Commit 766cd03a authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#9279 test Netscape password expiration controls

and do some LDIF cleanup
parent 9ed30535
......@@ -1570,20 +1570,20 @@ tool_bind( LDAP *ld )
#endif
#ifdef LDAP_CONTROL_X_PASSWORD_EXPIRED
if ( ctrls ) {
LDAPControl *ctrl;
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRED,
ctrls, NULL );
if ( !ctrl )
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRING,
if ( ctrls ) {
LDAPControl *ctrl;
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRED,
ctrls, NULL );
if ( ctrl ) {
LDAPControl *ctmp[2];
ctmp[0] = ctrl;
ctmp[1] = NULL;
tool_print_ctrls( ld, ctmp );
if ( !ctrl )
ctrl = ldap_control_find( LDAP_CONTROL_X_PASSWORD_EXPIRING,
ctrls, NULL );
if ( ctrl ) {
LDAPControl *ctmp[2];
ctmp[0] = ctrl;
ctmp[1] = NULL;
tool_print_ctrls( ld, ctmp );
}
}
}
#endif
if ( ctrls ) {
......
......@@ -142,7 +142,7 @@ fi
echo "Filling password history..."
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: $PASS
......@@ -150,7 +150,7 @@ userpassword: $PASS
replace: userpassword
userpassword: 20urgle12-1
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-1
......@@ -158,7 +158,7 @@ userpassword: 20urgle12-1
replace: userpassword
userpassword: 20urgle12-2
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-2
......@@ -166,7 +166,7 @@ userpassword: 20urgle12-2
replace: userpassword
userpassword: 20urgle12-3
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-3
......@@ -174,7 +174,7 @@ userpassword: 20urgle12-3
replace: userpassword
userpassword: 20urgle12-4
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-4
......@@ -182,7 +182,7 @@ userpassword: 20urgle12-4
replace: userpassword
userpassword: 20urgle12-5
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userpassword
userpassword: 20urgle12-5
......@@ -200,7 +200,7 @@ fi
echo "Testing password history..."
$LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: userPassword
userPassword: 20urgle12-6
......@@ -220,7 +220,7 @@ echo "Testing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
replace: userPassword
userPassword: $PASS
......@@ -256,7 +256,7 @@ echo "Clearing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: uid=nd, ou=People, dc=example, dc=com
dn: $USER
changetype: modify
delete: pwdReset
......@@ -557,6 +557,98 @@ fi
fi
echo ""
echo "Testing obsolete Netscape ppolicy controls..."
echo "Enabling Netscape controls..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \
$TESTOUT 2>&1 << EOMODS
dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
changetype: modify
replace: olcPPolicySendNetscapeControls
olcPPolicySendNetscapeControls: TRUE
-
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Reconfiguring policy to remove grace logins..."
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
changetype: modify
delete: pwdGraceAuthnLimit
-
replace: pwdMaxAge
pwdMaxAge: 15
-
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
OLDPASS=$PASS
PASS=newpass
$LDAPPASSWD -H $URI1 \
-w secret -s $PASS \
-D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "Setting new password failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Clearing forced reset..."
$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: $USER
changetype: modify
delete: pwdReset
EOMODS
DELAY=10
echo "Testing password expiration"
echo "Waiting $DELAY seconds for password to expire..."
sleep $DELAY
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base > $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
sleep 3
$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
-b "$BASEDN" -s base >> $SEARCHOUT 2>&1
RC=$?
if test $RC = 0 ; then
echo "Password expiration failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l`
if test $COUNT = 0 ; then
echo "Password expiring warning test failed!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment