Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
766cd03a
Commit
766cd03a
authored
Jul 31, 2020
by
Howard Chu
Committed by
Quanah Gibson-Mount
Aug 05, 2020
Browse files
ITS#9279 test Netscape password expiration controls
and do some LDIF cleanup
parent
9ed30535
Changes
2
Hide whitespace changes
Inline
Side-by-side
clients/tools/common.c
View file @
766cd03a
...
...
@@ -1570,20 +1570,20 @@ tool_bind( LDAP *ld )
#endif
#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
if
(
ctrls
)
{
LDAPControl
*
ctrl
;
ctrl
=
ldap_control_find
(
LDAP_CONTROL_X_PASSWORD_EXPIRED
,
ctrls
,
NULL
);
if
(
!
ctrl
)
ctrl
=
ldap_control_find
(
LDAP_CONTROL_X_PASSWORD_EXPIRING
,
if
(
ctrls
)
{
LDAPControl
*
ctrl
;
ctrl
=
ldap_control_find
(
LDAP_CONTROL_X_PASSWORD_EXPIRED
,
ctrls
,
NULL
);
if
(
ctrl
)
{
LDAPControl
*
ctmp
[
2
];
ctmp
[
0
]
=
ctrl
;
ctmp
[
1
]
=
NULL
;
tool_print_ctrls
(
ld
,
ctmp
);
if
(
!
ctrl
)
ctrl
=
ldap_control_find
(
LDAP_CONTROL_X_PASSWORD_EXPIRING
,
ctrls
,
NULL
);
if
(
ctrl
)
{
LDAPControl
*
ctmp
[
2
];
ctmp
[
0
]
=
ctrl
;
ctmp
[
1
]
=
NULL
;
tool_print_ctrls
(
ld
,
ctmp
);
}
}
}
#endif
if
(
ctrls
)
{
...
...
tests/scripts/test022-ppolicy
View file @
766cd03a
...
...
@@ -142,7 +142,7 @@ fi
echo
"Filling password history..."
$LDAPMODIFY
-v
-D
"
$USER
"
-h
$LOCALHOST
-p
$PORT1
-w
$PASS
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userpassword
userpassword:
$PASS
...
...
@@ -150,7 +150,7 @@ userpassword: $PASS
replace: userpassword
userpassword: 20urgle12-1
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-1
...
...
@@ -158,7 +158,7 @@ userpassword: 20urgle12-1
replace: userpassword
userpassword: 20urgle12-2
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-2
...
...
@@ -166,7 +166,7 @@ userpassword: 20urgle12-2
replace: userpassword
userpassword: 20urgle12-3
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-3
...
...
@@ -174,7 +174,7 @@ userpassword: 20urgle12-3
replace: userpassword
userpassword: 20urgle12-4
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-4
...
...
@@ -182,7 +182,7 @@ userpassword: 20urgle12-4
replace: userpassword
userpassword: 20urgle12-5
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-5
...
...
@@ -200,7 +200,7 @@ fi
echo
"Testing password history..."
$LDAPMODIFY
-v
-D
"
$USER
"
-h
$LOCALHOST
-p
$PORT1
-w
20urgle12-6
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: userPassword
userPassword: 20urgle12-6
...
...
@@ -220,7 +220,7 @@ echo "Testing forced reset..."
$LDAPMODIFY
-v
-D
"
$MANAGERDN
"
-h
$LOCALHOST
-p
$PORT1
-w
$PASSWD
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
replace: userPassword
userPassword:
$PASS
...
...
@@ -256,7 +256,7 @@ echo "Clearing forced reset..."
$LDAPMODIFY
-v
-D
"
$MANAGERDN
"
-h
$LOCALHOST
-p
$PORT1
-w
$PASSWD
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn:
uid=nd, ou=People, dc=example, dc=com
dn:
$USER
changetype: modify
delete: pwdReset
...
...
@@ -557,6 +557,98 @@ fi
fi
echo
""
echo
"Testing obsolete Netscape ppolicy controls..."
echo
"Enabling Netscape controls..."
$LDAPMODIFY
-v
-D
cn
=
config
-H
$URI1
-y
$CONFIGPWF
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn: olcOverlay={0}ppolicy,olcDatabase={1}
$BACKEND
,cn=config
changetype: modify
replace: olcPPolicySendNetscapeControls
olcPPolicySendNetscapeControls: TRUE
-
EOMODS
RC
=
$?
if
test
$RC
!=
0
;
then
echo
"ldapmodify failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
$RC
fi
echo
"Reconfiguring policy to remove grace logins..."
$LDAPMODIFY
-v
-D
"
$MANAGERDN
"
-H
$URI1
-w
$PASSWD
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
changetype: modify
delete: pwdGraceAuthnLimit
-
replace: pwdMaxAge
pwdMaxAge: 15
-
EOMODS
RC
=
$?
if
test
$RC
!=
0
;
then
echo
"ldapmodify failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
$RC
fi
OLDPASS
=
$PASS
PASS
=
newpass
$LDAPPASSWD
-H
$URI1
\
-w
secret
-s
$PASS
\
-D
"
$MANAGERDN
"
"
$USER
"
>>
$TESTOUT
2>&1
RC
=
$?
if
test
$RC
!=
0
;
then
echo
"Setting new password failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
$RC
fi
echo
"Clearing forced reset..."
$LDAPMODIFY
-v
-D
"
$MANAGERDN
"
-H
$URI1
-w
$PASSWD
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn:
$USER
changetype: modify
delete: pwdReset
EOMODS
DELAY
=
10
echo
"Testing password expiration"
echo
"Waiting
$DELAY
seconds for password to expire..."
sleep
$DELAY
$LDAPSEARCH
-H
$URI1
-D
"
$USER
"
-w
$PASS
\
-b
"
$BASEDN
"
-s
base
>
$SEARCHOUT
2>&1
sleep
3
$LDAPSEARCH
-H
$URI1
-D
"
$USER
"
-w
$PASS
\
-b
"
$BASEDN
"
-s
base
>>
$SEARCHOUT
2>&1
sleep
3
$LDAPSEARCH
-H
$URI1
-D
"
$USER
"
-w
$PASS
\
-b
"
$BASEDN
"
-s
base
>>
$SEARCHOUT
2>&1
sleep
3
$LDAPSEARCH
-H
$URI1
-D
"
$USER
"
-w
$PASS
\
-b
"
$BASEDN
"
-s
base
>>
$SEARCHOUT
2>&1
sleep
3
$LDAPSEARCH
-H
$URI1
-D
"
$USER
"
-w
$PASS
\
-b
"
$BASEDN
"
-s
base
>>
$SEARCHOUT
2>&1
RC
=
$?
if
test
$RC
=
0
;
then
echo
"Password expiration failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
1
fi
COUNT
=
`
grep
"PasswordExpiring"
$SEARCHOUT
|
wc
-l
`
if
test
$COUNT
=
0
;
then
echo
"Password expiring warning test failed!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
1
fi
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
echo
">>>>> Test succeeded"
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment