1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.operations.modify;
21  
22  
23  import javax.naming.ReferralException;
24  import javax.naming.directory.Attribute;
25  import javax.naming.directory.BasicAttribute;
26  import javax.naming.directory.DirContext;
27  import javax.naming.directory.ModificationItem;
28  import javax.naming.ldap.LdapContext;
29  
30  import org.apache.directory.server.core.integ.Level;
31  import org.apache.directory.server.core.integ.annotations.ApplyLdifs;
32  import org.apache.directory.server.core.integ.annotations.CleanupLevel;
33  import org.apache.directory.server.integ.SiRunner;
34  import static org.apache.directory.server.integ.ServerIntegrationUtils.getWiredConnection;
35  import static org.apache.directory.server.integ.ServerIntegrationUtils.getWiredContextThrowOnRefferal;
36  
37  import org.apache.directory.server.ldap.LdapService;
38  import org.apache.directory.server.operations.compare.CompareIT;
39  import org.apache.directory.shared.ldap.message.ResultCodeEnum;
40  import org.junit.Test;
41  import org.junit.runner.RunWith;
42  import org.slf4j.Logger;
43  import org.slf4j.LoggerFactory;
44  
45  import static org.junit.Assert.assertTrue;
46  import static org.junit.Assert.assertEquals;
47  
48  import netscape.ldap.LDAPAttribute;
49  import netscape.ldap.LDAPConnection;
50  import netscape.ldap.LDAPConstraints;
51  import netscape.ldap.LDAPControl;
52  import netscape.ldap.LDAPModification;
53  import netscape.ldap.LDAPResponse;
54  import netscape.ldap.LDAPResponseListener;
55  
56  
57  /** 
58   * A test taken from DIRSERVER-630: If one tries to add an attribute to an 
59   * entry, and does not provide a value, it is assumed that the server does 
60   * not modify the entry. We have a situation here using Sun ONE Directory 
61   * SDK for Java, where adding a description attribute without value to a 
62   * person entry like this,
63   * <code>
64   * dn: cn=Kate Bush,dc=example,dc=com
65   * objectclass: person
66   * objectclass: top
67   * sn: Bush
68   * cn: Kate Bush
69   * </code> 
70   * does not fail (modify call does not result in an exception). Instead, a 
71   * description attribute is created within the entry. At least the new 
72   * attribute is readable with Netscape SDK (it is not visible to most UIs, 
73   * because it is invalid ...). 
74   * 
75   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
76   * @version $Rev: $
77   */
78  @RunWith ( SiRunner.class ) 
79  @CleanupLevel ( Level.SUITE )
80  @ApplyLdifs( {
81      // Entry # 1
82      "dn: uid=akarasulu,ou=users,ou=system\n" +
83      "objectClass: uidObject\n" +
84      "objectClass: person\n" +
85      "objectClass: top\n" +
86      "uid: akarasulu\n" +
87      "cn: Alex Karasulu\n" +
88      "sn: karasulu\n\n" + 
89      // Entry # 2
90      "dn: ou=Computers,uid=akarasulu,ou=users,ou=system\n" +
91      "objectClass: organizationalUnit\n" +
92      "objectClass: top\n" +
93      "ou: computers\n" +
94      "description: Computers for Alex\n" +
95      "seeAlso: ou=Machines,uid=akarasulu,ou=users,ou=system\n\n" + 
96      // Entry # 3
97      "dn: uid=akarasuluref,ou=users,ou=system\n" +
98      "objectClass: extensibleObject\n" +
99      "objectClass: referral\n" +
100     "objectClass: top\n" +
101     "uid: akarasuluref\n" +
102     "ref: ldap://localhost:10389/uid=akarasulu,ou=users,ou=system\n" + 
103     "ref: ldap://foo:10389/uid=akarasulu,ou=users,ou=system\n" +
104     "ref: ldap://bar:10389/uid=akarasulu,ou=users,ou=system\n\n"
105     }
106 )
107 public class ModifyReferralIT 
108 {
109     private static final Logger LOG = LoggerFactory.getLogger( CompareIT.class );
110     
111     public static LdapService ldapService;
112     
113 
114     /**
115      * Tests modify operation on referral entry with the ManageDsaIT control.
116      */
117     @Test
118     public void testOnReferralWithManageDsaITControl() throws Exception
119     {
120         LDAPConnection conn = getWiredConnection( ldapService );
121         LDAPConstraints constraints = new LDAPConstraints();
122         constraints.setClientControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) );
123         constraints.setServerControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) );
124         conn.setConstraints( constraints );
125         
126         // modify success
127         LDAPAttribute attribute = new LDAPAttribute( "description", "referral to akarasulu" );
128         LDAPModification mod = new LDAPModification( LDAPModification.ADD, attribute );
129         conn.modify( "uid=akarasuluref,ou=users,ou=system", mod, constraints );
130         
131         assertTrue( conn.compare( "uid=akarasuluref,ou=users,ou=system", attribute, constraints ) );
132         
133         conn.disconnect();
134     }
135     
136     
137     /**
138      * Tests modify operation on referral entries without the 
139      * ManageDsaIT control. Referrals are sent back to the client with a
140      * non-success result code.
141      */
142     @Test
143     public void testOnReferral() throws Exception
144     {
145         LDAPConnection conn = getWiredConnection( ldapService );
146         LDAPConstraints constraints = new LDAPConstraints();
147         constraints.setReferrals( false );
148         conn.setConstraints( constraints );
149         
150         // referrals failure
151         // modify success
152         LDAPAttribute attribute = new LDAPAttribute( "description", "referral to akarasulu" );
153         LDAPModification mod = new LDAPModification( LDAPModification.ADD, attribute );
154         LDAPResponseListener listener = conn.modify( "uid=akarasuluref,ou=users,ou=system", mod, null, constraints );
155         LDAPResponse response = listener.getResponse();
156         
157         assertEquals( ResultCodeEnum.REFERRAL.getValue(), response.getResultCode() );
158 
159         assertEquals( "ldap://localhost:10389/uid=akarasulu,ou=users,ou=system", response.getReferrals()[0] );
160         assertEquals( "ldap://foo:10389/uid=akarasulu,ou=users,ou=system", response.getReferrals()[1] );
161         assertEquals( "ldap://bar:10389/uid=akarasulu,ou=users,ou=system", response.getReferrals()[2] );
162 
163         conn.disconnect();
164     }
165     
166     
167     /**
168      * Tests modify operation on normal and referral entries without the 
169      * ManageDsaIT control using JNDI instead of the Netscape API. Referrals 
170      * are sent back to the client with a non-success result code.
171      */
172     @Test
173     public void testThrowOnReferralWithJndi() throws Exception
174     {
175         LdapContext ctx = getWiredContextThrowOnRefferal( ldapService );
176         
177         // modify failure
178         Attribute attr = new BasicAttribute( "description", "referral to akarasulu" );
179         ModificationItem mod = new ModificationItem( DirContext.ADD_ATTRIBUTE, attr );
180         
181         try
182         {
183             ctx.modifyAttributes( "uid=akarasuluref,ou=users,ou=system", new ModificationItem[] { mod } );
184         }
185         catch ( ReferralException e )
186         {
187             // seems JNDI only returns the first referral URL and not all so we test for it
188             assertEquals( "ldap://localhost:10389/uid=akarasulu,ou=users,ou=system", e.getReferralInfo() );
189         }
190 
191         ctx.close();
192     }
193     
194     
195     /**
196      * Tests referral handling when an ancestor is a referral.
197      */
198     @Test 
199     public void testAncestorReferral() throws Exception
200     {
201         LOG.debug( "" );
202 
203         LDAPConnection conn = getWiredConnection( ldapService );
204         LDAPConstraints constraints = new LDAPConstraints();
205         conn.setConstraints( constraints );
206 
207         // referrals failure
208         LDAPAttribute attribute = new LDAPAttribute( "ou", "Machines" );
209         LDAPModification mod = new LDAPModification( LDAPModification.ADD, attribute );
210         LDAPResponseListener listener = null;
211         LDAPResponse response = null;
212 
213         listener = conn.modify( "ou=Computers,uid=akarasuluref,ou=users,ou=system", mod, null, constraints );
214         response = listener.getResponse();
215         assertEquals( ResultCodeEnum.REFERRAL.getValue(), response.getResultCode() );
216 
217         assertEquals( "ldap://localhost:10389/ou=Computers,uid=akarasulu,ou=users,ou=system", response.getReferrals()[0] );
218         assertEquals( "ldap://foo:10389/ou=Computers,uid=akarasulu,ou=users,ou=system", response.getReferrals()[1] );
219         assertEquals( "ldap://bar:10389/ou=Computers,uid=akarasulu,ou=users,ou=system", response.getReferrals()[2] );
220 
221         conn.disconnect();
222     }
223 }