From 4c63517a00a4fa8e72f2cfa93bd5efc88e51c096 Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Tue, 18 Aug 2015 21:59:42 +0200
Subject: [PATCH 1/5] Extending eDirectory tests (group aux object class)

---
 .../testing/conntest/AbstractEDirTest.java    | 81 +++++++++++++++++-
 .../testing/conntest/AbstractLdapTest.java    | 18 +++-
 .../test/resources/edir/resource-athena.xml   | 82 ++++++++++++++++++-
 .../src/test/resources/edir/role-meta-org.xml | 54 ++++++++++++
 4 files changed, 230 insertions(+), 5 deletions(-)
 create mode 100644 testing/conntest/src/test/resources/edir/role-meta-org.xml

diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
index 0a4ee51f0bb..fac62d19ee7 100644
--- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
+++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
@@ -61,12 +61,17 @@
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 /**
@@ -81,6 +86,9 @@ public abstract class AbstractEDirTest extends AbstractLdapTest {
 	protected static final File ROLE_PIRATES_FILE = new File(TEST_DIR, "role-pirate.xml");
 	protected static final String ROLE_PIRATES_OID = "5dd034e8-41d2-11e5-a123-001e8c717e5b";
 	
+	protected static final File ROLE_META_ORG_FILE = new File(TEST_DIR, "role-meta-org.xml");
+	protected static final String ROLE_META_ORG_OID = "f2ad0ace-45d7-11e5-af54-001e8c717e5b";
+	
 	public static final String ATTRIBUTE_LOCKOUT_LOCKED_NAME = "lockedByIntruder";
 	public static final String ATTRIBUTE_LOCKOUT_RESET_TIME_NAME = "loginIntruderResetTime";
 	public static final String ATTRIBUTE_GROUP_MEMBERSHIP_NAME = "groupMembership";
@@ -91,6 +99,7 @@ public abstract class AbstractEDirTest extends AbstractLdapTest {
 	protected static final String ACCOUNT_JACK_PASSWORD = "qwe123";
 	
 	private static final String GROUP_PIRATES_NAME = "pirates";
+	private static final String GROUP_MELEE_ISLAND_NAME = "Mêlée Island";
 	
 	protected static final int NUMBER_OF_ACCOUNTS = 4;
 	protected static final int LOCKOUT_EXPIRATION_SECONDS = 65;
@@ -100,7 +109,8 @@ public abstract class AbstractEDirTest extends AbstractLdapTest {
 	protected String groupPiratesOid;
 	protected long jackLockoutTimestamp;
 	private String accountBarbossaOid;
-
+	private String orgMeleeIslandOid;
+	protected String groupMeleeOid;
 	
 	@Override
 	public String getStartSystemCommand() {
@@ -178,6 +188,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		
 		// Roles
 		repoAddObjectFromFile(ROLE_PIRATES_FILE, RoleType.class, initResult);
+		repoAddObjectFromFile(ROLE_META_ORG_FILE, RoleType.class, initResult);
 		
 	}
 	
@@ -188,6 +199,7 @@ public void test000Sanity() throws Exception {
 		cleanupDelete(toDn(USER_BARBOSSA_USERNAME));
 		cleanupDelete(toDn(USER_CPTBARBOSSA_USERNAME));
 		cleanupDelete(toDn(USER_GUYBRUSH_USERNAME));
+		cleanupDelete(toGroupDn("Mêlée Island"));
 	}
 
 	@Test
@@ -609,6 +621,73 @@ public void test390ModifyUserBarbossaRename() throws Exception {
 	
 	// TODO: create account with a group membership
 	
+	@Test
+    public void test500AddOrgMeleeIsland() throws Exception {
+		final String TEST_NAME = "test500AddOrgMeleeIsland";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+        
+        PrismObject<OrgType> org = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(OrgType.class).instantiate();
+        OrgType orgType = org.asObjectable();
+        orgType.setName(new PolyStringType(GROUP_MELEE_ISLAND_NAME));
+        AssignmentType metaroleAssignment = new AssignmentType();
+        ObjectReferenceType metaroleRef = new ObjectReferenceType();
+        metaroleRef.setOid(ROLE_META_ORG_OID);
+        metaroleRef.setType(RoleType.COMPLEX_TYPE);
+		metaroleAssignment.setTargetRef(metaroleRef);
+		orgType.getAssignment().add(metaroleAssignment);
+        
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        addObject(org, task, result);
+        
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        orgMeleeIslandOid = org.getOid();
+        Entry entry = assertLdapGroup(GROUP_MELEE_ISLAND_NAME);
+        
+        org = getObject(OrgType.class, orgMeleeIslandOid);
+        groupMeleeOid = getSingleLinkOid(org);
+        PrismObject<ShadowType> shadow = getShadowModel(groupMeleeOid);
+        display("Shadow (model)", shadow);
+	}
+	
+	@Test
+    public void test510AssignGuybrushMeleeIsland() throws Exception {
+		final String TEST_NAME = "test510AssignGuybrushMeleeIsland";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+        
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        assignOrg(USER_GUYBRUSH_OID, orgMeleeIslandOid, task, result);
+        
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME);
+        
+        PrismObject<UserType> user = getUser(USER_GUYBRUSH_OID);
+        String shadowOid = getSingleLinkOid(user);
+        PrismObject<ShadowType> shadow = getShadowModel(shadowOid);
+        display("Shadow (model)", shadow);
+        
+        assertEDirGroupMember(entry, GROUP_PIRATES_NAME);
+
+        IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupMeleeOid);
+	}
+	
 	// Wait until the lockout of Jack expires, check status
 	@Test
     public void test800JackLockoutExpires() throws Exception {
diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
index 0ede9193788..e96865b792b 100644
--- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
+++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
@@ -352,9 +352,15 @@ public void test020Schema() throws Exception {
         
         ResourceAttributeDefinition<String> cnDef = accountObjectClassDefinition.findAttributeDefinition("cn");
         PrismAsserts.assertDefinition(cnDef, new QName(MidPointConstants.NS_RI, "cn"), DOMUtil.XSD_STRING, 1, -1);
-        assertTrue("createTimestampDef read", cnDef.canRead());
-        assertTrue("createTimestampDef read", cnDef.canModify());
-        assertTrue("createTimestampDef read", cnDef.canAdd());
+        assertTrue("cn read", cnDef.canRead());
+        assertTrue("cn read", cnDef.canModify());
+        assertTrue("cn read", cnDef.canAdd());
+        
+        ResourceAttributeDefinition<String> oDef = accountObjectClassDefinition.findAttributeDefinition("o");
+        PrismAsserts.assertDefinition(oDef, new QName(MidPointConstants.NS_RI, "o"), DOMUtil.XSD_STRING, 0, -1);
+        assertTrue("o read", oDef.canRead());
+        assertTrue("o read", oDef.canModify());
+        assertTrue("o read", oDef.canAdd());
         
         ResourceAttributeDefinition<Long> createTimestampDef = accountObjectClassDefinition.findAttributeDefinition("createTimestamp");
         PrismAsserts.assertDefinition(createTimestampDef, new QName(MidPointConstants.NS_RI, "createTimestamp"),
@@ -449,6 +455,12 @@ protected Entry getLdapGroupByName(String name) throws LdapException, IOExceptio
 		return entry;
 	}
 	
+	protected Entry assertLdapGroup(String cn) throws LdapException, IOException, CursorException {
+		Entry entry = getLdapGroupByName(cn);
+		assertAttribute(entry, "cn", cn);
+		return entry;
+	}
+	
 	protected void assertAttribute(Entry entry, String attrName, String expectedValue) throws LdapInvalidAttributeValueException {
 		String dn = entry.getDn().toString();
 		Attribute ldapAttribute = entry.get(attrName);
diff --git a/testing/conntest/src/test/resources/edir/resource-athena.xml b/testing/conntest/src/test/resources/edir/resource-athena.xml
index 8b47a8c9d8c..85fb10e1c54 100644
--- a/testing/conntest/src/test/resources/edir/resource-athena.xml
+++ b/testing/conntest/src/test/resources/edir/resource-athena.xml
@@ -154,7 +154,7 @@
 
             <association>
             	<ref>ri:group</ref>
-            	<displayName>LDAP Group Membership</displayName>
+            	<displayName>Ordinary LDAP Group Membership</displayName>
             	<kind>entitlement</kind>
             	<intent>ldapGroup</intent>
             	<direction>objectToSubject</direction>
@@ -163,6 +163,19 @@
             	<shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
             	<shortcutValueAttribute>ri:dn</shortcutValueAttribute>
             </association>
+            
+            <association>
+            	<ref>ri:orgGroup</ref>
+            	<displayName>Organizational Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>orgGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:member</associationAttribute>
+            	<valueAttribute>ri:dn</valueAttribute>
+            	<shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+            	<shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+            </association>
+            
 				<protected>
 				<filter>
 					<q:equal>
@@ -245,6 +258,73 @@
                 </outbound>
             </attribute>
         </objectType>
+        
+        <objectType>
+		        <kind>entitlement</kind>
+				<intent>orgGroup</intent>
+				<displayName>Organizational Group</displayName>
+				<objectClass>ri:groupOfNames</objectClass>
+				<auxiliaryObjectClass>ri:nestedGroupAux</auxiliaryObjectClass>
+				<attribute>
+					<ref>ri:member</ref>
+					<matchingRule>mr:distinguishedName</matchingRule>
+					<fetchStrategy>minimal</fetchStrategy>
+				</attribute>
+				<attribute>
+		        	<ref>ri:dn</ref>
+					<matchingRule>mr:distinguishedName</matchingRule>
+		        	<outbound>
+					<source>
+						<path>$focus/name</path>
+					</source>
+					<expression>
+						<script>
+							<code>
+								return 'cn=' + name + ',ou=groups,o=example'
+							</code>
+						</script>
+					</expression>
+				</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:cn</ref>
+					<displayName>Common Name</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+					<outbound>
+						<strength>weak</strength>
+						<source>
+							<path>$focus/name</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+			        <ref>ri:fullName</ref>
+					<description>Complete organization name</description>
+					<limitations>
+						<maxOccurs>1</maxOccurs>
+					</limitations>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+		        	<outbound>
+					<source>
+						<path>$focus/displayName</path>
+					</source>
+				</outbound>
+			</attribute>
+            <association>
+            	<ref>ri:group</ref>
+                <tolerant>true</tolerant>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+            	<displayName>eDirectory Group in Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>orgGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:groupMember</associationAttribute>
+                <shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+                <shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+                <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
+            	<valueAttribute>ri:dn</valueAttribute>
+            </association>
+			</objectType>
 
 		</schemaHandling>
 
diff --git a/testing/conntest/src/test/resources/edir/role-meta-org.xml b/testing/conntest/src/test/resources/edir/role-meta-org.xml
new file mode 100644
index 00000000000..61d27399c9f
--- /dev/null
+++ b/testing/conntest/src/test/resources/edir/role-meta-org.xml
@@ -0,0 +1,54 @@
+<!--
+  ~ Copyright (c) 2015 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<role oid="f2ad0ace-45d7-11e5-af54-001e8c717e5b"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
+    <name>Org Metarole</name>
+    
+    <inducement>
+    	<construction>
+    		<resourceRef oid="0893372c-3c42-11e5-9179-001e8c717e5b" type="c:ResourceType"/>
+    		<kind>entitlement</kind>
+            <intent>orgGroup</intent>
+    	</construction>
+    </inducement>
+    
+    <inducement>
+    	<construction>
+    		<resourceRef oid="0893372c-3c42-11e5-9179-001e8c717e5b" type="c:ResourceType"/>
+    		<kind>account</kind>
+    		<intent>default</intent>
+    		<association>
+            	<ref>ri:orgGroup</ref>
+            	<outbound>
+            		<expression>
+            			<associationFromLink>
+            				<projectionDiscriminator>
+	            				<kind>entitlement</kind>
+	            				<intent>orgGroup</intent>
+            				</projectionDiscriminator>
+            			</associationFromLink>
+            		</expression>
+            	</outbound>
+            </association>
+    	</construction>  
+    	<order>2</order>
+    </inducement>
+    
+</role>

From 7fbde90da3c64924d16b3516cdcbe7bc09490ba0 Mon Sep 17 00:00:00 2001
From: honchar <honchar@evolveum.com>
Date: Wed, 19 Aug 2015 01:52:48 +0200
Subject: [PATCH 2/5] New GUI automation tests are added to selenidetest module

---
 .../testing/selenide/tests/LoginTest.java     |  1 +
 .../midpoint/testing/selenide/tests/Util.java |  1 -
 .../account/ResourceUserAccountTests.java     |  2 +-
 .../OrganizationStructureTests.java           | 42 ++++++++++++++++++-
 .../selenide/tests/user/SimpleUserTests.java  |  6 +--
 .../selenide/tests/user/SuperUserTests.java   |  9 ++--
 .../testing/selenide/tests/user/UserUtil.java | 25 ++++++-----
 testing/selenidetest/testng.xml               |  2 +-
 8 files changed, 64 insertions(+), 24 deletions(-)

diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/LoginTest.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/LoginTest.java
index 387a5ac259f..d4dad9dd95c 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/LoginTest.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/LoginTest.java
@@ -78,6 +78,7 @@ public void login(String username, String password){
         login(util.SITE_URL, username, password);
     }
 
+
     public void login(String siteUrl, String username, String password) {
         open(siteUrl);
         //enter login value
diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/Util.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/Util.java
index 21763c3d4f5..467f77732f7 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/Util.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/Util.java
@@ -1,7 +1,6 @@
 package com.evolveum.midpoint.testing.selenide.tests;
 
 import com.codeborne.selenide.SelenideElement;
-import com.evolveum.midpoint.testing.selenide.tests.resource.ResourceUtil;
 import org.openqa.selenium.By;
 import org.springframework.stereotype.Component;
 import org.testng.annotations.Test;
diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/account/ResourceUserAccountTests.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/account/ResourceUserAccountTests.java
index e85db7a2562..40c40001071 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/account/ResourceUserAccountTests.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/account/ResourceUserAccountTests.java
@@ -155,7 +155,7 @@ public void createAccountTest() {
      *  also updated
      */
     @Test (priority = 4, dependsOnMethods = {"createAccountTest"})
-    public void updateAccountAttributes(){
+    public void updateAccountAttributesTest(){
         close();
         loginTest.login();
         //open user's Edit page
diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/organization/OrganizationStructureTests.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/organization/OrganizationStructureTests.java
index 2b379d0f5f6..252d75b7fb4 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/organization/OrganizationStructureTests.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/organization/OrganizationStructureTests.java
@@ -3,11 +3,13 @@
 import com.evolveum.midpoint.testing.selenide.tests.BaseTest;
 import com.evolveum.midpoint.testing.selenide.tests.LoginTest;
 import com.evolveum.midpoint.testing.selenide.tests.Util;
+import com.evolveum.midpoint.testing.selenide.tests.user.UserUtil;
 import org.openqa.selenium.By;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.testng.annotations.Test;
 
 import static com.codeborne.selenide.Condition.text;
+import static com.codeborne.selenide.Condition.visible;
 import static com.codeborne.selenide.Selenide.$;
 import static com.codeborne.selenide.Selenide.close;
 
@@ -18,17 +20,23 @@ public class OrganizationStructureTests extends BaseTest{
     @Autowired
     LoginTest loginTest;
 
+    @Autowired
+    UserUtil userUtil;
+
     @Autowired
     Util util;
 
     public static final String ORG_FILE_PATH = "../../samples/org/org-monkey-island-simple.xml";
+    public static final String ASSIGN_ORG_UNIT_LINKTEXT = "Assign org. unit";
+    public static final String USER_NAME = "OrgTestUser";
+    public static final String ORG_UNIT_NAME = "F0002";
 
     /**
      *  Import organization structure from org-monkey-island-simple.xml
      *  sample file. Check if organization tree was created in MP
      */
-    @Test
-    public void importOrganizationStructureFromFile(){
+    @Test(priority = 0)
+    public void importOrganizationStructureFromFileTest(){
         close();
         loginTest.login();
 
@@ -51,5 +59,35 @@ public void importOrganizationStructureFromFile(){
         $(By.xpath("/html/body/div[4]/div/div[3]/ul/li[2]/a")).shouldHave(text("Projects"));
     }
 
+    @Test(priority = 1, dependsOnMethods = {"importOrganizationStructureFromFileTest"})
+    public void assignOrgUnit(){
+        //create test user
+        userUtil.createUser(USER_NAME);
+        //open user's Edit page
+        userUtil.openUsersEditPage(USER_NAME);
+        //assign F0002 org unit (Ministry of Defense) to the user
+        userUtil.assignObjectToUser(ASSIGN_ORG_UNIT_LINKTEXT, ORG_UNIT_NAME,
+                "/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div/div/div/div/div/div[1]/form/span/a",
+                "/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div/div/div/div/div/div[3]/form/div[2]/div[2]/table/tbody/tr/td[1]/div/input");
+        //open user's Edit page
+        userUtil.openUsersEditPage(USER_NAME);
+        //check if assigned org. unit is displayed in the Assignments section
+        $(By.xpath("/html/body/div[4]/div/form/div[3]/div[2]/div[2]/div[2]/div/div[1]/div[1]/a/span")).shouldBe(visible)
+                .shouldHave(text(" F0002, Ministry of Defense"));
+        //click Users menu
+        $(By.cssSelector("html.no-js body div.navbar.navbar-default.navbar-fixed-top div div.navbar-collapse.collapse ul.nav.navbar-nav li.dropdown a.dropdown-toggle")).shouldHave(text("Users")).click();
+        //click Organization tree menu item
+        $(By.linkText("Organization tree")).click();
+        //click on Ministry of Defense
+        $(By.xpath("/html/body/div[4]/div/div[3]/div/div/div[4]/div[2]/div[2]/div/table/tbody/tr[2]/td/div/div/div/div/span/a/span"))
+                .shouldBe(visible).click();
+        //search for the user in the opened organization
+        util.searchForElement(USER_NAME, "/html/body/div[4]/div/div[3]/div/div/div[4]/div[1]/form/span/a");
+        //check if user was found in the organization
+        $(By.xpath("/html/body/div[4]/div/div[3]/div/div/div[4]/div[3]/form/div[4]/div[2]/table/tbody/tr/td[3]/div/a/span"))
+                .shouldHave(text(USER_NAME));
+
+    }
+
 
 }
diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SimpleUserTests.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SimpleUserTests.java
index 4c469f5a109..7fb1e5455e6 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SimpleUserTests.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SimpleUserTests.java
@@ -187,7 +187,7 @@ public void cancelUserUpdateTest() {
      * Attempt to create user with all empty fields
      */
     @Test(alwaysRun = true, priority = 4)
-    public void createUserWithEmptyFields() {
+    public void createUserWithEmptyFieldsTest() {
         close();
         loginTest.login();
         //create user with all empty fields
@@ -202,7 +202,7 @@ public void createUserWithEmptyFields() {
      * Attempt to create user with existing name
      */
     @Test(alwaysRun = true, priority = 5)
-    public void createUserWithExistingName() {
+    public void createUserWithExistingNameTest() {
         close();
         loginTest.login();
         //check if welcome message appears after user logged in
@@ -224,7 +224,7 @@ public void createUserWithExistingName() {
     }
 
     @Test(alwaysRun = true, priority = 6)
-    public void deleteUser() {
+    public void deleteUserTest() {
         close();
         loginTest.login();
         //check if welcome message appears after user logged in
diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SuperUserTests.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SuperUserTests.java
index 9a92fc021df..91e1aeeca39 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SuperUserTests.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/SuperUserTests.java
@@ -31,6 +31,7 @@ public class SuperUserTests extends BaseTest {
     public static final String SUPER_ROLE_NAME = "Superuser";
     public static final String USER_PASSWORD = "password";
     public static final String SUPER_USER_NAME = "SuperUser";
+    public static final String ASSIGN_ROLE_LINKTEXT = "Assign role";
 
     /**
      * Create user with assigned Superuser role.
@@ -62,7 +63,9 @@ public void createSuperUserTest() {
                 .shouldBe(visible).setValue(USER_PASSWORD);
 
         //assign Superuser role to user
-        userUtil.assignRoleToUser(SUPER_ROLE_NAME);
+        userUtil.assignObjectToUser(ASSIGN_ROLE_LINKTEXT, SUPER_ROLE_NAME,
+                "/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div[1]/form[2]/span/a",
+                "/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div[2]/div/table/tbody/tr/td[1]/div/input");
 
         //search for the user in users list
         util.searchForElement(SUPER_USER_NAME, "/html/body/div[4]/div/div[4]/form/span/a");
@@ -88,7 +91,7 @@ public void loginAsSuperuserTest() {
     }
 
     @Test(dependsOnMethods = {"createSuperUserTest"}, priority = 2)
-    public void disableSuperuserAndLogin() {
+    public void disableSuperuserAndLoginTest() {
         close();
         loginTest.login();
         //check if welcome message appears after user logged in
@@ -126,7 +129,7 @@ public void disableSuperuserAndLogin() {
     }
 
     @Test(dependsOnMethods = {"createSuperUserTest"}, priority = 3)
-    public void enableSuperuserAndLogin() {
+    public void enableSuperuserAndLoginTest() {
         close();
         loginTest.login();
         //check if welcome message appears after user logged in
diff --git a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/UserUtil.java b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/UserUtil.java
index 8e49b3b5e00..f77343a4aee 100644
--- a/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/UserUtil.java
+++ b/testing/selenidetest/src/test/java/com/evolveum/midpoint/testing/selenide/tests/user/UserUtil.java
@@ -55,21 +55,21 @@ public void openListUsersPage(){
 
     /**
      * Prerequirement: user's Edit page is to be opened
-     * @param roleName
+     * Assign the specified roleName role to user
+     * @param linkText          the text of the menu item from the Assignments section menu
+     * @param objectName        the name of the object to be assigned
+     * @param searchButtonXpath xpath of the Search button from Search panel
+     * @param checkboxXpath     xpath of the checkbox which is to be selected
      */
-    public void assignRoleToUser(String roleName){
+    public void assignObjectToUser(String linkText, String objectName, String searchButtonXpath, String checkboxXpath){
         //click on the menu icon next to Assignments section
         $(By.xpath("/html/body/div[4]/div/form/div[3]/div[2]/div[2]/div[1]/div[2]/ul/li/a")).shouldBe(visible).click();
-        //click Assign role menu item
-        $(By.linkText("Assign role")).shouldBe(visible).click();
-        //search for role in the opened Select object(s) window
-        util.searchForElement(roleName, "/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div[1]/form[2]/span/a");
-        //check if role is found during the search
-        $(By.xpath("/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div[2]/div/table/tbody/tr"))
-                .shouldBe(visible).shouldHave(text(roleName));
-        //select checkbox for the Superuser role
-        $(By.xpath("/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/div[2]/div/table/tbody/tr/td[1]/div/input"))
-                .shouldBe(visible).click();
+        //click Assign menu item with the specified linkText
+        $(By.linkText(linkText)).shouldBe(visible).click();
+        //search for object by objectName in the opened Select object(s) window
+        util.searchForElement(objectName, searchButtonXpath);
+        //select checkbox for the found object
+        $(By.xpath(checkboxXpath)).shouldBe(visible).click();
         //click Assign button
         $(By.xpath("/html/body/div[6]/form/div/div[2]/div/div/div/div[2]/div/div/div/div/div/p/a"))
                 .shouldBe(visible).click();
@@ -79,7 +79,6 @@ public void assignRoleToUser(String roleName){
 
         //check if Success message appears after user saving
         $(By.xpath("/html/body/div[4]/div/div[2]/div[1]/ul/li/div/div[1]/div[1]/span")).shouldHave(text("Success"));
-
     }
 
     /**
diff --git a/testing/selenidetest/testng.xml b/testing/selenidetest/testng.xml
index 091822427ec..b0e13766d67 100644
--- a/testing/selenidetest/testng.xml
+++ b/testing/selenidetest/testng.xml
@@ -34,7 +34,7 @@
         </classes>
     </test>
 
-    <test name="Account Tests" parallel="false" preserve-order="true" verbose="10">
+    <test name="Resource-User-Account Tests" parallel="false" preserve-order="true" verbose="10">
         <classes>
             <class name="com.evolveum.midpoint.testing.selenide.tests.account.ResourceUserAccountTests"/>
         </classes>

From 6eb11087c553469e14b3ec742dc935babed6e2a3 Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Wed, 19 Aug 2015 12:17:12 +0200
Subject: [PATCH 3/5] Support for legacySchema connector configuration
 property.

---
 .../connector/icf-1/connector-schema-3.xsd    | 15 +++++++++++
 .../ucf/impl/ConnectorFactoryIcfImpl.java     |  5 ++++
 .../ucf/impl/ConnectorInstanceIcfImpl.java    | 26 ++++++++++++-------
 .../dummy-no-activation/resource-dummy.xml    |  2 ++
 4 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/infra/schema/src/main/resources/xml/ns/public/connector/icf-1/connector-schema-3.xsd b/infra/schema/src/main/resources/xml/ns/public/connector/icf-1/connector-schema-3.xsd
index a2f244fda4e..a046baff791 100644
--- a/infra/schema/src/main/resources/xml/ns/public/connector/icf-1/connector-schema-3.xsd
+++ b/infra/schema/src/main/resources/xml/ns/public/connector/icf-1/connector-schema-3.xsd
@@ -243,6 +243,21 @@
             </xsd:appinfo>
         </xsd:annotation>
     </xsd:element>
+    
+    <xsd:element name="legacySchema" type="xsd:boolean">
+		<xsd:annotation>
+			<xsd:documentation>
+				Forces schema processing in "legacy" mode.
+				Legacy mode means that __ACCOUNT__ is translated as AccountObjectClass,
+				__GROUP__ as GroupObjectClass and any other as CustomXXXXXObjectClass.
+				Non-legacy mode does not translates object class names. They are used
+				in the same form as provided by the connector.
+			</xsd:documentation>
+			<xsd:appinfo>
+				<a:maxOccurs>1</a:maxOccurs>
+			</xsd:appinfo>
+		</xsd:annotation>
+	</xsd:element>
 
 </xsd:schema>
 
diff --git a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorFactoryIcfImpl.java b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorFactoryIcfImpl.java
index 0f9dbc5afa3..5bfe6cd1dfb 100644
--- a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorFactoryIcfImpl.java
+++ b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorFactoryIcfImpl.java
@@ -143,6 +143,11 @@ public class ConnectorFactoryIcfImpl implements ConnectorFactory {
 	public static final QName CONNECTOR_SCHEMA_PRODUCER_BUFFER_SIZE_ELEMENT = new QName(NS_ICF_CONFIGURATION,
 			CONNECTOR_SCHEMA_PRODUCER_BUFFER_SIZE_XML_ELEMENT_NAME);
 	public static final QName CONNECTOR_SCHEMA_PRODUCER_BUFFER_SIZE_TYPE = DOMUtil.XSD_INT;
+	
+	public static final String CONNECTOR_SCHEMA_LEGACY_SCHEMA_XML_ELEMENT_NAME = "legacySchema";
+	public static final QName CONNECTOR_SCHEMA_LEGACY_SCHEMA_ELEMENT = new QName(NS_ICF_CONFIGURATION,
+			CONNECTOR_SCHEMA_LEGACY_SCHEMA_XML_ELEMENT_NAME);
+	public static final QName CONNECTOR_SCHEMA_LEGACY_SCHEMA_TYPE = DOMUtil.XSD_BOOLEAN;
 
 	public static final String CONNECTOR_SCHEMA_TIMEOUTS_XML_ELEMENT_NAME = "timeouts";
 	public static final QName CONNECTOR_SCHEMA_TIMEOUTS_ELEMENT = new QName(NS_ICF_CONFIGURATION,
diff --git a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorInstanceIcfImpl.java b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorInstanceIcfImpl.java
index 8525a4d5a27..e9d30b2f9cc 100644
--- a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorInstanceIcfImpl.java
+++ b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/ConnectorInstanceIcfImpl.java
@@ -217,7 +217,7 @@ public class ConnectorInstanceIcfImpl implements ConnectorInstance {
 	private PrismSchema connectorSchema;
 	private String description;
 	private boolean caseIgnoreAttributeNames = false;
-	private boolean legacySchema = false;
+	private Boolean legacySchema = null;
 	private boolean supportsReturnDefaultAttributes = false;
 
 	public ConnectorInstanceIcfImpl(ConnectorInfo connectorInfo, ConnectorType connectorType,
@@ -322,7 +322,13 @@ public void configure(PrismContainerValue<?> configuration, OperationResult pare
 			} else {
 				throw new SystemException("Got unexpected exception: " + ex.getClass().getName(), ex);
 			}
-
+		}
+		
+		PrismProperty<Boolean> legacySchemaConfigProperty = configuration.findProperty(new QName(
+				ConnectorFactoryIcfImpl.NS_ICF_CONFIGURATION,
+				ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_LEGACY_SCHEMA_XML_ELEMENT_NAME));
+		if (legacySchemaConfigProperty != null) {
+			legacySchema = legacySchemaConfigProperty.getRealValue();
 		}
 
 	}
@@ -355,17 +361,17 @@ public PrismSchema generateConnectorSchema() {
 			return null;
 		}
 
-		PrismSchema mpSchema = new PrismSchema(connectorType.getNamespace(), prismContext);
+		connectorSchema = new PrismSchema(connectorType.getNamespace(), prismContext);
 
 		// Create configuration type - the type used by the "configuration"
 		// element
-		PrismContainerDefinition<?> configurationContainerDef = mpSchema.createPropertyContainerDefinition(
+		PrismContainerDefinition<?> configurationContainerDef = connectorSchema.createPropertyContainerDefinition(
 				ResourceType.F_CONNECTOR_CONFIGURATION.getLocalPart(),
 				ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_CONFIGURATION_TYPE_LOCAL_NAME);
 
 		// element with "ConfigurationPropertiesType" - the dynamic part of
 		// configuration schema
-		ComplexTypeDefinition configPropertiesTypeDef = mpSchema.createComplexTypeDefinition(new QName(
+		ComplexTypeDefinition configPropertiesTypeDef = connectorSchema.createComplexTypeDefinition(new QName(
 				connectorType.getNamespace(),
 				ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_CONFIGURATION_PROPERTIES_TYPE_LOCAL_NAME));
 
@@ -411,6 +417,9 @@ public PrismSchema generateConnectorSchema() {
         configurationContainerDef.createContainerDefinition(
                 ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_RESULTS_HANDLER_CONFIGURATION_ELEMENT,
                 ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_RESULTS_HANDLER_CONFIGURATION_TYPE, 0, 1);
+		configurationContainerDef.createPropertyDefinition(
+				ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_LEGACY_SCHEMA_ELEMENT,
+				ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_LEGACY_SCHEMA_TYPE, 0, 1);
 
 		// No need to create definition of "configuration" element.
 		// midPoint will look for this element, but it will be generated as part
@@ -420,10 +429,9 @@ public PrismSchema generateConnectorSchema() {
 				ConnectorFactoryIcfImpl.CONNECTOR_SCHEMA_CONFIGURATION_PROPERTIES_ELEMENT_QNAME,
 				configPropertiesTypeDef, 1, 1);
 
-		LOGGER.debug("Generated configuration schema for {}: {} definitions", this, mpSchema.getDefinitions()
+		LOGGER.debug("Generated configuration schema for {}: {} definitions", this, connectorSchema.getDefinitions()
 				.size());
-		connectorSchema = mpSchema;
-		return mpSchema;
+		return connectorSchema;
 	}
 
 	private QName icfTypeToXsdType(Class<?> type, boolean isConfidential) {
@@ -482,7 +490,7 @@ public void initialize(ResourceSchema resourceSchema, Collection<Object> capabil
 		this.capabilities = capabilities;
 		this.caseIgnoreAttributeNames = caseIgnoreAttributeNames;
 		
-		if (resourceSchema != null) {
+		if (resourceSchema != null && legacySchema == null) {
 			legacySchema = isLegacySchema(resourceSchema);
 		}
 
diff --git a/provisioning/provisioning-impl/src/test/resources/impl/dummy-no-activation/resource-dummy.xml b/provisioning/provisioning-impl/src/test/resources/impl/dummy-no-activation/resource-dummy.xml
index e675c545551..c9d3bc67449 100644
--- a/provisioning/provisioning-impl/src/test/resources/impl/dummy-no-activation/resource-dummy.xml
+++ b/provisioning/provisioning-impl/src/test/resources/impl/dummy-no-activation/resource-dummy.xml
@@ -46,6 +46,8 @@
 			<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
 			<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
 		</icfc:resultsHandlerConfiguration>
+		
+		<icfc:legacySchema>true</icfc:legacySchema>
 
 	</connectorConfiguration>
 	<namespace>http://midpoint.evolveum.com/xml/ns/public/resource/instance/ef2bc95b-76e0-59e2-86d6-9999dddddddd</namespace>

From a5bce81aed412d558f1b9d60208f8659214e49b3 Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Wed, 19 Aug 2015 14:03:56 +0200
Subject: [PATCH 4/5] eDirectory enable/disable tests

---
 .../schema/util/ResourceTypeUtil.java         |  19 +++
 .../testing/conntest/AbstractEDirTest.java    | 123 +++++++++++++++++-
 .../test/resources/edir/resource-athena.xml   |   8 --
 3 files changed, 141 insertions(+), 9 deletions(-)

diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ResourceTypeUtil.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ResourceTypeUtil.java
index f31a0d57c8e..e10c6201e45 100644
--- a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ResourceTypeUtil.java
+++ b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ResourceTypeUtil.java
@@ -41,6 +41,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.XmlSchemaType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType;
+import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CreateCapabilityType;
 import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
@@ -341,6 +342,24 @@ public static boolean hasResourceNativeActivationCapability(ResourceType resourc
 		return true;
 	}
 	
+	public static boolean hasResourceNativeActivationStatusCapability(ResourceType resource) {
+		ActivationCapabilityType activationCapability = null;
+		if (resource.getCapabilities() != null && resource.getCapabilities().getNative() != null) {
+			activationCapability = CapabilityUtil.getCapability(resource.getCapabilities().getNative().getAny(),
+					ActivationCapabilityType.class);
+		}
+		if (activationCapability == null) {
+			return false;
+		}
+		
+		ActivationStatusCapabilityType status = activationCapability.getStatus();
+		if (status == null) {
+			return false;
+		}
+		
+		return true;
+	}
+	
 	public static boolean hasResourceNativeActivationLockoutCapability(ResourceType resource) {
 		ActivationCapabilityType activationCapability = null;
 		// check resource native capabilities. if resource cannot do
diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
index fac62d19ee7..c65538da755 100644
--- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
+++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
@@ -36,6 +36,7 @@
 import org.testng.annotations.Listeners;
 import org.testng.annotations.Test;
 
+import com.evolveum.midpoint.common.refinery.RefinedResourceSchema;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.prism.delta.PropertyDelta;
@@ -43,6 +44,7 @@
 import com.evolveum.midpoint.prism.query.EqualFilter;
 import com.evolveum.midpoint.prism.query.ObjectFilter;
 import com.evolveum.midpoint.prism.query.ObjectQuery;
+import com.evolveum.midpoint.prism.util.PrismAsserts;
 import com.evolveum.midpoint.prism.util.PrismTestUtil;
 import com.evolveum.midpoint.schema.SearchResultList;
 import com.evolveum.midpoint.schema.SearchResultMetadata;
@@ -52,14 +54,17 @@
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
 import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
+import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
 import com.evolveum.midpoint.schema.util.ShadowUtil;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.test.IntegrationTestTools;
 import com.evolveum.midpoint.test.util.MidPointTestConstants;
 import com.evolveum.midpoint.test.util.TestUtil;
+import com.evolveum.midpoint.util.DOMUtil;
 import com.evolveum.midpoint.util.MiscUtil;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
@@ -202,6 +207,20 @@ public void test000Sanity() throws Exception {
 		cleanupDelete(toGroupDn("Mêlée Island"));
 	}
 
+	@Test
+    public void test050Capabilities() throws Exception {
+		final String TEST_NAME = "test050Capabilities";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        
+        Collection<Object> nativeCapabilitiesCollection = ResourceTypeUtil.getNativeCapabilitiesCollection(resourceType);
+        display("Native capabilities", nativeCapabilitiesCollection);
+        
+        assertTrue("No native activation capability", ResourceTypeUtil.hasResourceNativeActivationCapability(resourceType));
+        assertTrue("No native activation status capability", ResourceTypeUtil.hasResourceNativeActivationStatusCapability(resourceType));
+        assertTrue("No native lockout capability", ResourceTypeUtil.hasResourceNativeActivationLockoutCapability(resourceType));
+        assertTrue("No native credentias capability", ResourceTypeUtil.hasCredentialsCapability(resourceType));
+	}
+	
 	@Test
     public void test100SeachJackByLdapUid() throws Exception {
 		final String TEST_NAME = "test100SeachJackByLdapUid";
@@ -520,8 +539,70 @@ public void test220ModifyUserBarbossaPassword() throws Exception {
         assertEquals("Shadows have moved", accountBarbossaOid, shadowOid);
 	}
 	
+	@Test
+    public void test230DisableBarbossa() throws Exception {
+		final String TEST_NAME = "test230DisableBarbossa";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+        
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modifyUserReplace(USER_BARBOSSA_OID, 
+        		new ItemPath(UserType.F_ACTIVATION,  ActivationType.F_ADMINISTRATIVE_STATUS), 
+        		task, result, ActivationStatusType.DISABLED);
+        
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+        
+        PrismObject<UserType> user = getUser(USER_BARBOSSA_OID);
+        assertAdministrativeStatus(user, ActivationStatusType.DISABLED);
+
+        Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
+        assertAttribute(entry, "loginDisabled", "TRUE");
+        
+        String shadowOid = getSingleLinkOid(user);
+        PrismObject<ShadowType> shadow = getObject(ShadowType.class, shadowOid);
+        assertAdministrativeStatus(shadow, ActivationStatusType.DISABLED);
+	}
+	
+	@Test
+    public void test239EnableBarbossa() throws Exception {
+		final String TEST_NAME = "test239EnableBarbossa";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+        
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modifyUserReplace(USER_BARBOSSA_OID, 
+        		new ItemPath(UserType.F_ACTIVATION,  ActivationType.F_ADMINISTRATIVE_STATUS), 
+        		task, result, ActivationStatusType.ENABLED);
+        
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+        
+        PrismObject<UserType> user = getUser(USER_BARBOSSA_OID);
+        assertAdministrativeStatus(user, ActivationStatusType.ENABLED);
+
+        Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
+        assertAttribute(entry, "loginDisabled", "FALSE");
+        
+        String shadowOid = getSingleLinkOid(user);
+        PrismObject<ShadowType> shadow = getObject(ShadowType.class, shadowOid);
+        assertAdministrativeStatus(shadow, ActivationStatusType.ENABLED);
+	}
+	
 	/**
-	 * This should create account with a group.
+	 * This should create account with a group. And disabled.
 	 */
 	@Test
     public void test250AssignGuybrushPirates() throws Exception {
@@ -532,6 +613,10 @@ public void test250AssignGuybrushPirates() throws Exception {
         Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
         OperationResult result = task.getResult();
         
+        modifyUserReplace(USER_GUYBRUSH_OID, 
+        		new ItemPath(UserType.F_ACTIVATION,  ActivationType.F_ADMINISTRATIVE_STATUS), 
+        		task, result, ActivationStatusType.DISABLED);
+        
         // WHEN
         TestUtil.displayWhen(TEST_NAME);
         assignRole(USER_GUYBRUSH_OID, ROLE_PIRATES_OID, task, result);
@@ -543,16 +628,52 @@ public void test250AssignGuybrushPirates() throws Exception {
 
         Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME);
         display("Entry", entry);
+        assertAttribute(entry, "loginDisabled", "TRUE");
         
         assertEDirGroupMember(entry, GROUP_PIRATES_NAME);
         
         PrismObject<UserType> user = getUser(USER_GUYBRUSH_OID);
+        assertAdministrativeStatus(user, ActivationStatusType.DISABLED);
         String shadowOid = getSingleLinkOid(user);
         
         PrismObject<ShadowType> shadow = getObject(ShadowType.class, shadowOid);
         IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupPiratesOid);
+        assertAdministrativeStatus(shadow, ActivationStatusType.DISABLED);
 	}
 	
+	@Test
+    public void test260EnableGyubrush() throws Exception {
+		final String TEST_NAME = "test260EnableGyubrush";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+        
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modifyUserReplace(USER_GUYBRUSH_OID, 
+        		new ItemPath(UserType.F_ACTIVATION,  ActivationType.F_ADMINISTRATIVE_STATUS), 
+        		task, result, ActivationStatusType.ENABLED);
+        
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+        
+        PrismObject<UserType> user = getUser(USER_GUYBRUSH_OID);
+        assertAdministrativeStatus(user, ActivationStatusType.ENABLED);
+
+        Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME);
+        assertAttribute(entry, "loginDisabled", "FALSE");
+        
+        String shadowOid = getSingleLinkOid(user);
+        PrismObject<ShadowType> shadow = getObject(ShadowType.class, shadowOid);
+        assertAdministrativeStatus(shadow, ActivationStatusType.ENABLED);
+	}
+
+	// TODO: search for disabled accounts
+	
 	@Test
     public void test300AssignBarbossaPirates() throws Exception {
 		final String TEST_NAME = "test300AssignBarbossaPirates";
diff --git a/testing/conntest/src/test/resources/edir/resource-athena.xml b/testing/conntest/src/test/resources/edir/resource-athena.xml
index 85fb10e1c54..0aa4c517c96 100644
--- a/testing/conntest/src/test/resources/edir/resource-athena.xml
+++ b/testing/conntest/src/test/resources/edir/resource-athena.xml
@@ -187,17 +187,9 @@
 				</filter>
 			</protected>
 
-
-
 				<activation>
 					<administrativeStatus>
 						<outbound/>
-						<inbound>
-							<strength>weak</strength>
-							<expression>
-								<asIs/>
-							</expression>
-						</inbound>
 					</administrativeStatus>
 				</activation>
 

From 067d442edf2b98fad10ae1a2e9191228a107c19f Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Wed, 19 Aug 2015 15:40:24 +0200
Subject: [PATCH 5/5] Configuration of eDir tests for bamboo

---
 .../testing/conntest/TestEDirDeimos.java      |  55 +++
 .../test/resources/edir/resource-deimos.xml   | 325 ++++++++++++++++++
 testing/conntest/testng.xml                   |   1 +
 3 files changed, 381 insertions(+)
 create mode 100644 testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/TestEDirDeimos.java
 create mode 100644 testing/conntest/src/test/resources/edir/resource-deimos.xml

diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/TestEDirDeimos.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/TestEDirDeimos.java
new file mode 100644
index 00000000000..37987d41cf9
--- /dev/null
+++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/TestEDirDeimos.java
@@ -0,0 +1,55 @@
+/**
+ * Copyright (c) 2015 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.evolveum.midpoint.testing.conntest;
+
+import java.io.File;
+
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.Listeners;
+
+import com.evolveum.midpoint.test.util.MidPointTestConstants;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
+import com.evolveum.midpoint.util.exception.SchemaException;
+
+/**
+ * @author semancik
+ * 
+ * This configuration is supposed to be executed in bamboo (behind firewall).
+ *
+ */
+public class TestEDirDeimos extends AbstractEDirTest {
+
+	@Override
+	protected String getResourceOid() {
+		return "0893372c-3c42-11e5-9179-001e8c717e5b";
+	}
+	
+	@Override
+	protected File getResourceFile() {
+		return new File(getBaseDir(), "resource-deimos.xml");
+	}
+
+	@Override
+	protected String getLdapServerHost() {
+		return "deimos.lab.evolveum.com";
+	}
+
+	@Override
+	protected int getLdapServerPort() {
+		return 3636;
+	}
+	
+}
diff --git a/testing/conntest/src/test/resources/edir/resource-deimos.xml b/testing/conntest/src/test/resources/edir/resource-deimos.xml
new file mode 100644
index 00000000000..012a273de10
--- /dev/null
+++ b/testing/conntest/src/test/resources/edir/resource-deimos.xml
@@ -0,0 +1,325 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2015 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+         xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+         xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+         xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+         xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+         xmlns:my="http://whatever.com/my"
+         xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+         xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">
+
+	<resource oid="0893372c-3c42-11e5-9179-001e8c717e5b">
+
+		<name>eDirectory deimos</name>
+
+		<description>Novell/NetIQ eDirectory</description>
+
+		<connectorRef type="ConnectorType">
+			<filter>
+				<q:equal>
+					<q:path>c:connectorType</q:path>
+					<q:value>com.evolveum.polygon.connector.ldap.edirectory.EDirectoryLdapConnector</q:value>
+				</q:equal>
+			</filter>
+		</connectorRef>
+
+		<connectorConfiguration>
+			<icfc:configurationProperties
+			xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.edirectory.EDirectoryLdapConnector">
+				<icfcldap:port>3636</icfcldap:port>
+				<icfcldap:host>deimos.lab.evolveum.com</icfcldap:host>
+				<icfcldap:connectionSecurity>ssl</icfcldap:connectionSecurity>
+				<icfcldap:baseContext>o=example</icfcldap:baseContext>
+				<icfcldap:bindDn>cn=admin,o=example</icfcldap:bindDn>
+				<icfcldap:bindPassword>
+					<clearValue>secret</clearValue>
+				</icfcldap:bindPassword>
+				<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
+			</icfc:configurationProperties>
+
+			<icfc:resultsHandlerConfiguration>
+			 <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
+			 <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
+			 <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
+		      </icfc:resultsHandlerConfiguration>
+		</connectorConfiguration>
+
+
+		<schemaHandling>
+			<objectType>
+				<kind>account</kind>
+				<displayName>Default Account</displayName>
+				<default>true</default>
+				<objectClass>ri:inetOrgPerson</objectClass>
+				<attribute>
+					<ref>dn</ref>
+					<displayName>Distinguished Name</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<matchingRule>mr:distinguishedName</matchingRule>
+					<outbound>
+						<source>
+							<path>$user/name</path>
+						</source>
+						<expression>
+							<script>
+								<code>
+									import javax.naming.ldap.Rdn
+									import javax.naming.ldap.LdapName
+	
+									dn = new LdapName('ou=people,o=example')
+									dn.add(new Rdn('uid',name.toString()))
+									return dn.toString()
+								</code>
+							</script>
+						</expression>
+					</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:cn</ref>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<outbound>
+						<source>
+							<path>fullName</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:sn</ref>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<outbound>
+						<source>
+							<path>familyName</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:givenName</ref>
+					<outbound>
+						<source>
+							<path>givenName</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:uid</ref>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+					<outbound>
+						<strength>weak</strength>
+						<source>
+							<path>name</path>
+						</source>
+					</outbound>
+				</attribute>
+
+				<attribute>
+					<ref>ri:mail</ref>
+					<outbound>
+						<source>
+							<path>emailAddress</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:telephoneNumber</ref>
+					<outbound>
+						<source>
+							<path>telephoneNumber</path>
+						</source>
+					</outbound>
+				</attribute>
+
+            <association>
+            	<ref>ri:group</ref>
+            	<displayName>Ordinary LDAP Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>ldapGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:member</associationAttribute>
+            	<valueAttribute>ri:dn</valueAttribute>
+            	<shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+            	<shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+            </association>
+            
+            <association>
+            	<ref>ri:orgGroup</ref>
+            	<displayName>Organizational Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>orgGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:member</associationAttribute>
+            	<valueAttribute>ri:dn</valueAttribute>
+            	<shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+            	<shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+            </association>
+            
+				<protected>
+				<filter>
+					<q:equal>
+						<q:path>
+							attributes/dn
+						</q:path>
+						<q:value>cn=admin,o=example</q:value>
+					</q:equal>
+				</filter>
+			</protected>
+
+				<activation>
+					<administrativeStatus>
+						<outbound/>
+					</administrativeStatus>
+				</activation>
+
+				<credentials>
+					<password>
+						<outbound>
+							<expression>
+								<asIs/>
+							</expression>
+						</outbound>
+					</password>
+				</credentials>
+
+			</objectType>
+
+        <objectType>
+        	<kind>entitlement</kind>
+            <intent>ldapGroup</intent>
+            <displayName>LDAP Group</displayName>
+            <objectClass>ri:groupOfNames</objectClass>
+            <attribute>
+                <ref>dn</ref>
+                <matchingRule>mr:distinguishedName</matchingRule>
+                <outbound>
+					<source>
+						<path>$focus/name</path>
+					</source>
+                    <expression>
+                    	<script>
+	                        <code>
+	                        	import javax.naming.ldap.Rdn
+	                        	import javax.naming.ldap.LdapName
+	                        	
+	                        	dn = new LdapName('ou=groups,o=example')
+	                        	dn.add(new Rdn('cn', name.toString()))
+	                        	return dn.toString()
+	                        </code>
+                        </script>
+                    </expression>
+                </outbound>
+            </attribute>
+            <attribute>
+                <ref>ri:cn</ref>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+                <outbound>
+                	<strength>weak</strength>
+                	<source>
+                		<path>$focus/name</path>
+                	</source>
+                </outbound>
+            </attribute>
+            <attribute>
+                <ref>ri:description</ref>
+                <outbound>
+                	<source>
+                		<path>description</path>
+                	</source>
+                </outbound>
+            </attribute>
+        </objectType>
+        
+        <objectType>
+		        <kind>entitlement</kind>
+				<intent>orgGroup</intent>
+				<displayName>Organizational Group</displayName>
+				<objectClass>ri:groupOfNames</objectClass>
+				<auxiliaryObjectClass>ri:nestedGroupAux</auxiliaryObjectClass>
+				<attribute>
+					<ref>ri:member</ref>
+					<matchingRule>mr:distinguishedName</matchingRule>
+					<fetchStrategy>minimal</fetchStrategy>
+				</attribute>
+				<attribute>
+		        	<ref>ri:dn</ref>
+					<matchingRule>mr:distinguishedName</matchingRule>
+		        	<outbound>
+					<source>
+						<path>$focus/name</path>
+					</source>
+					<expression>
+						<script>
+							<code>
+								return 'cn=' + name + ',ou=groups,o=example'
+							</code>
+						</script>
+					</expression>
+				</outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:cn</ref>
+					<displayName>Common Name</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+					<outbound>
+						<strength>weak</strength>
+						<source>
+							<path>$focus/name</path>
+						</source>
+					</outbound>
+				</attribute>
+				<attribute>
+			        <ref>ri:fullName</ref>
+					<description>Complete organization name</description>
+					<limitations>
+						<maxOccurs>1</maxOccurs>
+					</limitations>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+		        	<outbound>
+					<source>
+						<path>$focus/displayName</path>
+					</source>
+				</outbound>
+			</attribute>
+            <association>
+            	<ref>ri:group</ref>
+                <tolerant>true</tolerant>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+            	<displayName>eDirectory Group in Group Membership</displayName>
+            	<kind>entitlement</kind>
+            	<intent>orgGroup</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:groupMember</associationAttribute>
+                <shortcutAssociationAttribute>ri:groupMembership</shortcutAssociationAttribute>
+                <shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+                <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
+            	<valueAttribute>ri:dn</valueAttribute>
+            </association>
+			</objectType>
+
+		</schemaHandling>
+
+	</resource>
+
+</objects>
diff --git a/testing/conntest/testng.xml b/testing/conntest/testng.xml
index cb1e58670f0..ff12804871a 100644
--- a/testing/conntest/testng.xml
+++ b/testing/conntest/testng.xml
@@ -24,6 +24,7 @@
             <class name="com.evolveum.midpoint.testing.conntest.TestOpenLdap"/>
             <class name="com.evolveum.midpoint.testing.conntest.TestOpenDj"/>
             <class name="com.evolveum.midpoint.testing.conntest.Test389DsBacchus"/>
+            <class name="com.evolveum.midpoint.testing.conntest.TestEDirDeimos"/>
         </classes>
     </test>
 </suite>