April 11th, 2003
Original Issue Produced by: Chris Apple, AT&T Labs
This Issue Edited by: Chris Harding, The Open Group
Changes for This Version
The Change History has been separated from the Test Cases, and
these pages have been linked to a main index page which also contains
links to the test data. The page style has been changed. The paragraph
dealing with copying of BLITS has been removed, and a copyright
statement has been added, together with a statement that copying and
use is permissible under The Open Group Directory Test Suite License.
There have been no technical changes.
Changes for Version 2.5
- A new set of certificates has been created, including CRLs that
revoke the "BadCA" certificates. The description of these certificates
in section 3.3.11 has been updated.
All tests in 3.3.15 should work with these new certificates. The caveats
have been removed from the descriptions of 3.3.15.1.3.4 and 3.3.15.1.3.4,
which would not work with the previous CRLs, have been removed.
- The filter in test 3.3.2.9.2 has been changed so that the search
would be successful if it were not for the fact that the base object
does not exist (which is the point of the test).
- There have been (yet more) changes to the alias tests in 3.3.2.7.
RFC 2251 says, "derefInSearching dereference aliases in
subordinates of the base object in searching,
but not in locating the base object of the search". This implies that
- the BLITS 2.3 version of 3.3.2.7.4 is wrong because the Jonathan Adams
entry does not match the "cn=Jonny*" filter
- but the BlITS 2.4 version of 3.3.2.7.4 is also wrong because it
expects the dereferencing to be done in locating the base object
(in a base search, the question of finding subordinates of
the base object does not arise)
- what 3.3.2.7.4 should do is a derefInSearching single-level search
with base "Europe" and filter "telephonenumber=*",
expecting the Jonathan Adams entry to be returned.
3.3.2.7.6 is similar to 3.3.2.7.4 but expects that the entry in question
will not be returned for a derefFindingBaseObj as opposed to a
derefInSearching search. What probably happened was that,
when 3.3.2.7.4 was changed, 3.3.2.7.6 was derived by taking the new 3.3.2.7.4,
changing the type of search, and reversing the outcome.
Based on this rationale, the following changes have been made for version 2.5.
- Test 3.3.2.7.2 does a neverDerefAliases
single-level search with base "Europe" and filter
"telephonenumber=*", expecting no entry to be returned.
- Test 3.3.2.7.6 does a derefFindingBaseObj single-level search with base
"Europe" and filter "telephonenumber=*", expecting
no entry to be returned.
- Test 3.3.2.7.8 does a derefAlways
single-level search with base "Europe" and filter
"telephonenumber=*", expecting the Jonathan Adams entry
to be returned.
- "base" is changed to "leaf" in the
"Purpose" section
of 3.3.2.7.8.
- The Pablo Picasso entry in the X.500 naming LDIF file for basic
tests has been corrected: "ou=IMC" has been changed to
"o=IMC".
- The employeenumber attribute was used for searches with numeric
comparisons and for sorting, but this attribute does not have an
ORDERING matching rule. All uses of this attribute have therefore
been replaced by uses the dnqualifier attribute. In the LDIF files,
a dnqualifier attribute has been added to each entry that had an
employeenumber attribute, with the same value as the
employeenumber attribute. (The employeenumber attributes have been
retained.)
Changes for Version 2.4
- A new section 4 has been added for application-specific tests, with section
3 renamed as "General Tests". This has involved some reorganization
of the table of contents. However, the section numbers of all existing tests
have been kept unchanged.
- The tests in 3.3.11 have been modified to use just the "CATS"
certificates. Sets of these certificates have been provided.
- The descriptions of the tests in 3.3.15 (Transport Security) have been
updated. (These tests also use the "CATS" certificates.)
- A new section 3.3.16 has been added for server location.
- Referrals tests have been added in section 3.3.14.
- The descriptions of the tests in 3.3.12.5 (Language Tags) have been updated
to reflect the fact that the language tags draft became an RFC. A correction
was made to test 3.3.12.5.6.
- The tests in 3.3.2.7 (Alias Dereferencing) have been changed. (There was
input from Annette Suendermann, Russ Ennis, Ludovic Poitou, Jim Sermersheim,
Steve Trottier, and Kurt Zeilenga. But if it's wrong it's the author's fault.)
- The descriptions of tests 3.3.2.9.2-4 have been clarified (following input
from Christopher Oliva and Vincent Ryan).
- Tests implying an equality matching rule for facsimileTelephoneNumber have
been changed, following input from Annette Suendermann and Kurt Zeilenga,
since facsimileTelephoneNumber does not in fact have an equality matching
rule. Attribute internationaliSDNNumber (which has a matching rule) has been
used instead. This affects tests 3.3.2.2.3.3, 3.3.2.2.9.1, 3.3.3.2.4.2, and
3.3.7.3.1.
- Test 3.3.1.3.1 has been changed in the light of the following input from
Annette Suendermann: The entry used in this test case is "cn=Paul Cezanne,ou= ...". It holds
a surname attribute with 1 value, sn=Cezanne, and surname is a multivalued attribute. So
adding a second non-existent value, sn=Thatcher, must succeed. To invoke the attributeOrValueExists error, we must attempt to add an already
present value, that is sn=Cezanne.
- Following input from Beth Keach, dc-naming DNs in section 3.3.1
(bind/unbind) have been corrected by inserting a missing "dc=Relative,
".
Changes for Version 2.3
- The tests in section 3.3.11 (Certificate Storage, Retrieval,
and Comparison) have been modified to
allow use of certificates generated by different products.
- New tests added to section 3.3.11 to
cover CA Certificates and CRLs generated by different products.
- Tests 3.3.15.1.3/3.3.15.2.3 (Bind with Valid Certificate over TLS)
and 3.3.15.1.5/3.3.15.2.5 (Bind with Revoked Certificate over TLS)
have been modified to use certificates generated by different products.
(These tests could not previously be used as there were
no certificates for them.) Additional tests have been added to
cover the case where client and server trust certificates issued
by different CAs. The tests in section 3.3.15.1 and 3.3.15.2 have
been re-numbered to allow for the additional tests.
These tests and the additional tests described in the two bullets above
use the "New Certificate Tests" LDIF files.
- In test 3.3.1.4.3 (Bind with invalid DN Syntax), the requirement
to check that result code 34 (invalidDNSyntax) is returned has been
removed, since this is not an allowed BindResult according to the RFCs. Discussions in the IETF may change this; meanwhile, the test
must be aligned with the published standard.
- Test 3.3.1.4.4 (Bind with inappropriate authentication) has
been changed because the result returned in the test should arguably
be invalidCredentials rather than inappropriateAuthentication. To
enable the new test to be carried out, the access
control arrangements
for the Directory Manager user have been altered. Further discussion
looks to be needed, however, on this test, and also on test 3.3.1.4.2.
- Note that, although there have been questions on the Alias Dereferencing
tests (3.3.2.7), the resolution of this complex area seems insufficiently clear
at this point to make changes to these tests.
Changes for Version 2.2
- Certificate tests added in section 3.3.11.
An LDIF addendum file has been created for the certificates tests, which do not use
any of the previous test data. The new entries are in three new subtrees of
the DIT: Certificates, CertificateAdd and CertificateModify.
The previous entries are left undisturbed.
The CertificateAdd and CertificateModify subtrees are structured in a similar way to
the Add and Modify subtrees to allow up to 20 vendors, each with up to 10 clients,
to participate in the tests.
Changes for version 2.1 Draft 2
Edited by Ludovic Poitou, Sun Microsystems Inc.
- Tests 3.3.1.3.x and 3.3.1.4.x: Added DN with dc-naming form.
- Test 3.3.1.4.2 (Bind With Missing Password) Fixed DN "cn=Paul Cezanne,
ou=Americas, ou=Search, o=IMC, c=US" (ou=Americas was missing).
- Test 3.3.2.3 (Search for Entry with Multi-Valued RDN) Definition of the
entry was missing. The test is a base search.
The LDIF files have been updated to include the entry for Test 3.3.2.3 (Search
for Entry with Multi-Valued RDN).
Changes for version 2.1 Draft 0
Edited by Ludovic Poitou, Sun Microsystems Inc.
- Test 3.3.1.3.1 (Bind With Simple Password) bind with "cn=Paul Cezanne,
ou=Americas, ou=Search, o=IMC, c=US" password "Paul0005"
- Test 3.3.1.4.1 (Bind with Incorrect Credentials) Correction in user's DN :
"cn=Paul Cezanne, ou=Americas, ou=Search, o=IMC, c=US"
- Test 3.3.2.1.4 (Less-Than-Or-Equal-To Matching) updated list of entries
expected to be returned (5).
- Test 3.3.2.2.1.4 (Substring OR Approximate) Change the approximate part of
the filter to (cn~=body). Body is approximately closer to Bette and
Buddy than the old value (doh).
- Test 3.3.2.2.3.1 ((Substring OR Substring) AND (Presence AND Presence))
Corrected Merry Aboods name (was Marry).
- Test 3.3.2.2.3.2 ((Approximate AND Substring) OR (Approximate AND Substring)) changed approximate filter
(cn~=doh) to (cn=~body) as in
3.3.2.2.1.4. Corrected other part of the filter (homephonenumber was used but not present in any entry).
- Test 3.3.2.7.5 (Dereference Finding Base Object - Aliased Base Object)
and Test 3.3.2.7.7 (Always Dereference - Aliased Base Object) are returning 2
entries when success (2 Margaret Thatcher).
- Test 3.3.2.9.7 (invalidDNSyntax for Base-Level Search) base DN has been
modified so it is now invalid (no closing quote).
- Test 3.3.3.3.3 (Delete Attribute Using Modify-Replace) the attribute
givenname is used instead of uid which is not present in the entry.
- New tests 3.3.13.xxx for Schema related tests.
- Updated references to the RFC 2251, 2252, 2253, 2256.
The LDIF files have been edited to remove all "ou=New Subtree" entries from the
ModifyDN subtree.
Changes for version 2.0
Edited by Chris Harding, the Open Group
- Test 3.3.1.3 (Bind With Correct Credentials) is re-numbered and re-named as
3.3.1.3.1 - Bind With Simple Password.
- New tests 3.3.1.3.2 and 3.3.1.4.6 have been added for CRAM-MD5.
- New tests have been added in Section 3.3.12 (which was previously empty)
for Paged Results, Server-Side Sorting,
Feature Interactions with Paged and Sorted Results,
Scrolling View Browsing of Search Results and
Language Tags.
- A new section 3.3.15 has been added for tests of Transport Security.
An LDIF addendum file has been created for the extensions tests, which do not use
any of the previous test data. The new entries are in four new subtrees of
the DIT: ExtendedSearch, ExtendedAdd, ExtendedModify
and Security. The previous entries are left undisturbed. The ExtendedSearch
subtree contains subtrees "Corporate" and "Languages".
The ExtendedAdd and ExtendedModify subtrees are structured in a similar way to
the Add and Modify subtrees to allow up to 20 vendors, each with up to 10 clients,
to participate in the tests.
|