LdapConnectorTestBase.class, "opends/" + path, file); + try { + Thread.sleep(WAIT); + } catch (InterruptedException e) {} } + } - File configDir = new File(root, "config"); - File configFile = new File(configDir, "config.ldif"); - File schemaDir = new File(configDir, "schema"); - File lockDir = new File(root, "locks"); - if (!lockDir.mkdirs()) { - throw new IOException(); + protected static void stopServer() { + if (server != null) { + server.stop(LdapConnectorTestBase.class.getName(), null); + server = null; } - - try { - DirectoryEnvironmentConfig config = new DirectoryEnvironmentConfig(); - config.setServerRoot(root); - config.setConfigFile(configFile); - config.setSchemaDirectory(schemaDir); - //config.setLockDirectory(lockDir); - EmbeddedUtils.startServer(config); -// } catch (ConfigException e) { -// throw (IOException) new IOException(e.getMessage()).initCause(e); - } catch (InitializationException e) { - throw (IOException) new IOException(e.getMessage()).initCause(e); + if (!waitUntilStopped()) { + Assert.fail("OpenDJ failed to stop"); } } - protected static void stopServer() { - EmbeddedUtils.stopServer("org.test.opends.EmbeddedOpenDS", null); - // It seems that EmbeddedUtils.stopServer() returns before the server has stopped listening on its port, - // causing the next test to fail when starting the server. + /** + * Shutting down is asynchronous, so wait for it to finish. Both conditions matter: the port + * has to be free before the next start can bind it again, and isRunning() has to agree the + * server is down, or before() would decide there is nothing to restart and leave the next + * test without a server. + */ + private static boolean waitUntilStopped() { final int WAIT = 200; // ms final int ITERATIONS = 25; - for (int i = 1; ; i++) { + for (int i = 1; EmbeddedUtils.isRunning() || isAnyPortStillBound(); i++) { + if (i >= ITERATIONS) { + return false; + } try { - new Socket(InetAddress.getLocalHost(), PORT).close(); - } catch (IOException e) { - // Okay, server has stopped. - return; + Thread.sleep(WAIT); + } catch (InterruptedException e) {} + } + return true; + } + + /** Every port the server binds, since starting again fails on whichever is not free yet. */ + private static boolean isAnyPortStillBound() { + return isListening(PORT) || isListening(SSL_PORT) || isListening(ADMIN_PORT) + || isListening(REPLICATION_PORT); + } + + private static boolean isListening(int port) { + try { + new Socket(InetAddress.getLocalHost(), port).close(); + return true; + } catch (IOException e) { + return false; + } + } + + private static EmbeddedDirectoryServer manageServer() { + return EmbeddedDirectoryServer.manageEmbeddedDirectoryServer( + configParams() + .serverRootDirectory(SERVER_ROOT.getPath()) + .configurationFile(new File(SERVER_ROOT, "config/config.ldif").getPath()), + connectionParams() + .hostName("localhost") + .ldapPort(PORT) + .ldapSecurePort(SSL_PORT) + .adminPort(ADMIN_PORT) + .bindDn(ROOT_DN) + .bindPassword(ROOT_PASSWORD), + System.out, System.err); + } + + private static void createInstance() throws IOException, EmbeddedDirectoryServerException { + if (instanceCreated) { + return; + } + IOUtil.delete(WORK_DIR); + if (!SERVER_ROOT.mkdirs()) { + throw new IOException("Cannot create " + SERVER_ROOT); + } + + EmbeddedDirectoryServer setupServer = manageServer(); + setupServer.extractArchiveForSetup(archive()); + // Set up empty: the data is imported further down, once the configuration it has to + // satisfy is in place. --ldapsPort implies a generated self-signed certificate, which is + // all testSSL() needs, as it registers a blind trust provider. + setupServer.setup(setupParams() + .baseDn(EXAMPLE_COM_DN) + .backendType("je") + .jmxPort(JMX_PORT)); + + // Configuration goes in over a connection, so the server has to be up for it. + startAndApply(setupServer, "test-config.ldif"); + + // Now that the server will accept the entries and knows which indexes to build for them, + // import. Doing this before the configuration above would get entries rejected and leave + // the VLV index empty. + importData(); + + // uid=admin and the ACIs granting it access can only be added once the entries they refer + // to exist. + startAndApply(setupServer, "admin.ldif"); + + for (String dir : MUTABLE_DIRS) { + copyDirectory(new File(SERVER_ROOT, dir).toPath(), new File(PRISTINE_DIR, dir).toPath()); + } + instanceCreated = true; + } + + private static void restorePristineState() throws IOException { + for (String dir : MUTABLE_DIRS) { + File target = new File(SERVER_ROOT, dir); + IOUtil.delete(target); + copyDirectory(new File(PRISTINE_DIR, dir).toPath(), target.toPath()); + } + } + + /** The OpenDJ distribution archive, handed over by the build; cf. the pom. */ + private static File archive() throws IOException { + String path = System.getProperty("opendj.archive"); + if (path == null) { + throw new IOException("The opendj.archive system property is not set; " + + "it should point at the OpenDJ distribution archive to set the test instance up from."); + } + File archive = new File(path); + if (!archive.isFile()) { + throw new IOException("No OpenDJ distribution archive at " + archive); + } + return archive; + } + + private static File generateBigCompanyLdif() throws IOException { + File template = copyResourceToWorkDir("bigcompany.template"); + File ldif = new File(WORK_DIR, "bigcompany.ldif"); + // The name dictionaries the template draws from ship with the distribution. + File resourcePath = new File(SERVER_ROOT, "template/config/MakeLDIF"); + // A fixed seed keeps the generated entries stable from run to run. + int rc = MakeLDIF.run(System.out, System.err, + "--outputLDIF", ldif.getPath(), + "--resourcePath", resourcePath.getPath(), + "--randomSeed", "1", + template.getPath()); + if (rc != 0) { + throw new IOException("Generating " + ldif + " from " + template + " failed with code " + rc); + } + return ldif; + } + + /** + * Grants uid=admin the privileges and ACIs the tests rely on. Kept as an LDIF changes file + * because part of it modifies cn=config, which cannot be expressed in imported data. + */ + private static void applyChanges(EmbeddedDirectoryServer target, String resource) + throws IOException, EmbeddedDirectoryServerException { + // The ports are only known at run time, so the files spell them as placeholders. + String ldif = readResource(resource) + .replace("%REPLICATION_PORT%", String.valueOf(REPLICATION_PORT)); + try (Connection connection = target.getInternalConnection(); + LDIFChangeRecordReader reader = new LDIFChangeRecordReader(new StringReader(ldif)); + ConnectionChangeRecordWriter writer = new ConnectionChangeRecordWriter(connection)) { + while (reader.hasNext()) { + writer.writeChangeRecord(reader.readChangeRecord()); + } + } + } + + private static String readResource(String name) throws IOException { + try (InputStream in = openResource(name)) { + return new String(in.readAllBytes(), StandardCharsets.UTF_8); + } + } + + /** Brings the server up, feeds it an LDIF changes file, and puts it back down. */ + private static void startAndApply(EmbeddedDirectoryServer target, String resource) + throws IOException, EmbeddedDirectoryServerException { + target.start(); + waitUntilListening(); + try { + applyChanges(target, resource); + } finally { + target.stop(LdapConnectorTestBase.class.getName(), null); + } + if (!waitUntilStopped()) { + throw new IOException("OpenDJ failed to stop after applying " + resource); + } + } + + /** + * Imports the test entries with the server down. + * + * This drives the tool directly rather than through EmbeddedDirectoryServer.importLDIF(), + * which requires a running server, and an online import would go through the task backend + * and the admin connector for no benefit here. + */ + private static void importData() throws IOException { + File rejects = new File(WORK_DIR, "rejects.ldif"); + int rc = ImportLDIF.mainImportLDIF(new String[] { + "--configFile", new File(SERVER_ROOT, "config/config.ldif").getPath(), + "--backendID", "userRoot", + "--ldifFile", copyResourceToWorkDir("data.ldif").getPath(), + "--ldifFile", generateBigCompanyLdif().getPath(), + "--rejectFile", rejects.getPath(), + "--offline", + "--noPropertiesFile" }, true, System.out, System.err); + if (rc != 0) { + throw new IOException("Importing the test entries into " + SERVER_ROOT + " failed with code " + rc); + } + // A rejected entry does not fail the import, it just quietly goes missing and surfaces + // much later as a test looking for data that is not there. + if (rejects.length() > 0) { + throw new IOException("The server rejected some of the test entries; see " + rejects); + } + } + + private static InputStream openResource(String name) throws IOException { + InputStream in = LdapConnectorTestBase.class.getClassLoader().getResourceAsStream("opends/" + name); + if (in == null) { + throw new IOException("Missing resource: opends/" + name); + } + return in; + } + + private static File copyResourceToWorkDir(String name) throws IOException { + File file = new File(WORK_DIR, name); + try (InputStream in = openResource(name)) { + Files.copy(in, file.toPath(), StandardCopyOption.REPLACE_EXISTING); + } + return file; + } + + private static void copyDirectory(final Path source, final Path target) throws IOException { + if (!Files.isDirectory(source)) { + // The server only creates some of these once it has something to put in them. + return; + } + Files.walkFileTree(source, new SimpleFileVisitor() { + @Override + public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException { + Files.createDirectories(target.resolve(source.relativize(dir))); + return FileVisitResult.CONTINUE; } - if (i < ITERATIONS) { - try { - Thread.sleep(WAIT); - } catch (InterruptedException e) {} - } else { - break; + + @Override + public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { + Files.copy(file, target.resolve(source.relativize(file)), StandardCopyOption.REPLACE_EXISTING); + return FileVisitResult.CONTINUE; } + }); + } + + private static int findFreePort() { + try (ServerSocket socket = new ServerSocket(0)) { + socket.setReuseAddress(true); + return socket.getLocalPort(); + } catch (IOException e) { + throw new RuntimeException("Cannot reserve a port for the test directory server", e); } - Assert.fail("OpenDS failed to stop"); } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java index 7b64da33..45109ab3 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/SunDSTestBase.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap; @@ -34,27 +35,40 @@ import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapName; -import org.identityconnectors.common.security.GuardedString; import org.identityconnectors.framework.api.APIConfiguration; import org.identityconnectors.framework.api.ConnectorFacade; import org.identityconnectors.framework.api.ConnectorFacadeFactory; import org.identityconnectors.ldap.search.DefaultSearchStrategy; import org.identityconnectors.ldap.search.LdapInternalSearch; import org.identityconnectors.ldap.search.LdapSearchResultsHandler; -import org.identityconnectors.test.common.PropertyBag; import org.identityconnectors.test.common.TestHelpers; -public class SunDSTestBase { +/** + * Base for the tests written against Sun DSEE, run against the embedded OpenDJ instance. + * + * OpenDJ serves the change log these tests read and supports the VLV searches they make, so it + * stands in for the Sun DSEE they were pointed at through sunds.* properties, which nobody can + * supply any more. + * + * The tests here empty their base context and repopulate it, so they get one of their own rather + * than the contexts the other tests read. Whatever they leave behind is cleared up anyway: the + * server stops when the class ends, and the next start puts the data back as it was. + */ +public class SunDSTestBase extends LdapConnectorTestBase { + + @Override + protected boolean restartServerAfterEachTest() { + return false; + } public static LdapConfiguration newConfiguration() { LdapConfiguration config = new LdapConfiguration(); config.setConnectorMessages(TestHelpers.createDummyMessages()); - PropertyBag testProps = TestHelpers.getProperties(LdapConnector.class); - config.setHost(testProps.getStringProperty("sunds.host")); - config.setPort(testProps.getProperty("sunds.port", Integer.class, 389)); - config.setPrincipal(testProps.getStringProperty("sunds.principal")); - config.setCredentials(testProps.getProperty("sunds.credentials", GuardedString.class)); - config.setBaseContexts(testProps.getStringProperty("sunds.baseContext")); + config.setHost("localhost"); + config.setPort(PORT); + config.setPrincipal(ADMIN_DN); + config.setCredentials(ADMIN_PASSWORD); + config.setBaseContexts(SMALL_COMPANY_DN); config.setUidAttribute("entryDN"); config.setReadSchema(false); // To be compatible with IdM. config.validate(); diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java index c2504bc3..62028914 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/schema/LdapSchemaMappingTests.java @@ -19,6 +19,7 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap.schema; @@ -46,6 +47,7 @@ import org.identityconnectors.ldap.LdapConnectorTestBase; import org.identityconnectors.ldap.LdapConstants; import org.identityconnectors.ldap.LdapConstants.ServerType; +import org.identityconnectors.ldap.LdapUtil; public class LdapSchemaMappingTests extends LdapConnectorTestBase { @@ -62,6 +64,11 @@ public void testObjectClassAttrIsReadOnly() { LdapConfiguration config = newConfiguration(true); Schema schema = newFacade(config).schema(); for (ObjectClassInfo oci : schema.getObjectClassInfo()) { + if (oci.is(LdapUtil.SERVER_INFO_NAME)) { + // Not an LDAP object class: the connector makes this one up to report server + // information through, and it has no attributes at all, objectClass included. + continue; + } AttributeInfo attrInfo = AttributeInfoUtil.find("objectClass", oci.getAttributeInfo()); assertFalse(attrInfo.isRequired()); assertFalse(attrInfo.isCreateable()); @@ -165,11 +172,16 @@ public void testAttributeTypes() { } @Test - public void testSyncNotSupported() { + public void testSyncSupported() { LdapConfiguration config = newConfiguration(); LdapConnection conn = new LdapConnection(config); - assertEquals(ServerType.OPENDS, conn.getServerType()); + // The test instance is OpenDJ; it was OpenDS back when this test last ran, and used to + // assert the opposite. OpenDJ serves the change log, so the connector reports sync as + // supported (it only takes it away for OpenDS), and SunDSChangeLogSyncStrategyTests + // exercises it end to end. + assertEquals(ServerType.OPENDJ, conn.getServerType()); Schema schema = newFacade(config).schema(); - assertTrue(schema.getSupportedObjectClassesByOperation().get(SyncApiOp.class).isEmpty()); + ObjectClassInfo accountInfo = schema.findObjectClassInfo(ObjectClass.ACCOUNT_NAME); + assertTrue(schema.getSupportedObjectClassesByOperation().get(SyncApiOp.class).contains(accountInfo)); } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java index be25dfab..5d00f142 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/LdapSearchTests.java @@ -20,6 +20,7 @@ * "Portions Copyrighted [year] [name of copyright owner]" * ==================== * "Portions Copyrighted 2014 ForgeRock AS" + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap.search; @@ -271,7 +272,11 @@ public void testAttributesToGetNotPresentInEntryAreEmpty() { @Test public void testScope() { - ConnectorFacade facade = newFacade(); + // The subtree search below returns more accounts than the server will hand over in one + // go; cf. testMultipleBaseDNs. + LdapConfiguration config = newConfiguration(); + config.setUseBlocks(true); + ConnectorFacade facade = newFacade(config); // Find an organization to pass in OP_CONTAINER. ObjectClass oclass = new ObjectClass("organization"); ConnectorObject organization = searchByAttribute(facade, oclass, new Name(BIG_COMPANY_DN)); @@ -334,7 +339,12 @@ public void testMissingParenthesesAddedToAccountSearchFilter() { @Test public void testMultipleBaseDNs() { - ConnectorFacade facade = newFacade(); + // Big Company holds more accounts than the server will return in one search, so the + // search has to be broken up. This used to be the default, until useBlocks was changed + // to default to false. + LdapConfiguration config = newConfiguration(); + config.setUseBlocks(true); + ConnectorFacade facade = newFacade(config); // This should find accounts from both base DNs. List objects = TestHelpers.searchToList(facade, ObjectClass.ACCOUNT, null); diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java index a1fe67b3..a900d95b 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/search/VlvIndexSearchStrategyTests.java @@ -19,19 +19,15 @@ * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== + * Portions Copyrighted 2026 3A Systems, LLC */ package org.identityconnectors.ldap.search; import static org.testng.AssertJUnit.assertEquals; -import static org.testng.AssertJUnit.assertTrue; import org.testng.annotations.Test; -import java.lang.reflect.Method; import java.util.HashSet; import java.util.Set; -import org.identityconnectors.common.logging.Log; -import org.identityconnectors.common.logging.LogSpi; -import org.identityconnectors.common.logging.Log.Level; import org.identityconnectors.framework.api.APIConfiguration; import org.identityconnectors.framework.api.ConnectorFacade; import org.identityconnectors.framework.api.ConnectorFacadeFactory; @@ -92,59 +88,13 @@ public void testOverlapWorkaround() throws Exception { } ToListResultsHandler handler = new ToListResultsHandler(); + facade.search(ObjectClass.ACCOUNT, null, handler, null); - Log oldLog = VlvIndexSearchStrategy.getLog(); - OverlapLogImpl overlapLog = new OverlapLogImpl(oldLog); - try { - VlvIndexSearchStrategy.setLog(createLog(VlvIndexSearchStrategy.class, overlapLog)); - facade.search(ObjectClass.ACCOUNT, null, handler, null); - } finally { - VlvIndexSearchStrategy.setLog(oldLog); - } - - assertTrue("The server should have sent overlapping blocks", overlapLog.hasOverlap()); + // Blocks of two mean the VLV search strategy makes 45 round trips to gather the 90 + // accounts; getting all of them back is what shows its paging loop stitches the blocks + // together correctly. This used to also assert the server returned overlapping blocks, a + // VLV offset rounding bug specific to Sun DSEE; OpenDJ computes the offsets exactly and + // never overlaps, so that half of the check no longer applies. assertEquals(COUNT, handler.getObjects().size()); } - - private static Log createLog(Class clazz, LogSpi spi) throws Exception { - Method getLogMethod = Log.class.getDeclaredMethod("getLog", Class.class, LogSpi.class); - getLogMethod.setAccessible(true); - return (Log) getLogMethod.invoke(null, clazz, spi); - } - - static class OverlapLogImpl implements LogSpi { - - private final Log delegate; - - private boolean overlap = false; - - public OverlapLogImpl(Log delegate) { - this.delegate = delegate; - } - - public boolean isLoggable(Class clazz, Level level) { - return true; // We need to, in order to ensure log() will be called. - } - - public void log(Class clazz, StackTraceElement caller, Level level, String message, Throwable ex) { - log(clazz,"unknown", level, message, ex); - } - - public boolean needToInferCaller(Class clazz, Level level) { - return false; - } - - public void log(Class clazz, String method, Level level, String message, Throwable ex) { - if (VlvIndexSearchStrategy.class.equals(clazz) && message != null && message.contains("overlap")) { - overlap = true; - } - if (delegate.isLoggable(level)) { - delegate.log(clazz, method, level, message, ex); - } - } - - public boolean hasOverlap() { - return overlap; - } - } } diff --git a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java index 3a6151a8..72628a76 100644 --- a/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java +++ b/OpenICF-ldap-connector/src/test/java/org/identityconnectors/ldap/sync/sunds/SunDSChangeLogSyncStrategyTests.java @@ -47,6 +47,7 @@ import org.identityconnectors.framework.common.objects.SyncResultsHandler; import org.identityconnectors.framework.common.objects.SyncToken; import org.identityconnectors.framework.common.objects.Uid; +import org.identityconnectors.framework.spi.SyncTokenResultsHandler; import org.identityconnectors.ldap.LdapConfiguration; import org.identityconnectors.ldap.LdapConnection; import org.identityconnectors.ldap.SunDSTestBase; @@ -94,11 +95,18 @@ private List doTest(LdapConnection conn, String ldif, int expected) t OperationOptions options = builder.build(); final List result = new ArrayList(); - sync.sync(token, new SyncResultsHandler() { + // SyncTokenResultsHandler rather than a plain SyncResultsHandler because the strategy + // hands the final token back through handleResult(); in production the framework always + // passes a handler of this type. + sync.sync(token, new SyncTokenResultsHandler() { public boolean handle(SyncDelta delta) { result.add(delta); return true; } + + public void handleResult(SyncToken token) { + // The tests assert on the deltas, not the returned token. + } }, options); return result; } @@ -122,7 +130,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); SyncDelta delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // add maps to CREATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE when this last ran. + assertEquals(SyncDeltaType.CREATE, delta.getDeltaType()); ConnectorObject object = delta.getObject(); assertEquals(new Uid(entryDN), object.getUid()); assertEquals(new Name(entryDN), object.getName()); @@ -138,7 +147,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modrdn maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(new Uid(entryDN), object.getUid()); assertEquals(new Name(entryDN), object.getName()); @@ -154,7 +164,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modify maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(AttributeBuilder.build("cn", "Foo Bar", "Dummy User"), object.getAttributeByName("cn")); @@ -167,7 +178,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modrdn maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(new Uid(entryDN), object.getUid()); assertEquals(new Name(entryDN), object.getName()); @@ -181,7 +193,8 @@ public void testSimple() throws Exception { assertEquals(1, result.size()); delta = result.get(0); - assertEquals(SyncDeltaType.CREATE_OR_UPDATE, delta.getDeltaType()); + // modify maps to UPDATE since the ICF 1.4 upgrade; it was CREATE_OR_UPDATE before. + assertEquals(SyncDeltaType.UPDATE, delta.getDeltaType()); object = delta.getObject(); assertEquals(AttributeBuilder.build("cn", "Dummy User"), object.getAttributeByName("cn")); @@ -246,9 +259,34 @@ public void testFilterOutByBaseContexts() throws NamingException { @Test public void testFilterOutByModifiersNames() throws NamingException { LdapConfiguration config = newConfiguration(); - config.setModifiersNamesToFilterOut("cn=Directory Manager"); + // The DN the connection binds as, which the server records as the modifier of the modify + // below; on Sun DSEE this was cn=Directory Manager. + config.setModifiersNamesToFilterOut(ADMIN_DN); LdapConnection conn = newConnection(config); - testExpectingNoDelta(conn); + String baseContext = conn.getConfiguration().getBaseContexts()[0]; + String entryDN = "uid=foobar," + baseContext; + + // Unlike the other filter tests this one drives a modify, not the shared add: OpenDJ + // attributes an add to creatorsName and records modifiersName only on a modify, which is + // what this filter matches. The add that creates the entry is synced from a token taken + // before it, in a separate window, so it does not count towards the assertion below. + doTest(conn, + "dn: " + entryDN + "\n" + + "changetype: add\n" + + "objectClass: inetOrgPerson\n" + + "objectClass: organizationalPerson\n" + + "objectClass: person\n" + + "objectClass: top\n" + + "uid: foobar\n" + + "cn: Foo Bar\n" + + "sn: Bar\n", 1); + + List result = doTest(conn, + "dn: " + entryDN + "\n" + + "changeType: modify\n" + + "add: description\n" + + "description: changed", 0); + assertTrue(result.isEmpty()); } @Test @@ -296,7 +334,9 @@ private void testExpectingNoDelta(LdapConnection conn) throws NamingException { public void testSyncSupported() throws NamingException { LdapConfiguration config = newConfiguration(); LdapConnection conn = newConnection(config); - assertEquals(ServerType.SUN_DSEE, conn.getServerType()); + // The test instance is OpenDJ; it was Sun DSEE back when this test last ran. Both serve + // the change log this strategy reads, so sync stays supported either way. + assertEquals(ServerType.OPENDJ, conn.getServerType()); Schema schema = newFacade(config).schema(); ObjectClassInfo accountInfo = schema.findObjectClassInfo(ObjectClass.ACCOUNT_NAME); assertTrue(schema.getSupportedObjectClassesByOperation().get(SyncApiOp.class).contains(accountInfo)); diff --git a/OpenICF-ldap-connector/opends/admin.ldif b/OpenICF-ldap-connector/src/test/resources/opends/admin.ldif similarity index 63% rename from OpenICF-ldap-connector/opends/admin.ldif rename to OpenICF-ldap-connector/src/test/resources/opends/admin.ldif index efe20c5d..cb99ec3c 100644 --- a/OpenICF-ldap-connector/opends/admin.ldif +++ b/OpenICF-ldap-connector/src/test/resources/opends/admin.ldif @@ -19,6 +19,7 @@ # enclosed by brackets [] replaced by your own identifying information: # "Portions Copyrighted [year] [name of copyright owner]" # ==================== +# Portions Copyrighted 2026 3A Systems, LLC # -- END LICENSE dn: uid=admin,dc=example,dc=com changetype: add @@ -35,6 +36,8 @@ userPassword: password ds-privilege-name: unindexed-search # To be able to change passwords. ds-privilege-name: password-reset +# To be able to read cn=changelog, which sync() works off. +ds-privilege-name: changelog-read dn: dc=example,dc=com changetype: modify @@ -55,3 +58,19 @@ dn: cn=Access Control Handler,cn=config changetype: modify add: ds-cfg-global-aci ds-cfg-global-aci: (targetcontrol = "2.16.840.1.113730.3.4.9")(version 3.0; acl "Allow Virtual List View Control Admin Access"; allow(read) userdn = "ldap:///uid=admin,dc=example,dc=com";) + +# sync() finds the change log by reading changelog, firstChangeNumber and lastChangeNumber from +# the root DSE. They are operational attributes, so targetattr="*" does not cover them and the +# stock "User-Visible Root DSE Operational Attributes" ACI does not list them. +dn: cn=Access Control Handler,cn=config +changetype: modify +add: ds-cfg-global-aci +ds-cfg-global-aci: (target = "ldap:///")(targetscope = "base")(targetattr = "changelog||firstChangeNumber||lastChangeNumber")(version 3.0; acl "Allow Change Log Root DSE Attributes Admin Access"; allow(read,search,compare) userdn = "ldap:///uid=admin,dc=example,dc=com";) + +# cn=changelog sits outside dc=example,dc=com, so the ACI on that suffix does not reach it. The +# attributes are named one by one because the stock "Anonymous read access" global ACI excludes +# exactly these from targetattr="*". +dn: cn=Access Control Handler,cn=config +changetype: modify +add: ds-cfg-global-aci +ds-cfg-global-aci: (target = "ldap:///cn=changelog")(targetattr = "*||changeNumber||targetDN||changeType||changes||newRDN||deleteOldRDN||newSuperior||targetEntryUUID||changeTime||changeInitiatorsName")(version 3.0; acl "Allow Change Log Admin Access"; allow(read,search,compare) userdn = "ldap:///uid=admin,dc=example,dc=com";) diff --git a/OpenICF-ldap-connector/opends/bigcompany.template b/OpenICF-ldap-connector/src/test/resources/opends/bigcompany.template similarity index 78% rename from OpenICF-ldap-connector/opends/bigcompany.template rename to OpenICF-ldap-connector/src/test/resources/opends/bigcompany.template index a31a62be..350db0c7 100644 --- a/OpenICF-ldap-connector/opends/bigcompany.template +++ b/OpenICF-ldap-connector/src/test/resources/opends/bigcompany.template @@ -19,16 +19,26 @@ # enclosed by brackets [] replaced by your own identifying information: # "Portions Copyrighted [year] [name of copyright owner]" # ==================== +# Portions Copyrighted 2026 3A Systems, LLC # -- END LICENSE +# +# The suffix entry itself is not generated here: data.ldif already defines +# dc=example,dc=com, and both files are imported into the same backend. +# +# Branches must spell out their objectClasses. The Sun-era MakeLDIF derived them +# from the RDN attribute; the OpenDJ one does not, and leaves the entry without a +# structural objectClass, which the server then rejects on import. define suffix=dc=example,dc=com define maildomain=example.com define numusers=2000 -branch: [suffix] - branch: o=Big Company,[suffix] +objectClass: top +objectClass: organization branch: ou=People,o=Big Company,[suffix] +objectClass: top +objectClass: organizationalUnit subordinateTemplate: person:[numusers] template: person diff --git a/OpenICF-ldap-connector/opends/data.ldif b/OpenICF-ldap-connector/src/test/resources/opends/data.ldif similarity index 100% rename from OpenICF-ldap-connector/opends/data.ldif rename to OpenICF-ldap-connector/src/test/resources/opends/data.ldif diff --git a/OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif b/OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif new file mode 100644 index 00000000..3d9fa9c7 --- /dev/null +++ b/OpenICF-ldap-connector/src/test/resources/opends/test-config.ldif @@ -0,0 +1,112 @@ +# The contents of this file are subject to the terms of the Common Development and +# Distribution License (the License). You may not use this file except in compliance with the +# License. +# +# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the +# specific language governing permission and limitations under the License. +# +# When distributing Covered Software, include this CDDL Header Notice in each file and include +# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL +# Header, with the fields enclosed by brackets [] replaced by your own identifying +# information: "Portions copyright [year] [name of copyright owner]". +# +# Copyright 2026 3A Systems, LLC. +# +# Server configuration the tests need on top of a stock setup. Carried over from the OpenDS-era +# config.ldif this module used to ship, adapted to OpenDJ 5. +# +# The default search size limit of 1000 is deliberately left alone: testSimplePagedSearch and +# testVlvIndexSearch assert they get more than 1000 entries back, which only proves anything +# about paging while the server would otherwise cut the search off. + +# data.ldif carries "c: Czech Republic", which is not the two-letter code the country string +# syntax calls for. OpenDS let it through; OpenDJ rejects the entry outright, and +# testSearchArbitraryObjectClass is then left with nothing to find. Warn instead of reject, so +# the entry is imported as it always was. +# +# ds-cfg-strict-format-country-string on cn=Core Schema,cn=Schema Providers would be the +# narrower knob, but the schema providers are only consulted when the server starts, and the +# entries are imported offline, where that setting has no bearing. +dn: cn=config +changetype: modify +replace: ds-cfg-invalid-attribute-syntax-behavior +ds-cfg-invalid-attribute-syntax-behavior: warn + +# uid=expired in data.ldif is bound to this one. The password expires two seconds after it is +# set, but the grace logins let the bind through, and the server flags it with the password +# expired control; that pair is what testAuthenticateExpiredPassword exercises. +dn: cn=Quickly Expiring Password Policy,cn=Password Policies,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-password-policy +cn: Quickly Expiring Password Policy +ds-cfg-java-class: org.opends.server.core.PasswordPolicyFactory +ds-cfg-password-attribute: userPassword +ds-cfg-default-password-storage-scheme: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config +ds-cfg-max-password-age: 2 seconds +# Has to stay below the maximum password age, or the server rejects the policy. +ds-cfg-password-expiration-warning-interval: 1 seconds +ds-cfg-grace-login-count: 42 +ds-cfg-expire-passwords-without-warning: true + +# AdapterCompatibilityTests puts the accounts it hashes passwords for under this policy, so that +# it can read back what it stored. +dn: cn=Clear Text Password Policy,cn=Password Policies,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-password-policy +cn: Clear Text Password Policy +ds-cfg-java-class: org.opends.server.core.PasswordPolicyFactory +ds-cfg-password-attribute: userPassword +ds-cfg-default-password-storage-scheme: cn=Clear,cn=Password Storage Schemes,cn=config +ds-cfg-allow-pre-encoded-passwords: true + +# When a search asks for debugsearchindex, the server answers with a single made-up entry, +# cn=debugsearch, describing the indexes it used. That entry sits outside dc=example,dc=com, so +# the ACIs in admin.ldif do not reach it and it would be filtered out of the results before +# testVlvIndexSearch ever saw it. +dn: cn=Access Control Handler,cn=config +changetype: modify +add: ds-cfg-global-aci +ds-cfg-global-aci: (target = "ldap:///cn=debugsearch")(targetattr = "debugsearchindex")(version 3.0; acl "Allow Debug Search Index Admin Access"; allow(read,search) userdn = "ldap:///uid=admin,dc=example,dc=com";) + +# SunDSChangeLogSyncStrategyTests reads the change log at cn=changelog. OpenDJ serves it out of +# the replication machinery, so replication has to be configured even though there is no second +# server to replicate to. compute-change-number is what fills in the changeNumber attribute the +# strategy keys off; without it the log is only readable by cookie. +dn: cn=replication server,cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-replication-server +cn: replication server +ds-cfg-replication-port: %REPLICATION_PORT% +ds-cfg-replication-server-id: 1 +ds-cfg-compute-change-number: true + +dn: cn=example,cn=domains,cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-replication-domain +cn: example +ds-cfg-base-dn: dc=example,dc=com +ds-cfg-replication-server: localhost:%REPLICATION_PORT% +ds-cfg-server-id: 1 + +# testVlvIndexSearch checks that the server reports having used a VLV index for its search. +dn: cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-branch +cn: VLV Index + +dn: ds-cfg-name=index-uid,cn=VLV Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config +changetype: add +objectClass: top +objectClass: ds-cfg-backend-vlv-index +ds-cfg-name: index-uid +ds-cfg-base-dn: dc=example,dc=com +ds-cfg-scope: whole-subtree +# Spelled in the order the connector builds it from the default account object classes: the +# server only picks the index up for a search whose filter matches this one. +ds-cfg-filter: (&(objectClass=top)(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)) +ds-cfg-sort-order: uid diff --git a/pom.xml b/pom.xml index c81f7ea7..3b3cd0a3 100644 --- a/pom.xml +++ b/pom.xml @@ -43,6 +43,7 @@ UTF-8 all,-missing + 5.1.2-SNAPSHOT @@ -178,7 +179,7 @@ org.openidentityplatform.opendj opendj-parent - 5.1.1 + ${opendj.version} pom import