Skip to content

GitLab

Commit d4c7126e authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#9279 test Netscape password expiration controls 

and do some LDIF cleanup
parent 1a786469
Pipeline #655 passed with stage
in 29 minutes and 50 seconds
Hide whitespace changes
Inline Side-by-side
tests/scripts/test022-ppolicy
View file @ d4c7126e
......@@ -152,7 +152,7 @@ fi
echo "Filling password history..."
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: $PASS
......@@ -160,7 +160,7 @@ userpassword: $PASS
replace: userpassword
userpassword: 20urgle12-1
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-1
......@@ -168,7 +168,7 @@ userpassword: 20urgle12-1
replace: userpassword
userpassword: 20urgle12-2
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-2
......@@ -176,7 +176,7 @@ userpassword: 20urgle12-2
replace: userpassword
userpassword: 20urgle12-3
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-3
......@@ -184,7 +184,7 @@ userpassword: 20urgle12-3
replace: userpassword
userpassword: 20urgle12-4
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-4
......@@ -192,7 +192,7 @@ userpassword: 20urgle12-4
replace: userpassword
userpassword: 20urgle12-5
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-5
......@@ -210,7 +210,7 @@ fi
echo "Testing password history..."
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userPassword
userPassword: 20urgle12-6
......@@ -259,7 +259,7 @@ echo "Testing forced reset..."
$LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
replace: userPassword
userPassword: $PASS
......@@ -292,7 +292,7 @@ echo "Clearing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: pwdReset
......@@ -661,6 +661,100 @@ fi
fi
echo ""
echo "Testing obsolete Netscape ppolicy controls..."
echo "Enabling Netscape controls..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \
$TESTOUT 2>&1 << EOMODS
dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
changetype: modify
replace: olcPPolicySendNetscapeControls
olcPPolicySendNetscapeControls: TRUE
-
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Reconfiguring policy to remove grace logins..."
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
changetype: modify
delete: pwdGraceAuthnLimit
-
replace: pwdMaxAge
pwdMaxAge: 15
-
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
OLDPASS=$PASS
PASS=newpass
$LDAPPASSWD -H $URI1 \
-w secret -s $PASS \
-D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "Setting new password failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Clearing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: $USER
changetype: modify
delete: pwdReset
EOMODS
DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \
-b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'`
DELAY=`expr $DELAY - 10`
echo "Testing password expiration"
echo "Waiting $DELAY seconds for password to expire..."
sleep $DELAY
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base > $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
RC=$?
if test $RC = 0 ; then
echo "Password expiration failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l`
if test $COUNT = 0 ; then
echo "Password expiring warning test failed!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment