mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-02-03 20:40:05 -05:00
ITS#9279 test Netscape password expiration controls
and do some LDIF cleanup
This commit is contained in:
Howard Chu
Quanah Gibson-Mount
parent
1a7864699c
commit
d4c7126e67
1 changed files with 103 additions and 9 deletions
|
|
@ -152,7 +152,7 @@ fi
|
|||
echo "Filling password history..."
|
||||
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userpassword
|
||||
userpassword: $PASS
|
||||
|
|
@ -160,7 +160,7 @@ userpassword: $PASS
|
|||
replace: userpassword
|
||||
userpassword: 20urgle12-1
|
||||
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userpassword
|
||||
userpassword: 20urgle12-1
|
||||
|
|
@ -168,7 +168,7 @@ userpassword: 20urgle12-1
|
|||
replace: userpassword
|
||||
userpassword: 20urgle12-2
|
||||
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userpassword
|
||||
userpassword: 20urgle12-2
|
||||
|
|
@ -176,7 +176,7 @@ userpassword: 20urgle12-2
|
|||
replace: userpassword
|
||||
userpassword: 20urgle12-3
|
||||
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userpassword
|
||||
userpassword: 20urgle12-3
|
||||
|
|
@ -184,7 +184,7 @@ userpassword: 20urgle12-3
|
|||
replace: userpassword
|
||||
userpassword: 20urgle12-4
|
||||
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userpassword
|
||||
userpassword: 20urgle12-4
|
||||
|
|
@ -192,7 +192,7 @@ userpassword: 20urgle12-4
|
|||
replace: userpassword
|
||||
userpassword: 20urgle12-5
|
||||
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userpassword
|
||||
userpassword: 20urgle12-5
|
||||
|
|
@ -210,7 +210,7 @@ fi
|
|||
echo "Testing password history..."
|
||||
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: userPassword
|
||||
userPassword: 20urgle12-6
|
||||
|
|
@ -259,7 +259,7 @@ echo "Testing forced reset..."
|
|||
|
||||
$LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
replace: userPassword
|
||||
userPassword: $PASS
|
||||
|
|
@ -292,7 +292,7 @@ echo "Clearing forced reset..."
|
|||
|
||||
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: uid=nd, ou=People, dc=example, dc=com
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: pwdReset
|
||||
|
||||
|
|
@ -661,6 +661,100 @@ fi
|
|||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Testing obsolete Netscape ppolicy controls..."
|
||||
echo "Enabling Netscape controls..."
|
||||
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
|
||||
changetype: modify
|
||||
replace: olcPPolicySendNetscapeControls
|
||||
olcPPolicySendNetscapeControls: TRUE
|
||||
-
|
||||
|
||||
EOMODS
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapmodify failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
echo "Reconfiguring policy to remove grace logins..."
|
||||
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
|
||||
changetype: modify
|
||||
delete: pwdGraceAuthnLimit
|
||||
-
|
||||
replace: pwdMaxAge
|
||||
pwdMaxAge: 15
|
||||
-
|
||||
|
||||
EOMODS
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "ldapmodify failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
OLDPASS=$PASS
|
||||
PASS=newpass
|
||||
$LDAPPASSWD -H $URI1 \
|
||||
-w secret -s $PASS \
|
||||
-D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
|
||||
RC=$?
|
||||
if test $RC != 0 ; then
|
||||
echo "Setting new password failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit $RC
|
||||
fi
|
||||
|
||||
echo "Clearing forced reset..."
|
||||
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
|
||||
$TESTOUT 2>&1 << EOMODS
|
||||
dn: $USER
|
||||
changetype: modify
|
||||
delete: pwdReset
|
||||
|
||||
EOMODS
|
||||
|
||||
DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \
|
||||
-b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'`
|
||||
DELAY=`expr $DELAY - 10`
|
||||
|
||||
echo "Testing password expiration"
|
||||
echo "Waiting $DELAY seconds for password to expire..."
|
||||
sleep $DELAY
|
||||
|
||||
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
|
||||
-b "$BASEDN" -s base > $SEARCHOUT 2>&1
|
||||
sleep 3
|
||||
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
|
||||
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
|
||||
sleep 3
|
||||
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
|
||||
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
|
||||
sleep 3
|
||||
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
|
||||
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
|
||||
sleep 3
|
||||
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
|
||||
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
|
||||
RC=$?
|
||||
if test $RC = 0 ; then
|
||||
echo "Password expiration failed ($RC)!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit 1
|
||||
fi
|
||||
COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l`
|
||||
if test $COUNT = 0 ; then
|
||||
echo "Password expiring warning test failed!"
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
exit 1
|
||||
fi
|
||||
|
||||
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
||||
|
||||
echo ">>>>> Test succeeded"
|
||||
|
|
|
|||
Loading…
Reference in a new issue