upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#9279 test Netscape password expiration controls

Browse source 
and do some LDIF cleanup
This commit is contained in:
Howard Chu 2020-07-31 01:38:48 +01:00 committed by Quanah Gibson-Mount
parent 9ed30535e3
commit 766cd03a2f
2 changed files with 113 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
clients/tools/common.c
View file

@ -1570,20 +1570,20 @@ tool_bind( LDAP *ld )
#endif
#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
if ( ctrls ) {
LDAPControl *ctrl;
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRED,
ctrls, NULL );
if ( !ctrl )
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRING,
if ( ctrls ) {
LDAPControl *ctrl;
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRED,
ctrls, NULL );
if ( ctrl ) {
LDAPControl *ctmp[2];
ctmp[0] = ctrl;
ctmp[1] = NULL;
tool_print_ctrls( ld, ctmp );
if ( !ctrl )
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRING,
ctrls, NULL );
if ( ctrl ) {
LDAPControl *ctmp[2];
ctmp[0] = ctrl;
ctmp[1] = NULL;
tool_print_ctrls( ld, ctmp );
}
}
}
#endif
if ( ctrls ) {

110
tests/scripts/test022-ppolicy
View file

@ -142,7 +142,7 @@ fi
echo "Filling password history..."
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: $PASS
@ -150,7 +150,7 @@ userpassword: $PASS
replace: userpassword
userpassword: 20urgle12-1
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-1
@ -158,7 +158,7 @@ userpassword: 20urgle12-1
replace: userpassword
userpassword: 20urgle12-2
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-2
@ -166,7 +166,7 @@ userpassword: 20urgle12-2
replace: userpassword
userpassword: 20urgle12-3
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-3
@ -174,7 +174,7 @@ userpassword: 20urgle12-3
replace: userpassword
userpassword: 20urgle12-4
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-4
@ -182,7 +182,7 @@ userpassword: 20urgle12-4
replace: userpassword
userpassword: 20urgle12-5
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-5
@ -200,7 +200,7 @@ fi
echo "Testing password history..."
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userPassword
userPassword: 20urgle12-6
@ -220,7 +220,7 @@ echo "Testing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
replace: userPassword
userPassword: $PASS
@ -256,7 +256,7 @@ echo "Clearing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: pwdReset
@ -557,6 +557,98 @@ fi
fi
echo ""
echo "Testing obsolete Netscape ppolicy controls..."
echo "Enabling Netscape controls..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \
$TESTOUT 2>&1 << EOMODS
dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
changetype: modify
replace: olcPPolicySendNetscapeControls
olcPPolicySendNetscapeControls: TRUE
-
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Reconfiguring policy to remove grace logins..."
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
changetype: modify
delete: pwdGraceAuthnLimit
-
replace: pwdMaxAge
pwdMaxAge: 15
-
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
OLDPASS=$PASS
PASS=newpass
$LDAPPASSWD -H $URI1 \
-w secret -s $PASS \
-D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "Setting new password failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Clearing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: $USER
changetype: modify
delete: pwdReset
EOMODS
DELAY=10
echo "Testing password expiration"
echo "Waiting $DELAY seconds for password to expire..."
sleep $DELAY
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base > $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
RC=$?
if test $RC = 0 ; then
echo "Password expiration failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l`
if test $COUNT = 0 ; then
echo "Password expiring warning test failed!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"