Test Assertions for VSLDAP


The distribution and review of this document is limited to The Open Group,technical advisors to the Directory Interoperability Forum and licensees of VSLDAP.

This document is copyright of The Open Group, 2001-2007. All rights reserved.

The Open Group
Thames Tower
37-45 Station Road
Reading, UK, RG1 1LX
Tel: +44 118 950 3051
Fax: +44 118 9500110

http://www.opengroup.org



Table of Contents

1 Document History
2 Definitions and Abbreviations
3 Introduction
4 Test Suite Version

5 RFC2251

5.1 BER
5.2 ABANDON
5.3 ADD
5.4 BIND
5.5 COMMON_ELEMENTS
5.6 COMPARE
5.7 DATA_MODEL
5.8 DELETE
5.9 DISCONNECTION
5.10 EXTENDED
5.11 IMPLEMENTATION
5.12 MODIFY
5.13 MODIFYDN
5.14 PROTOCOL
5.15 SEARCH
5.16 SERVER-SPECIFIC
5.17 SPECIFIC
5.18 UNBIND
6 RFC2252
6.1 MATCHINGRULES
6.2 OPERATIONAL
6.3 STANDARD
6.4 SYNTAXES
6.5 TYPE
7 RFC2253
7.1 CONVERSION
7.2 PARSING
7.3 RELATIONSHIP
8 RFC2254
8.1 FILTER
9 RFC2255
9.1 DEFINITION
10 RFC2256
10.1 ATTRIBUTETYPES
10.2 OBJECTCLASSES


1 Document History

Issue Date Author Comments
0.0 22 May 2000 A. Thackrah 1st Draft (review by 05-Jun-2000)
0.1 01 Aug 2000 A. Thackrah Incorporates changes resulting from external review.
1.0 19 Oct 2000 A. Thackrah Editorial changes and some re-classifcations during beta testing.
1.1+ 25 Jun 2001 A. Thackrah Automatic updates for each test suite release (see Test Suite Version)
2.0 10 Jun 2003 A. Thackrah Profile information added

2 Definitions and Abbreviations

BLITS - Basic LDAP Interoperability Test Suite
IETF - Internet Engineering Task Force
LDAP - Lightweight Directory Access Protocol
RFC - Request For Comments document

3 Introduction

This is the test specification for the VSLDAP test suite, defining the functional coverage. VSLDAP is a test suite provided by The Open Group in support of the Open Brand for LDAP. For more details see The Open Group web site . This document lists assertions derived from RFC2251 to RFC2256 inclusive

The standard practice followed by The Open Group when creating a test suite is to define a list of assertions from the standards that the test suite covers. An assertion is included in the list for each statement in a standard that places a requirement on an implementation. "MUST" statements in RFCs are obvious examples of this. However, there are often implied MUSTs in RFC that are not explicitly stated as such. For example, an RFC may say that an implementation "does", or "will do", something or other. Even though the word "MUST" is not used, the requirement on the implementation is clear.

Organisation.
Assertions are grouped by subject matter with a relevant section heading. e.g. all assertions derived from the specification of the search operation are in the "Search" section.

Each assertion is presented as follows:

ID: A unique identifying name for the assertion. This is a dotted-decimal of the form w.x.y.z.
w indicates the document from which the assertion is derived, x.y denotes the relevant section and sub-section of document w, and z is the number of the assertion within that section.
If the document has no relevevant subsection, y = 0

Documents: (w)
RFC2251 : 1
RFC2251 : 2
RFC2253 : 3
RFC2254 : 4
RFC2255 : 5
RFC2256 : 6
RFC2459 : 7
SSLv3 : 8

Some document IDs have been specified for future use. Identification of a document does not necessarily imply conformance requirements at present.

Class: The test class A, B, C or D based on the ISO 1003.3 definition:
A : Mandatory, testable assertion
B : Mandatory, untestable assertion
C : Optional, testable assertion
D : Optional, untestable assertion

Profile: The name of the product standard profile that this test belongs to (or NONE if None apply)

Text: The text of the assertion

Ref: Optional reference if the ID is not sufficient. "Document_name#section.number" is the usual format.

Strategy: Optional notes on implementation of the assertion as a test. This could simply be a reference to an existing test strategy such as a BLITS test. These notes are purely informative and do not constitute a committment to implement a particular testing strategy.

4 Test Suite Version

This version of the specification defines coverage for version 2.3-GA of the VSLDAP test suite.

Profile Coverage

This document lists tests for the following LDAP Certified profiles: BASE


 

5 RFC2251


 

5.1 BER

ID: 1.5.1.1
Class:B
Profile:BASE
Text: When a server generates BER encodings other than in ASN.1 types encapsulated inside of OCTET STRING values then only the definite form of length encoding is used.
Ref: rfc2251#5.1
Strategy:

ID: 1.5.1.2
Class:B
Profile:BASE
Text: When a server generates BER encodings other than in ASN.1 types encapsulated inside of OCTET STRING values then OCTET STRING values are encoded in the primitive form only.
Ref: rfc2251#5.1
Strategy:

ID: 1.5.1.3
Class:B
Profile:BASE
Text: When a server generates BER encodings other than in ASN.1 types encapsulated inside of OCTET STRING values and the value of a BOOLEAN type is true then the encoding has its contents octets set to hex "FF"
Ref: rfc2251#5.1
Strategy:

ID: 1.5.1.4
Class:B
Profile:BASE
Text: When a server generates BER encodings other than in ASN.1 types encapsulated inside of OCTET STRING values and a value of a type is its default value then it is absent.
Ref: rfc2251#5.1
Strategy:


 

5.2 ABANDON

ID: 1.4.11.1
Class:B
Profile:BASE
Text: When a server receives an abandon request and the operation whose message ID is specified in the request is that of an operation which was requested earlier in connection and which is still in progress then the server will abandon that operation.
Ref: rfc2251#4.11
Strategy: can not portably test assertions which rely on operation processing time.

ID: 1.4.11.2
Class:B
Profile:BASE
Text: When a server receives an abandon request for a search operation and is in the midst of transmitting responses to the search then it ceases transmitting those responses immediately and does not send the SearchResponseDone message.
Ref: rfc2251#4.11
Strategy: Can not test for the non-receipt of a response.

ID: 1.4.11.3
Class:A
Profile:BASE
Text: When a server receives an abandon request with a message ID that it does not recognise then it discards the request.
Ref: rfc2251#4.11
Strategy:

ID: 1.4.11.4
Class:A
Profile:BASE
Text: When a server receives an abandon request for an operation that cannot be abandoned then it discards the request.
Ref: rfc2251#4.11
Strategy:

ID: 1.4.11.5
Class:A
Profile:BASE
Text: When a server receives an abandon request for an operation that has already been abandoned then it discards the request.
Ref: rfc2251#4.11
Strategy:


 

5.3 ADD

ID: 1.4.7.1
Class:A
Profile:BASE
Text: When a server receives an add request then it will take the distinguished name of the entry to be added from the entry field of the request.
Ref: rfc2251#4.7
Strategy: BLITS 3.3.4.1

ID: 1.4.7.3
Class:A
Profile:BASE
Text: When a server receives an add request then it will take the content of the entry being added from the attributes field of the request.
Ref: rfc2251#4.7
Strategy: BLITS 3.3.4.1 modified to add Marge Vader instead of Austin Powers.

ID: 1.4.7.4
Class:A
Profile:BASE
Text: When a server receives an add request and the entry named in the entry field already exists then the request will not succeed and the server will return a result code of `entryAlreadyExists'.
Ref: rfc2251#4.7
Strategy: BLITS 3.3.4.2.3

ID: 1.4.7.5
Class:A
Profile:BASE
Text: When a server receives an add request and the parent of the entry to be added does not exist then the request will not succeed.
Ref: rfc2251#4.7
Strategy: BLITS 3.3.4.2.1

ID: 1.4.7.6
Class:A
Profile:BASE
Text: When a server receives an add request and the parent of the entry to be added does not exist then the server will return an AddResponse message with the resultCode `noSuchObject' and the name of the grandparent in the MatchedDN.
Ref: rfc2251#4.7
Strategy: BLITS 3.3.4.2.1 (based on) PROCEDURE: Attempt to add entry to ficticious branch INPUT: add:entry = "cn=Frank Skywalker, ou=Dantooine" EXPECTED: resultCode noSuchObject, superior = ou=ClientX, ou=VendorY, ou=Add, o=IMC, c=US

ID: 1.4.7.7
Class:A
Profile:BASE
Text: When a server receives an add request in which one or more mandatory values of the objectclass type have not been specified then the operation will fail and the server will return a result code of `objectClassViolation'.
Ref: rfc2251#4.7
Strategy: BLITS 3.3.4.2.4


 

5.4 BIND

ID: 1.4.2.2
Class:A
Profile:BASE
Text: When a server receives a bind request in which the name is a zero length string and the password is a zero-length string and when authentication has not been performed at a lower layer and when SASL credentials with a mechanism that includes the LDAPDN in the credentials are not in use then the server will bind the client anonymously.
Ref: rfc2251#4.2
Strategy:

ID: 1.4.2.3
Class:A
Profile:BASE
Text: When a server receives a bind request in which the name is not a zero length string and the authentication field is not empty then the server will authenticate the requesting client.
Ref: rfc2251#4.2
Strategy: BLITS 3.3.1.3.1

ID: 1.4.2.4
Class:A
Profile:BASE
Text: When a server receives a bind request in which the name is not a zero length string and the authentication field is empty then the server will not authenticate the requesting client.
Ref: rfc2251#4.2
Strategy: BLITS 3.3.1.4.4 (modified).

ID: 1.4.2.5
Class:A
Profile:BASE
Text: When a server receives a bind request in which the name is not a zero length string and the authentication field is invalid then the server will return a result with code `invalidCredentials'
Ref: rfc2251#4.2
Strategy: BLITS 3.3.1.4.1

ID: 1.4.2.9
Class:A
Profile:BASE
Text: When a server receives LDAP requests other than bind requests from a client that has not yet bound and the server is not configured to require the client to bind before browsing or modifying the directory then the server will process those requests as unauthenticated operations.
Ref: rfc2251#4.2
Strategy:

ID: 1.4.2.11
Class:A
Profile:BASE
Text: When a server receives a bind request from a client that has already bound then it will ignore authentication from earlier binds.
Ref: rfc2251#4.2
Strategy:

ID: 1.4.2.14
Class:A
Profile:BASE
Text: When a server returns a bind response after a successful bind then the ResultCode will be `success'
Ref: rfc2251#4.2.3
Strategy: BLITS 3.3.1.1

ID: 1.4.2.16
Class:A
Profile:BASE
Text: When a server returns a bind response after a bind in which an unrecognised version number was supplied then the ResultCode will be `protocolError'.
Ref: rfc2251#4.2.3
Strategy: BLITS 3.3.1.4.5

ID: 1.4.2.24
Class:A
Profile:BASE
Text: The server accepts SSL-based connections on port 636.
Ref: LDAP Certified Product Standard.
Strategy:

ID: 1.4.2.26
Class:A
Profile:BASE
Text: When a server receives a bind request in which the authentication field contains a simple AuthenticationChoice then the server's response will not include a serverSaslCreds field.
Ref: rfc2251#4.2.3
Strategy:

ID: 1.4.2.28
Class:A
Profile:BASE
Text: When a server receives a simple bind request over an SSL connnection in which the password is of zero length then the server treats the client as being anonymously authenticated.
Ref: rfc2251#4.2
Strategy:

ID: 1.4.2.30
Class:A
Profile:BASE
Text: When a server receives a simple bind request over an SSL connnection and the content of the request authentication field is a password then the server authenticates the client by that password.
Ref: rfc2251#4.2
Strategy:


 

5.5 COMMON_ELEMENTS

ID: 1.4.1.1
Class:A
Profile:BASE
Text: When a server issues an LDAP protocol message the message is encapsulated in an LDAPMessage envelope.
Ref: rfc2251#4.1.1
Strategy: Implicitly tested by all VSLDAP tests using LDAP SDK - included here for completeness EXPECTED: LDAPResult object has the expected resultCode = `success'

ID: 1.4.1.2
Class:B
Profile:BASE
Text: When a server receives a PDU from a client in which the LDAPMessage SEQUENCE tag cannot be recognised then the server returns a notice of disconnection with resultCode `protocolError' and immediately closes the connection.
Ref: rfc2251#4.1.1
Strategy: Untestable - can not modify PDU

ID: 1.4.1.3
Class:B
Profile:BASE
Text: When a server receives a PDU from a client in which the messageID cannot be parsed then the server returns a notice of disconnection with resultCode `protocolError' and immediately closes the connection.
Ref: rfc2251#4.1.1
Strategy: Untestable - can not modify PDU

ID: 1.4.1.4
Class:B
Profile:BASE
Text: When a server receives a PDU from a client in which the tag of the protocolOp is not recognised as a request then the server returns a notice of disconnection with resultCode protocolError and immediately closes the connection.
Ref: rfc2251#4.1.1
Strategy: Untestable - can not modify PDU

ID: 1.4.1.5
Class:B
Profile:BASE
Text: When a server receives a PDU from a client in which the encoding structures are found to be incorrect then the server returns a notice of disconnection with resultCode `protocolError' and immediately closes the connection.
Ref: rfc2251#4.1.1
Strategy: Untestable - can not modify PDU

ID: 1.4.1.6
Class:B
Profile:BASE
Text: When a server receives a PDU from a client in which the lengths of data fields are found to be incorrect then the server returns a notice of disconnection with resultCode `protocolError' and immediately closes the connection.
Ref: rfc2251#4.1.1
Strategy: Untestable - can not modify PDU

ID: 1.4.1.7
Class:B
Profile:BASE
Text: When a server receives a PDU from the client in which the LDAPMessage SEQUENCE tag can be recognized, the messageID can be parsed, the tag of the protocolOp is recognized as a request, and the encoding structures lengths of data fields are correct, but the server cannot parse the request, the server returns an appropriate response to the request, with the resultCode set to `protocolError'.
Ref: rfc2251#4.1.1
Strategy: Untestable - can not modify PDU

ID: 1.4.1.8
Class:A
Profile:BASE
Text: When a server generates an LDAPMessage envelope encapsulating a response the envelope contains the message ID value of the corresponding request LDAPMessage.
Ref: rfc2251#4.1.1.1
Strategy:

ID: 1.4.1.9
Class:B
Profile:BASE
Text: When a server returns the value of an attributeType that value is the textual string associated with the attributeType in its specification.
Ref: rfc2251#4.1.4
Strategy: Information not accessible

ID: 1.4.1.10
Class:A
Profile:BASE
Text: When a server receives a search request and it has a textual name for an attribute type then it uses the textual name for attributes returned in search results.
Ref: rfc2251#4.1.4
Strategy:

ID: 1.4.1.11
Class:B
Profile:BASE
Text: When a server receives an attributeDescription with one or more options then the server treats it as a subtype of the attribute type without any options.
Ref: rfc2251#4.1.5
Strategy: Only one option defined for LDAPv3

ID: 1.4.1.12
Class:B
Profile:BASE
Text: When a server receives an attributeDescription with one or more options then the server does not treat the options as mutually exclusive.
Ref: rfc2251#4.1.5
Strategy: Only one option defined for LDAPv3

ID: 1.4.1.13
Class:B
Profile:BASE
Text: When a response message contains an attribute description with more than one option, the options are in ascending order.
Ref: rfc2251#4.1.5
Strategy: Only one option defined for LDAPv3

ID: 1.4.1.14
Class:B
Profile:BASE
Text: A server treats any two attributeDescriptions with the same attribute type and options as equivalent.
Ref: rfc2251#4.1.5
Strategy: Only one option defined for LDAPv3

ID: 1.4.1.15
Class:A
Profile:BASE
Text: A server treats an attributeDescription with any options that it does not implement as an unrecognised attribute type
Ref: rfc2251#4.1.5
Strategy: BLITS 3.3.2.5

ID: 1.4.1.16
Class:B
Profile:BASE
Text: When a server receives an attributeDescription with the "binary" option present then it transfers the attribute as a binary value encoded using the Basic Encoding Rules.
Ref: rfc2251#4.1.5.1
Strategy: Not portably testable

ID: 1.4.1.17
Class:B
Profile:BASE
Text: When a server receives a request to return an attribute in the binary format and the server cannot generate that format then the server treats the attribute type as an unrecognised attribute type.
Ref: rfc2251#4.1.5.1
Strategy: Binary encoding policy of server is not portably testable.

ID: 1.4.1.18
Class:B
Profile:BASE
Text: When a server receives a field of type AttributeValue and the "binary" option is present in the companion attribute description then the server treats the field as an OCTET STRING containing an encoded binary value
Ref: rfc2251#4.1.6
Strategy: Not portably testable

ID: 1.4.1.19
Class:B
Profile:BASE
Text: When a server receives a field of type AttributeValue and the "binary" option is not present in the companion attribute description then the server treats the field as containing a string encoding of an AttributeValue data type.
Ref: rfc2251#4.1.5.6
Strategy: Binary encoding policy of server is not portably testable.

ID: 1.4.1.20
Class:B
Profile:BASE
Text: When a server receives an AttributeValueAssertion with an attributeDesc in which the "binary" option is present then it treats the assertionValue as a binary encoding of the assertion value. AttributeValue data type.
Ref: rfc2251#4.1.5.7
Strategy: Not portably testable

ID: 1.4.1.21
Class:A
Profile:BASE
Text: An attribute has at least one value when stored.
Ref: rfc2251#4.1.8
Strategy:

ID: 1.4.1.22
Class:A
Profile:BASE
Text: When a server generates an attribute the attribute values are all distinct.
Ref: rfc2251#4.1.8
Strategy:

ID: 1.4.1.24
Class:B
Profile:BASE
Text: When a server generates an LDAPResult message the errorMessage field contains either a string containing a human-readable diagnostic or a zero length string .
Ref: rfc2251#4.1.10
Strategy: Human-readable imples manual testing - outside scope of this test suite.

ID: 1.4.1.25
Class:A
Profile:BASE
Text: When a server returns a result code of `noSuchObject' and no aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be a truncated form of the name provided
Ref: rfc2251#4.1.10
Strategy:

ID: 1.4.1.26
Class:B
Profile:BASE
Text: When a server returns a result code of `noSuchObject' and aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be the resulting name as defined in X.511.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate noSuchObject error.

ID: 1.4.1.27
Class:B
Profile:BASE
Text: When a server returns a result code of `aliasProblem' and no aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be a truncated form of the name provided.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate aliasProblem error.

ID: 1.4.1.28
Class:B
Profile:BASE
Text: When a server returns a result code of `aliasProblem' and aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be the resulting name as defined in X.511.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate aliasProblem error.

ID: 1.4.1.29
Class:B
Profile:BASE
Text: When a server returns a result code of `invalidDNSyntax' and no aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be a truncated form of the name provided.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate invalidDNSntax error.

ID: 1.4.1.30
Class:B
Profile:BASE
Text: When a server returns a result code of invalidDNSyntax and aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be the resulting name as defined in X.511.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate invalidDNSntax error.

ID: 1.4.1.31
Class:B
Profile:BASE
Text: When a server returns a result code of aliasDereferencingProblem and no aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be a truncated form of the name provided.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate aliasDereferencingProblem error.

ID: 1.4.1.32
Class:B
Profile:BASE
Text: When a server returns a result code of aliasDereferencingProblem and aliases were dereferenced while attempting to locate the entry the matchedDN field is set to the name of the lowest entry (object or alias) in the Directory that was matched, which will be the resulting name as defined in X.511.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate aliasDereferencingProblem error.

ID: 1.4.1.33
Class:B
Profile:BASE
Text: When a server returns a result code other than noSuchObject, aliasProblem, invalidDNSyntax and aliasDereferencingProblem, the matchedDN field is set to a zero length string.
Ref: rfc2251#4.1.10
Strategy: Can't force server to generate arbitrary error.

ID: 1.4.1.35
Class:A
Profile:BASE
Text: When a server returns a result code other than referral then the message does not include a referral field.
Ref: rfc2251#4.1.11
Strategy:

ID: 1.4.1.37
Class:B
Profile:BASE
Text: When a singleLevel search request is made in which the search scope spans multiple naming contexts and several different servers would need to be contacted to complete the search then a referral is not returned.
Ref: rfc2251#4.1.11
Strategy: Outside the scope of the product standard

ID: 1.4.1.38
Class:B
Profile:BASE
Text: When a wholeSubtree search request is made in which the search scope spans multiple naming contexts and several different servers would need to be contacted to complete the search then a referral is not returned.
Ref: rfc2251#4.1.11
Strategy: Outside the scope of the product standard

ID: 1.4.1.46
Class:B
Profile:BASE
Text: A server can handle arbitrary contents of the controlValue octet string, including zero bytes.
Ref: rfc2251#4.1.12
Strategy: Can not test arbitray values (exhaustive).


 

5.6 COMPARE

ID: 1.4.10.1
Class:A
Profile:BASE
Text: If the result of a comparison operation is False, then the server returns a Compare response with result code `compareFalse'.
Ref: rfc2251#4.10
Strategy: BLITS 3.3.7.1

ID: 1.4.10.2
Class:A
Profile:BASE
Text: If the result of a comparison operation is True, then the server returns a Compare response with result code `compareTrue'.
Ref: rfc2251#4.10
Strategy: BLITS 3.3.7.2

ID: 1.4.10.3
Class:A
Profile:BASE
Text: When a server receives a compare request that includes a purported AttributeValueAssertion not present in an entry then the operation fails and a compare response is returned with result code `noSuchAttribute'.
Ref: rfc2251#4.10
Strategy: BLITS 3.3.7.3.1

ID: 1.4.10.4
Class:A
Profile:BASE
Text: When a server receives a compare request that includes a specification of a non-existant object then the operation fails and a compare response is returned with resultCode `noSuchObject'.
Ref: rfc2251#4.10
Strategy: BLITS 3.3.7.3.2


 

5.7 DATA_MODEL

ID: 1.3.2.1
Class:B
Profile:BASE
Text: Every entry has an objectClass attribute
Ref: rfc2251#3.2.1
Strategy: `Every' statements require exhaustive testing

ID: 1.3.2.2
Class:A
Profile:BASE
Text: The objectClass attribute of an entry specifies the entry's permitted attributes.
Ref: rfc2251#3.2.1
Strategy:

ID: 1.3.2.3
Class:A
Profile:BASE
Text: The objectClass attribute of an entry can not be removed.
Ref: rfc2251#3.2.1
Strategy:

ID: 1.3.2.4
Class:A
Profile:BASE
Text: When an entry is created all superclasses of the named classes are implicitly added as well if not already present.
Ref: rfc2251#3.2.1
Strategy:

ID: 1.3.2.14
Class:B
Profile:BASE
Text: Every subschema entry includes a cn attribute that is used to form its RDN.
Ref: rfc2251#3.2.2
Strategy: Exhaustive testing required.

ID: 1.3.2.15
Class:B
Profile:BASE
Text: Every subschema entry includes an objectClass attribute that has at least the values "top" and "subschema".
Ref: rfc2251#3.2.2
Strategy: Exhaustive testing required.

ID: 1.3.2.16
Class:B
Profile:BASE
Text: Every subschema entry includes an objectClasses attribute, each value of which specifies an object class known to the server.
Ref: rfc2251#3.2.2
Strategy: Exhaustive testing required.

ID: 1.3.2.17
Class:B
Profile:BASE
Text: Every subschema entry includes an attributeTypes attribute, each value of which specifies an attribute type known to the server.
Ref: rfc2251#3.2.2
Strategy: Exhaustive testing required.


 

5.8 DELETE

ID: 1.4.8.1
Class:A
Profile:BASE
Text: When a server receives a delete request then it will attempt to delete the entry whose distinguished name is contained in the request.
Ref: rfc2251#4.8
Strategy: BLITS 3.3.5.1

ID: 1.4.8.3
Class:A
Profile:BASE
Text: When a server receives a delete request that requests deletion of an entry that has subordinate entries then the request will fail.
Ref: rfc2251#4.8
Strategy: BLITS 3.3.5.2.3

ID: 1.4.8.4
Class:A
Profile:BASE
Text: When a server receives a delete request then it will return the result in a delete response.
Ref: rfc2251#4.8
Strategy: BLITS 3.3.5.2.1 (also allows #34 invalidDNSyntax)


 

5.9 DISCONNECTION

ID: 1.4.4.1
Class:B
Profile:BASE
Text: An unsolicited notification is sent by the server in the form of an LDAPMessage.
Ref: rfc2251#4.4
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.2
Class:B
Profile:BASE
Text: The MessageID field in the LDAPMessage object sent by an unsolicited notification has the value zero.
Ref: rfc2251#4.4
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.3
Class:B
Profile:BASE
Text: The protocolOp of an unsolicited notification is of the extendedResp form.
Ref: rfc2251#4.4.0
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.4
Class:B
Profile:BASE
Text: The responseName field of an unsolicited ExtendedResponse is present and has the value 1.3.6.1.4.1.1466.20036
Ref: rfc2251#4.4.1
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.5
Class:B
Profile:BASE
Text: The response filed of an unsolicited ExtendedResponse is absent.
Ref: rfc2251#4.4.1
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.6
Class:B
Profile:BASE
Text: If the server has received data from the client in which the LDAPMessage structure could not be parsed, then the server sends a notice of disconnection in which the resultCode field has the value `protocolError'.
Ref: rfc2251#4.4.1
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.7
Class:B
Profile:BASE
Text: If the server has detected that an established underlying security association protecting communication between the client and server has unexpectedly failed or been compromised then the server sends a notice of disconnection in which the resultCode field has the value `strongAuthRequired'.
Ref: rfc2251#4.4.1
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.8
Class:B
Profile:BASE
Text: If the server returns a notification of disconnection with the resultCode field set to the value of `unavailable' then the server will not accept new connections for an extended period of time.
Ref: rfc2251#4.4.1
Strategy: Can not portably generate an unsolicited notification. Also, `extended period of time' not rigorously defined.

ID: 1.4.4.9
Class:B
Profile:BASE
Text: If the server returns a notice of disconnection with the resultCode field set to the value of `unavailable' then the server will not accept any new operation requests on existing connections for an extended period of time.
Ref: rfc2251#4.4
Strategy: Can not portably generate an unsolicited notification. Also `extended period of time' not rigorously defined.

ID: 1.4.4.10
Class:B
Profile:BASE
Text: The LDAPOID value of the LDAPMessage sent by a server as an unsolicited notification is unique for that notification and is not used in any other situation.
Ref: rfc2251#4.4.0
Strategy: Can not portably generate an unsolicited notification

ID: 1.4.4.11
Class:B
Profile:BASE
Text: When a server sends a notice of disconnection then it will immediately afterwards close the connection.
Ref: rfc2251#4.4.0
Strategy: Can not portably generate an unsolicited notification


 

5.10 EXTENDED


 

5.11 IMPLEMENTATION


 

5.12 MODIFY

ID: 1.4.6.2
Class:A
Profile:BASE
Text: When a server receives a modify request then it performs the modifications requested in the modification field of the request in the order that they are listed as a single atomic operation.
Ref: rfc2251#4.6
Strategy:

ID: 1.4.6.3
Class:A
Profile:BASE
Text: When a server receives a modify request that includes an add modification for an attribute that exists then it will add the listed values to the attribute.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.1.2

ID: 1.4.6.4
Class:A
Profile:BASE
Text: When a server receives a modify request that includes an add modification for an attribute that does not exist then it will create the attribute and add the listed values to it.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.1.1

ID: 1.4.6.5
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a delete modification that does not list any values then it will remove the entire attribute.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.2.3 - modified to test that attribute has been removed.

ID: 1.4.6.6
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a delete modification that lists some values but not all current values of the attribute then it will delete those values from the attribute.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.2.1

ID: 1.4.6.7
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a delete modification that lists all current values of an attribute then it will remove the entire attribute.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.2.3 modified to test for the removal of the attribute.

ID: 1.4.6.8
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a replace modification with values for an attribute that exists then it will replace all current values of that attribute with the new values.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.3.2 (modified)

ID: 1.4.6.9
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a replace modification with values for an attribute that does not exist then it will create a new attribute with those values.
Ref: rfc2251#4.6
Strategy:

ID: 1.4.6.10
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a replace modification with no values for an attribute that exists then it will delete the entire attribute.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.3.3

ID: 1.4.6.12
Class:A
Profile:BASE
Text: When a server receives a modify request and does not complete the DIT modification successfully then it returns a modify response indicating the reason that the modification failed
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.1.3.1

ID: 1.4.6.13
Class:A
Profile:BASE
Text: When a server receives a modify request and does not complete the DIT modification successfully then it does not perform any of the requested modifications.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.1.3.2

ID: 1.4.6.14
Class:A
Profile:BASE
Text: When a server receives a modify request that includes a request to remove any of the values that form the entry's distingushed name then the server will return the result code `notAllowedOnRDN'.
Ref: rfc2251#4.6
Strategy: BLITS 3.3.3.3.4.2


 

5.13 MODIFYDN

ID: 1.4.9.1
Class:A
Profile:BASE
Text: When a server receives a modifyDN request then it will take the distinguished name of the entry to be changed from the entry field of the request.
Ref: rfc2251#4.9
Strategy: BLITS 3.3.6.1

ID: 1.4.9.2
Class:A
Profile:BASE
Text: When a server receives a modifyDN request then it will form the leftmost component of the new name of the entry from the contents of the newrdn field of the request.
Ref: rfc2251#4.9
Strategy: BLITS 3.3.6.3

ID: 1.4.9.4
Class:A
Profile:BASE
Text: When a server receives a modifyDN request and the deleteoldrdn field is FALSE then the old RDN attribute values will be retained as non-distinguished attributes of the entry.
Ref: rfc2251#4.9
Strategy:

ID: 1.4.9.6
Class:A
Profile:BASE
Text: When a server receives a modifyDN request then it will attempt to perform the name change and will return the result of the attempt in a modifyDN response.
Ref: rfc2251#4.9
Strategy: BLITS 3.3.6.7.2

ID: 1.4.9.7
Class:A
Profile:BASE
Text: If a modifyDN request is made to change an entry name to a new target name, and the newSuperior parameter is absent and an entry already exists with the target name then the operation will fail and a result code of `entryAlreadyExists' is returned.
Ref: rfc2251#4.9
Strategy: BLITS 3.3.6.7.1 Using cn=Harold Wilson instead of Paul Cezanne to avoid side-effects.

ID: 1.4.9.8
Class:A
Profile:BASE
Text: When a server receives a modifyDN request for which the setting of the deleteoldrdn parameter would cause a schema inconsistency in the entry then it will not perform the operation and will return an error code.
Ref: rfc2251#4.9
Strategy:


 

5.14 PROTOCOL

ID: 1.4.0.1
Class:B
Profile:BASE
Text: A server ignores elements of SEQUENCE encodings whose tags it does not recognise.
Ref: rfc2251#4.0
Strategy: No portable way to modify encoded message.

ID: 1.4.0.2
Class:A
Profile:BASE
Text: When a server receives an LDAP request from a client that has not first issued a bind request then the server assumes that the client supports LDAP version 3.
Ref: rfc2251#4.0
Strategy:


 

5.15 SEARCH

ID: 1.4.5.1
Class:A
Profile:BASE
Text: When a server receives a search request then it performs the search relative to the base object entry specified by the distinguished name in the baseObject field.
Ref: rfc2251#4.5
Strategy: BLITS 3.3.2.1.1

ID: 1.4.5.2
Class:A
Profile:BASE
Text: When a server receives a search request with a scope of baseObject then it performs the search in the entry specified by the baseObject field.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.3
Class:A
Profile:BASE
Text: When a server receives a search request with a scope of singleLevel then it performs the search in the entries that are first level children of the entry specified by the baseObject field.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.6

ID: 1.4.5.4
Class:A
Profile:BASE
Text: When a server receives a search request with a scope of wholeSubtree then it performs the search in the entire subtree whose root is the entry specified by the baseObject field.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.11
Class:A
Profile:BASE
Text: When a server receives a search request with a value other than 0 in the sizelimit field then it will restrict the maximum number of entries that it will return to that value.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.8.1

ID: 1.4.5.12
Class:A
Profile:BASE
Text: When a server receives a search request with a value other than 0 in the timelimit field then it will restrict the maximum time allowed for the search to that value, measured in seconds.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.8.2

ID: 1.4.5.13
Class:A
Profile:BASE
Text: When a server receives a search request with the typesOnly field set to TRUE then it will return only attribute types, not values.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.8.3

ID: 1.4.5.14
Class:A
Profile:BASE
Text: When a server receives a search request with the typesOnly field set to FALSE then it will return both attribute types and values.
Ref: rfc2251#4.5.1
Strategy: cf 1.4.5.14 - i.e. inverse of BLITS 3.3.2.8.3

ID: 1.4.5.15
Class:A
Profile:BASE
Text: When a server receives a search request and the filter evaluates to TRUE for a particular entry then it returns the attributes of that entry as part of the search result, subject to any applicable access control restrictions.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.16
Class:A
Profile:BASE
Text: When a server receives a search request and the filter evaluates to FALSE for a particular entry then it ignores that entry for the search.
Ref: rfc2251#4.5.1
Strategy: wholeSubtree search - for Sophia Loren and Fried Egg. There is no Fried Egg, so expect only Sophia Loren to be returned.

ID: 1.4.5.17
Class:A
Profile:BASE
Text: When a server receives a search request and the filter evaluates to Undefined for a particular entry then it ignores that entry for the search.
Ref: rfc2251#4.5.1
Strategy: wholeSubtree search - filter contains two elements - one evaluates TRUE, the other UNDEFINED. Expect a single entry from the TRUE filter.

ID: 1.4.5.18
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains an "and" choice then the choice evaluates to TRUE if all the filters in the choice SET OF evaluate to TRUE.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.2.1.1

ID: 1.4.5.19
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains an "and" choice then the choice evaluates to FALSE if at least one filter in the choice SET OF evaluates to FALSE.
Ref: rfc2251#4.5.1
Strategy: wholeSubtree search for two objects - one real, one false. Expect zero entries returned.

ID: 1.4.5.20
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains an "and" choice then the choice evaluates to Undefined if not all filters in the choice SET OF evaluate to TRUE and no filter in the choice SET OF evaluates to FALSE.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.4.1

ID: 1.4.5.21
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains an "or" choice then the choice evaluates to FALSE if all the filters in the choice SET OF evaluate to FALSE.
Ref: rfc2251#4.5.1
Strategy: wholeSubtree search - filter has two items, both false, which are combined by OR. Expect: No entries returned.

ID: 1.4.5.22
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains an "or" choice then the choice evaluates to TRUE if at least one filter in the choice SET OF evaluates to TRUE.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.2.1.3

ID: 1.4.5.23
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains an "or" choice then the choice evaluates to Undefined if not all filters in the choice SET OF evaluate to FALSE and no filter in the choice SET OF evaluates to TRUE.
Ref: rfc2251#4.5.1
Strategy: wholeSubtree search: filter has two components, (foo=bar) evaluates Undefined, (cn=Fried Egg) evaluates False. Expect no entries returned.

ID: 1.4.5.24
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains a "not" choice then the choice evaluates to TRUE if the filter being negated is FALSE.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.2.2.1

ID: 1.4.5.25
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains a "not" choice then the choice evaluates to FALSE if the filter being negated is TRUE.
Ref: rfc2251#4.5.1
Strategy: inverse of BLITS 3.3.2.2.2.1 - expect 2 entries, both title!=Director

ID: 1.4.5.26
Class:B
Profile:BASE
Text: When a server receives a search request and the filter contains a "not" choice then the choice evaluates to Undefined if the filter being negated is Undefined.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.4.3 strategy proved unsuitable for testing. There is no obvious way to test this feature without generating non-zero result codes.

ID: 1.4.5.27
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains a present match then the match evaluates to TRUE where there is an attribute or subtype of the specified attribute description present in an entry.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.6 - modified for a wholeSubtree search of "ou=Shareholder Services, ou=Fin-Accounting, ou=Americas, ou=Search, o=IMC, c=US" EXPECTED: Expect 37 entries with title attribute present in all.

ID: 1.4.5.28
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains a present match then the match evaluates to FALSE where there is no attribute or subtype of the specified attribute description present in an entry.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.6 - modified for a wholeSubtree search of "ou=Shareholder Services, ou=Fin-Accounting, ou=Americas, ou=Search, o=IMC, c=US" filter: (uid=*) EXPECTED: Expect no entries with foo attribute present.

ID: 1.4.5.29
Class:A
Profile:BASE
Text: When a server receives a search request and the filter contains a present match then the match evaluates to FALSE when the specified attribute description is not recognised.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.6 - modified for a wholeSubtree search of "ou=Shareholder Services, ou=Fin-Accounting, ou=Americas, ou=Search, o=IMC, c=US" filter: (foo=*) EXPECTED: Expect no entries with foo attribute present.

ID: 1.4.5.37
Class:B
Profile:BASE
Text: When a server receives a search request and the server is not able to determine whether the assertion value for a filter item matches an entry then the filter item evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy: Unable to portably test a servers ability to not match an entry

ID: 1.4.5.38
Class:A
Profile:BASE
Text: When a server receives a search request and an attribute description in an equalityMatch is not recognised by the server then the filter evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.1 - modified to use filter (bn=Pat Bakers). Expect zero entries returned: Undefined filter.

ID: 1.4.5.39
Class:A
Profile:BASE
Text:When a server receives a search request and an attribute description in a substrings match is not recognised by the server then the filter evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.2 - modified to use filter (foo=p*smith). Expect no entries returned. (Filter Undefined)

ID: 1.4.5.40
Class:A
Profile:BASE
Text: When a server receives a search request and an attribute description in a greaterOrEqual match is not recognised by the server then the filter evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.5 - modified to use filter (foo>=2200500). Expect no entries returned. (Filter Undefined)

ID: 1.4.5.41
Class:A
Profile:BASE
Text: When a server receives a search request and an attribute description in a lessOrEqual match is not recognised by the server then the filter evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.42
Class:A
Profile:BASE
Text: When a server receives a search request and an attribute description in an approxMatch is not recognised by the server then the filter evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.1.3 - modified to use filter (foo~=clint). Expect no entries returned. (Filter Undefined)

ID: 1.4.5.45
Class:A
Profile:BASE
Text: When a server receives a search request and the assertion value cannot be parsed by the server then the filter evaluates to Undefined.
Ref: rfc2251#4.5.1
Strategy: BLITS 3.3.2.9.1 - test with user-supplied result code

ID: 1.4.5.48
Class:A
Profile:BASE
Text:When a server receives a search request and it cannot parse an assertion value then it does not return an error.
Ref: rfc2251#4.5.1
Strategy: use filter containing non-textual values. Expect zero entries returned. filter: (cn=Pa\n\t\rt Bakers) baseObject: "ou=Search, o=IMC, c=US"

ID: 1.4.5.49
Class:A
Profile:BASE
Text: When a server receives a search request then the attributes that it returns from each entry which matches the search filter are those specified in the attributes field of the search request.
Ref: rfc2251#4.5.1
Strategy: baseObject search: Request attributes (givenname, password, title) baseObject: "ou=Americas, ou=Search, o=IMC, c=US" filter: (cn=Clint Eastwood)

ID: 1.4.5.50
Class:A
Profile:BASE
Text: When a server receives a search request and the attributes field contains an empty list then the server returns all user attributes from each entry which matches the search filter.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.51
Class:A
Profile:BASE
Text: Each entry returned in a SearchResultEntry will contain all attributes, complete with associated values if necessary, as specified in the attributes field of the Search Request. Return of attributes is subject to access control and other administrative policy.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.52
Class:B
Profile:BASE
Text: When a server receives a search request then it returns any attribute at most once in an entry.
Ref: rfc2251#4.5.1
Strategy: Untestable - can not portably force server to return an attribute more than once per entry

ID: 1.4.5.53
Class:A
Profile:BASE
Text: When a server receives a search request and there are attribute descriptions in the attributes field that it does not recognise then it ignores those attribute descriptions.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.54
Class:A
Profile:BASE
Text: When a server receives a search request and the attributes field contains a list containing only the attribute with OID "1.1" then the server will not return any attributes.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.56
Class:B
Profile:BASE
Text: When a server receives a search request in an LDAP session that is operating over TCP then the server will return to the client a sequence of responses in separate LDAP messages, including a response message containing a SearchResultEntry for each entry found during the search.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.57
Class:B
Profile:BASE
Text: When a server receives a search request in an LDAP session that is operating over TCP then the server will return to the client a sequence of responses in separate LDAP messages, including a response message containing a SearchResultReference for each area not explored during the search.
Ref: rfc2251#4.5.1
Strategy:

ID: 1.4.5.58
Class:B
Profile:BASE
Text: When a server receives a search request in an LDAP session that is operating over TCP then the server will return to the client a sequence of responses in separate LDAP messages, including SearchResultEntry or SearchResultReference response messages, then a SearchResultDone message will follow all the SearchResultEntry and SearchResultReference response messages.
Ref: rfc2251#4.5.1
Strategy:


 

5.16 SERVER-SPECIFIC


 

5.17 SPECIFIC

ID: 1.3.4.1
Class:B
Profile:BASE
Text: When a server receives a search request starting at root, with subtree scope the root DSE attributes are not accessible.
Ref: rfc2251#3.4
Strategy: Not portably testable.

ID: 1.3.4.5
Class:B
Profile:BASE
Text: A server maintains an altServer attribute in the root DSE that identifies alternative servers that may be used when it is unavailable.
Ref: rfc2251#3.4
Strategy: test removed - altSever attribute not mandatory


 

5.18 UNBIND

ID: 1.4.3.1
Class:A
Profile:BASE
Text: When a server receives an unbind request it will terminate the protocol session
Ref: rfc2251#1.4.3
Strategy: BLITS 3.3.1.2


 

6 RFC2252


 

6.1 MATCHINGRULES


 

6.2 OPERATIONAL


 

6.3 STANDARD


 

6.4 SYNTAXES

ID: 2.4.3.1
Class:B
Profile:BASE
Text: When a server generates an encoding where an arbitrary string, not a distinguished Name, is used as part of a larger production, and other than as part of a Distinguished name, and the string contains a backslash character('\' ASCII 92), then the backslash character is represented in the encoding by '\5c' or '\5C'.
Ref: rfc2252#4.3.1
Strategy: not portably testable

ID: 2.4.3.3
Class:B
Profile:BASE
Text: When a server generates an encoding where an arbitrary string, not a Distinguished name, is used as part of a larger production, and other than as part of a Distiguished name, and the string contains an apostrophe character (''' ASCII 39), then the apostrophe character is represented in the encoding by '\27'.
Ref: rfc2252#4.3.3
Strategy: not portably testable

ID: 2.4.3.5
Class:B
Profile:BASE
Text: When a server generates an encoding where an arbitrary string, not a distinguished name, is used as part of a larger production, and other than as part of a Distiguished Name, and the string contains a dollar character ('$' ASCII 36), then the dollar character is represented in the encoding by '\24'.
Ref: rfc2252#4.3.5
Strategy: not portably testable

ID: 2.4.3.7
Class:B
Profile:BASE
Text: When a server generates an encoding where an arbitrary string, not a Distinguished Name, is used as part of a larger production, and other than as part of a Distinguished Name, and the string contains an octothorpe character ('#' ASCII 35), then the octothorpe character is represented in the encoding by '\23'.
Ref: rfc2252#4.3.7
Strategy: not portably testable

ID: 2.4.3.10
Class:A
Profile:BASE
Text: When a server parses attribute values in add requests and the attribute type is recognised and the attribute syntax name is that of Binary then the server implements the form defined in section 4.3.1 of RFC 2252 for parsing those values.
Ref: rfc2251#4.3.10
Strategy:

ID: 2.4.3.11
Class:A
Profile:BASE
Text: If a server parses attribute values in a compare request and the attribute syntax name is that of Binary then the server implements the form defined in section 4.3.1 of RFC 2252 for parsing those values.
Ref: rfc2252#4.3.11
Strategy:

ID: 2.4.3.12
Class:A
Profile:BASE
Text: When a server parses attribute values in modify requests and the attribute type is recognised and the attribute syntax name is that of binary than the server implements the form defined in section 4.3.1 of RFC 2252 for parsing those values.
Ref: rfc2252#4.3.12
Strategy:


 

6.5 TYPE

ID: 2.4.2.1
Class:B
Profile:BASE
Text: A server correctly processes Attributes TypeDescription quantities.
Ref: rfc2252#2.4.2
Strategy: Removed.

ID: 2.4.2.2
Class:B
Profile:BASE
Text: A server correctly generates attribute TypeDescription quantities.
Ref: rfc2252#2.4.2
Strategy: Removed.

ID: 2.4.2.3
Class:B
Profile:BASE
Text: For each additional name or attribute not listed in RFC2252 that a server recognizes, the server publishes the definition of the type in the attributeTypes attribute of its subschema entries.
Ref: rfc2252#4.2.3
Strategy: Not portably testable.

ID: 2.4.2.4
Class:B
Profile:BASE
Text: For each additional object class not listed in RFC2252 that a server implements the server publishes the definition of the class in the objectClasses attribute of its subschema entries.
Ref: rfc2252#4.2.4
Strategy: Not portably testable.

ID: 2.4.2.5
Class:B
Profile:BASE
Text: For each additional matchingRule not listed in RFC2252 that a server implements the server publishes the definition of the matching rule in the matchingRules attribute of its subschema entries.
Ref: rfc2252#4.2.5
Strategy: Not portably testable.


 

7 RFC2253


 

7.1 CONVERSION

ID: 3.2.1.1
Class:A
Profile:BASE
Text: When a server produces a string representation of a DistinguishedName in which the RDNSequence component is an empty sequence, then the RDNSequence is decoded as an empty (or zero length) string.
Ref: rfc2253#2.1.1
Strategy:BLITS 3.3.13.1.3

ID: 3.2.1.2
Class:A
Profile:BASE
Text: When a server produces a string representation of a DistinguishedName in which the RDNSequence component is not an empty sequence, then the RDNsequence is converted to a sequence of UTF-8 string-encoded relativeDistinguishedNames with the elements occuring in reverse order(i.e last element comes first) in the representation.
Ref: rfc2253#2.1.2
Strategy: EXPECTED: entry cn=syntaxtest returned

ID: 3.2.1.3
Class:A
Profile:BASE
Text: When a server produces a non-empty string representation of an RDNSequence the adjoining Relative Distinguished Name elements are separated by a comma character(',' ASCII 44)in representation.
Ref: rfc2253#2.1.3
Strategy: EXPECTED: entry cn=SyntaxTest returned

ID: 3.2.2.1
Class:A
Profile:BASE
Text: When a server produces a string representation of an RDNSequence containing multi-valued RDN element, then the values of the RDN are seperated by a plus character('+' ASCII 43) in the representation.
Ref: rfc2253#2.2.1
Strategy: EXPECTED: entry ou=Corporate Tax returned.

ID: 3.2.2.2
Class:A
Profile:BASE
Text: When a server generates a RelativeDistinguishedName in a Distinguished Name, the output consists of the string encodings of each AttributeTypeAndValue. (Note: they can be in any order.)
Ref: rfc2253#2.2.2
Strategy: EXPECTED: entry cn=SyntaxTest returned

ID: 3.2.3.1
Class:A
Profile:BASE
Text: When a server produces a string representation of a DistinguishedName, each AttributeTypeValue in the DN is generated as the string representation of the attributeType, followed by an equals character ('=' ASCII 61), followed by the string representation of the AttributeValue.
Ref: rfc2253#2.3.1
Strategy: EXPECTED: entry cn= Apollo returned

ID: 3.2.3.2
Class:A
Profile:BASE
Text: When a server produces a string representation of a Distinguished Name and an AttributeType is in a published table of attribute types associated with RFC2252, then the type name string from that table is used in the representation.
Ref: rfc2252#2.3.2
Strategy: BLITS 3.3.13.1.3

ID: 3.2.3.3
Class:B
Profile:BASE
Text: When a server produces a string representation of a DistinguishedName and an AttributeType is not in published table of attribute types associated with RFC2252, then the generated type name string is the dotted-decimal encoding of the AttributeType's OBJECT IDENTIFIER.
Ref: rfc2252#2.3.3
Strategy: not testable

ID: 3.2.4.1
Class:A
Profile:BASE
Text: When a server produces a string representation of a RelativeDistiguishedName that contains an attributeValue which is of a type that does not have a string representation defined for it then it is generated in UTF-8 string form as an octothorpe character('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the AttributeValue.
Ref: rfc2253#2.4.1
Strategy:

ID: 3.2.4.2
Class:B
Profile:BASE
Text: When a server produces a string representation of a RelativeDistinguishedName and the RDN contains an AttributeValue containing an initial space character(''ASCII 32), then the character is represented in the output string representation by a space character prefixed by a backslash character ('\' ASCII 92).
Ref: rfc2253#2.4.2
Strategy: EXPECTED: entry cn= Apollo returned

ID: 3.2.4.3
Class:A
Profile:BASE
Text: When a server produces a string representation of a RelativeDistinguishedName and the RDN contains an AttributeValue containing an initial octothorpe character('#' ASCII 35) then the character is represented in the output string by an initial octothorpe character prefixed by a backslash character ('\' ASCII 92).
Ref: rfc2252#2.4.3
Strategy: EXPECTED: entry cn=Ac#illes returned

ID: 3.2.4.4
Class:B
Profile:BASE
Text: When a server produces a string representation of a relativeDistinguishedName and the RDN contains an AttributeValue containing a space character(''ASCII32) at the end of the string then the character is represented in the output string by a space character prefixed by a backslash character('\'ASCII 92).
Ref: rfc2252#2.4.4
Strategy: EXPECTED: entry cn=Hector returned

ID: 3.2.4.5
Class:A
Profile:BASE
Text: When a server produces a string representaton of a RelativeDistinguishedName and the RDN contains an AttributeValue containing a comma character (',' ACSII 43) then the character is represented in output string by a comma character prifixed by a backslash character ('\' ASCII 92).
Ref: rfc2252#2.4.5
Strategy: EXPECTED: entry cn=Aurelius,Marcus returned

ID: 3.2.4.6
Class:B
Profile:BASE
Text: When a server produces a string representation of a RelativeDistinguishedName and the RDN contains an AttributeValue containing a plus character ('+' ASCII 43) then the character is represented in the output string by a plus character prefixed by a backslash character(\' ASCII 92).
Ref: rfc2252#2.4.6
Strategy: Test is not portable. Cannot guarantee that server will import the test entry.

ID: 3.2.4.7
Class:A
Profile:BASE
Text: When a server produces a string representation of a RelativeDistinguishedName and the RDN contains an AttributeValue containing a quote character ('"' ASCII 34) then the character is represented in output string by a quote character prefixed by a backslash character ('\' ASCII 92).
Ref: rfc2252#2.4.2
Strategy: EXPECTED: entry cn="Paris" returned

ID: 3.2.4.8
Class:A
Profile:BASE
Text: When a server produces a string representation of a RelativeDistinguishedName and the RDN contains an AttributeValue containing a backslash character ('\' ASCII 92) then the character is represented in the output string by a backslash character prefixed by a backslash character.
Ref: rfc2252#2.4.8
Strategy: EXPECTED: entry cn=Mars\Ares returned

ID: 3.2.4.9
Class:A
Profile:BASE
Text: When a server produces a string representation of a RelativeDistinguishedName and the RDN contains an AttributeValue containing a less-than character ('<' ASCII 60) then the character is represented in output string by a less-than character prefixed by a backslash character ('\' ASCII 92).
Ref: rfc2252#2.4.9
Strategy: EXPECTED: entry cn=Rome

ID: 3.2.4.10
Class:A
Profile:BASE
Text: When a server produces a string representation of a Relative Distinguished Name and the RDN contains an AtrributeValue containing a greater-than character ('>' ASCII 62) then the character is represented in the output string by a greater-than character prefixed by backslash character ('\' ASCII 92).
Ref: rfc2252#2.4.10
Strategy: EXPECTED: entry cn=Athens> returned

ID: 3.2.4.11
Class:A
Profile:BASE
Text: When a server produces a string representation of a Relative Distinguished Name and the RDN contains an AttributeValue containing a semi-colon character (';' ASCII 59) then the character is represented in output string by a semi-colon character prefixed by a backslash character('\' ACSII 92).
Ref: rfc2252#2.4.11
Strategy: EXPECTED: entry cn=Perse;phone with attribute cn=Perse;phone

ID: 3.2.4.13
Class:B
Profile:BASE
Text: When a server produces a string representation of RelativeDistinguishedName and the RDN contains that it is of a type that does not have a string representation defined for it then the output generated for the AttributeValue consists of the UTF-8 string in accordance with the syntax definition, possibly modified by applying the escape mechanism to certain characters.
Ref: rfc2252#2.4.13
Strategy:


 

7.2 PARSING

ID: 3.3.0.1
Class:A
Profile:BASE
Text: When a server receives a string representation of a DistinguishedName any comma character (',' ASCII 43) that is not prefixed by a backslash character ('\' ASCII 92) is interpreted as name-component separator.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.3.0.2
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, any plus character ('+' ACSII 43) that is not prefixed by a backslash character ('\' ASCII 92) is interpreted as an attributeTypeAndValue separator.
Ref: rfc2253#3
Strategy: EXPECTED: entry ou=Corporate Tax returned.

ID: 3.3.0.3
Class:A
Profile:BASE
Text: When a server receives a string representation of Distinguished Name, any equal character ('=' ASCII 43) that is not prefixed by a backslashed character ('\' ASCII 92) is interpreted as a attributeType-attributeValue separator.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.3.0.4
Class:B
Profile:BASE
Text: When a server receives a string representation of Distinguished Name, any attributeType that is not composed of either an ALPHA/DIGIT/'-' combination or a DIGIT.'.' OID combination is not interpreted as a valid attributeType name.
Ref: rfc2253#3
Strategy: Not portably testable. Cannot guarantee that server will import entry.

ID: 3.3.0.5
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, any attributeType that is composed of ALPHA/DIGIT/'-' combination is intepreted as a valid attribute type identifier.
Ref: rfc2253#3
Strategy: EXPECTED: no entry returned

ID: 3.3.0.6
Class:A
Profile:BASE
Text: When a server recieves a string representation of Distinguished Name, any attributeType that is composed of a dotted decimal oid string is interpreted as a valid attribute identifier.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Pat Bakers with OID returned

ID: 3.3.0.7
Class:A
Profile:BASE
Text: When a server receives a string representation of Distinguished Name, in any attributeValue that contains a comma character (',' ASCII 44) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as a single literal comma character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Aurelius,Marcus returned

ID: 3.3.0.8
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, in any attributevalue that contains an equal character ('=' ASCII 61) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as a single literal equals character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Time=Money returned

ID: 3.3.0.9
Class:B
Profile:BASE
Text: When a server receives a string of Distinguished Name, in any attributeValue that contains a plus character ('+' ASCII 43) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as a single literal character.
Ref: rfc2253#3
Strategy: Not portably testable. Cannot guarantee that server will import the test entry

ID: 3.3.0.10
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distingushed Name, in any AttributeValue that contains a less-than character ('<' ASCII 62) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as single literal less-than character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Rome

ID: 3.3.0.11
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, in any AttributeValue that contains a greater-than character ('>' ASCII 62) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as a single literal greater-than character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Athens>Rome returned

ID: 3.3.0.12
Class:A
Profile:BASE
Text: When a server recieves a string representation of a Distinguished Name, in any AttributeValue that contains an octothorpe character ('#' ASCII 35) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as a single literal octothorpe character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Ac#illes returned

ID: 3.3.0.13
Class:A
Profile:BASE
Text: When a server receives string representation of a Distinguished Name, in any AttributevValue that contains an semicolon character (';' ASCII 59) prefixed by a backslash character ('\' ASCII 92), the server interpretes the pair of character as a single literal semicolon character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Perse;phone returned

ID: 3.3.0.14
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distingiushed Name, in any attributeValue that contains a backslash character ('\' ASCII 92) prefixed by a backslash character ('\' ASCII 92), the server interprets the pair of characters as a single literal backslash character.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=Mars\Ares returned

ID: 3.3.0.15
Class:B
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, in any AttributeValue that contains a quote character ('"' ASCII 34) prefixed by a backslash character ('\' ACSII 92), the server interprets the pair of characters as a single literal quote character.
Ref: rfc2253#3
Strategy: Removed since 1.0patch2 - not portably testable

ID: 3.3.0.16
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, in any AttributeValue that contains an backslash character ('\' ASCII 34) that immediately followed by a pair of hexadecimal digits, the backslash is ignored and the digits are interpreted as a single character whose UTF-8 code is specified by the two-digit hexadecimal number.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=ui,... returned

ID: 3.3.0.17
Class:B
Profile:BASE
Text: When a server receives a string representation of Distinguished Name, in any attributeValue that contains a quote character ('"' ASCII 34) that is not prefixed by a backslash character ('\' ACSII 92) the quote character is ignored.
Ref: rfc2253#3
Strategy: Test removed, no relevant text in RFC2253 to justify assertion.

ID: 3.3.0.18
Class:A
Profile:BASE
Text: When a server receives a string representation of a Distinguished Name, in any AttributeValue that contains an even number of hexadecimal digits that are prefixed by an octothorpe character ('#' ASCII 35), the octothorpe character is ignored and the haxadecimal digit are interpreted as the BER encoding of the X.5000 attributeValue.
Ref: rfc2253#3
Strategy: EXPECTED: entry cn=ui returned


 

7.3 RELATIONSHIP

ID: 3.4.0.1
Class:A
Profile:BASE
Text: When a server receives a Distinguished Name string in which the RDNs are separated by semicolon characters (';' ASCII 59) then the server accepts this DN and replaces the semicolons with comma characters (',' ASCII 44).
Ref: rfc2252#2.4.1
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.4.0.2
Class:A
Profile:BASE
Text: When a server receives a Distinguished Name string in which the character that separates the RDNs has adjacent white space then the whitespace characters are ignored.
Ref: rfc2252#2.4.2
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.4.0.3
Class:B
Profile:BASE
Text: When a server receives a Distinguished name string in which the oid component of an AttributeType is prefixed by the string "OID.", then the server will accept this as a normal OID.
Ref: rfc2252#4.0.3
Strategy: Outside scope of LDAP Certified EXPECTED: Entry cn=Pat Bakers returned.

ID: 3.4.0.4
Class:B
Profile:BASE
Text: When a server receives a Distinguished Name string in which the oid component of an AttributeType is prefixed by the string "oid", then the server will accept this as a normal OID.
Ref: rfc2252#4.0.4
Strategy: Outside scope of LDAP Certified EXPECTED: Entry cn=Pat Bakers returned

ID: 3.4.0.5
Class:A
Profile:BASE
Text: When a server receives a Distinguished Name string in which there are one or more space characters(''ASCII 32) between the name-components then the space characters are ignored.
Ref: rfc2252#4.0.5
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.4.0.8
Class:A
Profile:BASE
Text: When a server receives a Distinguished name string in which there are quote characters ('=' ASCII 34) between the "=" and AttributeValue elements of an AttributeTypeValue component then the equals characters are ignored.
Ref: rfc2252#4.0.8
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.4.0.9
Class:A
Profile:BASE
Text: When a server receives a Distinguished Name string in which there are values enclosed within quote characters('"' ASCII 34) then the quotes are ignored and the value is accepted.
Ref: rfc2252#4.0.9
Strategy: EXPECTED: entry cn=Pat Bakers in quotes returned

ID: 3.4.0.10
Class:A
Profile:BASE
Text: When a server received a Distinguished Name string in which there are values enclosed within quote characters ('"' ASCII 34) that contain a comma character (',', ASCII 44) then the comma is interpreted as a single literal comma character.
Ref: rfc2253#4.0.10
Strategy: EXPECTED: entry cn="Easy Come, Easy Go" returned

ID: 3.4.0.11
Class:A
Profile:BASE
Text: When a server receives a Distinguished Name string in which there is a value enclosed within quote characters ('"', ASCII 34) that contains a equal character ('=' ASCII 44) then the equal character is interpreted as a single literal equal character.
Ref: rfc2253#4.0.11
Strategy: EXPECTED: entry cn=Pat Bakers returned

ID: 3.4.0.12
Class:A
Profile:BASE
Text: Whena server receives a Distingushed Name string in which there is a value enclosed within quote characters ('"'ASCII 34) that contains an plus character ('+' ASCII) then the plus character is interpreted as single literal plus character.
Ref: rfc2252#4.0.12
Strategy: EXPECTED: entry cn=\"Laurel+Hardy\" returned

ID: 3.4.0.13
Class:A
Profile:BASE
Text: When aserver receives a Distinguished Name string in which there is a value enclosed within quote character ('"', ASCII 34) that contains a less-than character ('<' ASCII 43) then the less-than character is interpreted s single literal less-than character.
Ref: rfc2253#4.0.13
Strategy: EXPECTED: entry cn="Beatles

ID: 3.4.0.14
Class:A
Profile:BASE
Text: When aserver receives a Distinguished Name string in which there is a value enclosed within quote characters ('"', ASCII 34) that contains an greater-than character ('>' ASCII 60) then the greater-than character is interpreted as a single literal greater-than character.
Ref: rfc2253#4.0.14
Strategy: EXPECTED: entry cn="Salmon>Haddock" returned

ID: 3.4.0.15
Class:A
Profile:BASE
Text: When a server receives a Distinguished Name string in which there is a value enclosed within quote characters ('"', ASCII 34) that contains an octothorpe character ('#' ASCII 35) then the octothorpe character is interpreted as a single literal octothorpe character
Ref: rfc2253#4.0.15
Strategy: EXPECTED: entry cn="Room#101" returned

ID: 3.4.0.16
Class:A
Profile:BASE
Text: When aserver receives a Distinguished Name string in which there is a value enclosed witin quote characters ('"', ASCII 34) that contains an octothorpe character (';' ASCII 59) then the semicolon character is interpreted as a single literal semicolon character
Ref: rfc2253#4.0.16
Strategy: EXPECTED: entry cn="Old;New" returned


 

8 RFC2254


 

8.1 FILTER


 

9 RFC2255


 

9.1 DEFINITION


 

10 RFC2256


 

10.1 ATTRIBUTETYPES


 

10.2 OBJECTCLASSES