From d4c7126e670f8d268148c76789329dabba7669c7 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 31 Jul 2020 01:38:48 +0100 Subject: [PATCH] ITS#9279 test Netscape password expiration controls and do some LDIF cleanup --- tests/scripts/test022-ppolicy | 112 +++++++++++++++++++++++++++++++--- 1 file changed, 103 insertions(+), 9 deletions(-) diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy index 543226ec53..c233086545 100755 --- a/tests/scripts/test022-ppolicy +++ b/tests/scripts/test022-ppolicy @@ -152,7 +152,7 @@ fi echo "Filling password history..." $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \ $TESTOUT 2>&1 << EOMODS -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userpassword userpassword: $PASS @@ -160,7 +160,7 @@ userpassword: $PASS replace: userpassword userpassword: 20urgle12-1 -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-1 @@ -168,7 +168,7 @@ userpassword: 20urgle12-1 replace: userpassword userpassword: 20urgle12-2 -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-2 @@ -176,7 +176,7 @@ userpassword: 20urgle12-2 replace: userpassword userpassword: 20urgle12-3 -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-3 @@ -184,7 +184,7 @@ userpassword: 20urgle12-3 replace: userpassword userpassword: 20urgle12-4 -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-4 @@ -192,7 +192,7 @@ userpassword: 20urgle12-4 replace: userpassword userpassword: 20urgle12-5 -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-5 @@ -210,7 +210,7 @@ fi echo "Testing password history..." $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \ $TESTOUT 2>&1 << EOMODS -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: userPassword userPassword: 20urgle12-6 @@ -259,7 +259,7 @@ echo "Testing forced reset..." $LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \ $TESTOUT 2>&1 << EOMODS -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify replace: userPassword userPassword: $PASS @@ -292,7 +292,7 @@ echo "Clearing forced reset..." $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS -dn: uid=nd, ou=People, dc=example, dc=com +dn: $USER changetype: modify delete: pwdReset @@ -661,6 +661,100 @@ fi fi +echo "" +echo "Testing obsolete Netscape ppolicy controls..." +echo "Enabling Netscape controls..." +$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \ + $TESTOUT 2>&1 << EOMODS +dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config +changetype: modify +replace: olcPPolicySendNetscapeControls +olcPPolicySendNetscapeControls: TRUE +- + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Reconfiguring policy to remove grace logins..." +$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Standard Policy, ou=Policies, dc=example, dc=com +changetype: modify +delete: pwdGraceAuthnLimit +- +replace: pwdMaxAge +pwdMaxAge: 15 +- + +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +OLDPASS=$PASS +PASS=newpass +$LDAPPASSWD -H $URI1 \ + -w secret -s $PASS \ + -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "Setting new password failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Clearing forced reset..." +$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: $USER +changetype: modify +delete: pwdReset + +EOMODS + +DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'` +DELAY=`expr $DELAY - 10` + +echo "Testing password expiration" +echo "Waiting $DELAY seconds for password to expire..." +sleep $DELAY + +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base > $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +sleep 3 +$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ + -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 +RC=$? +if test $RC = 0 ; then + echo "Password expiration failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi +COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l` +if test $COUNT = 0 ; then + echo "Password expiring warning test failed!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit 1 +fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded"