From 373e497b0e5bf0d9ad491a84682bf0879d3c9a62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Thu, 24 Oct 2019 14:14:05 +0100
Subject: [PATCH] ITS#9156 Add some ppolicy v10 tests

---
 tests/data/ppolicy.ldif       |  1 +
 tests/data/slapd-ppolicy.conf |  2 ++
 tests/scripts/test022-ppolicy | 64 +++++++++++++++++++++++++++++++++++
 3 files changed, 67 insertions(+)

diff --git a/tests/data/ppolicy.ldif b/tests/data/ppolicy.ldif
index fdd0c48be1..d4d697dd48 100644
--- a/tests/data/ppolicy.ldif
+++ b/tests/data/ppolicy.ldif
@@ -27,6 +27,7 @@ pwdCheckQuality: 2
 pwdExpireWarning: 10
 pwdMaxAge: 30
 pwdMinLength: 5
+pwdMaxLength: 13
 pwdGraceAuthnLimit: 3
 pwdAllowUserChange: TRUE
 pwdMustChange: TRUE
diff --git a/tests/data/slapd-ppolicy.conf b/tests/data/slapd-ppolicy.conf
index 5895120b95..ed47fe5dc0 100644
--- a/tests/data/slapd-ppolicy.conf
+++ b/tests/data/slapd-ppolicy.conf
@@ -39,6 +39,8 @@ rootpw		secret
 #ndb#dbname db_1
 #ndb#include @DATADIR@/ndb.conf
 
+lastbind on
+
 overlay		ppolicy
 ppolicy_default	"cn=Standard Policy,ou=Policies,dc=example,dc=com"
 ppolicy_use_lockout
diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy
index 904497832b..5a7bdbe5e9 100755
--- a/tests/scripts/test022-ppolicy
+++ b/tests/scripts/test022-ppolicy
@@ -329,6 +329,18 @@ if test $COUNT != 1 ; then
 	exit 1
 fi
 
+$LDAPPASSWD -h $LOCALHOST -p $PORT1 \
+	-w $PASS -a $PASS -s passwordthatistoolong \
+	-D "$USER" -e ppolicy > ${TESTOUT}.2 2>&1
+RC=$?
+cat ${TESTOUT}.2 >> $TESTOUT
+COUNT=`grep "Password is too long for policy" ${TESTOUT}.2 | wc -l`
+if test $COUNT != 1 ; then
+	echo "Control not returned in response"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
 echo "Testing hashed length requirement..."
 
 $LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS > \
@@ -405,6 +417,58 @@ if test $RC = 0 ; then
 	exit 1
 fi
 
+echo "Testing idle password expiration"
+echo "Reconfiguring policy to replace expiration with idle expiration..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
+changetype: modify
+delete: pwdMaxAge
+-
+add: pwdMaxIdle
+pwdMaxIdle: 15
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+	-b "$BASEDN" -s base > $SEARCHOUT 2>&1
+
+echo "Waiting 20 seconds for password to expire..."
+sleep 20
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
+	-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 49 ; then
+	echo "Password idle expiration failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Reverting policy changes..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
+changetype: modify
+delete: pwdMaxIdle
+-
+add: pwdMaxAge
+pwdMaxAge: 30
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
 if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno"  ; then 
 echo ""
 echo "Setting up policy state forwarding test..."