From 5bf16496e42d57dcb1da1121334757f5e770647f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 24 Jun 2020 12:54:27 +0100 Subject: [PATCH] ITS#7084, ITS#7089, ITS#7788 Update test to account for new functionality --- tests/data/slapd-ppolicy.conf | 1 + tests/scripts/test022-ppolicy | 36 +++++++++++++++++++++++++++++++---- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/tests/data/slapd-ppolicy.conf b/tests/data/slapd-ppolicy.conf index ed47fe5dc0..f1c83c49de 100644 --- a/tests/data/slapd-ppolicy.conf +++ b/tests/data/slapd-ppolicy.conf @@ -47,6 +47,7 @@ ppolicy_use_lockout access to attrs=userpassword by self write + by dn="uid=ndadmin, ou=People, dc=example, dc=com" manage by * auth access to * diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy index 5a7bdbe5e9..f94d785b55 100755 --- a/tests/scripts/test022-ppolicy +++ b/tests/scripts/test022-ppolicy @@ -38,6 +38,8 @@ KILLPIDS="$PID" USER="uid=nd, ou=People, dc=example, dc=com" PASS=testpassword +PWADMIN="uid=ndadmin, ou=People, dc=example, dc=com" +ADMINPASSWD=testpw sleep 1 @@ -216,17 +218,43 @@ if test $RC = 0 ; then exit 1 fi +echo "Testing failed logins when password/policy missing..." + +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 \ + -D "uid=test, ou=People,$BASEDN" -w hasnopolicy \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Password accepted ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$BASEDN" -w hasnopw \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Password accepted ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + +$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" \* \+ > $SEARCHOUT 2>&1 +COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l` +if test $COUNT != 0 ; then + echo "Failed login stored on an account without policy and or password" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + echo "Testing forced reset..." -$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ +$LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: uid=nd, ou=People, dc=example, dc=com changetype: modify replace: userPassword userPassword: $PASS -- -replace: pwdReset -pwdReset: TRUE EOMODS RC=$?