From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Mar 2022 20:53:06 +0000 (+0100)
Subject: dsdb/tests: prepare BasePasswordTestCase for simple bind tests
X-Git-Tag: tevent-0.12.0~501
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6;p=thirdparty%2Fsamba.git

dsdb/tests: prepare BasePasswordTestCase for simple bind tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/tests/python/password_lockout_base.py b/source4/dsdb/tests/python/password_lockout_base.py
index d11c6439913..5b872980b15 100644
--- a/source4/dsdb/tests/python/password_lockout_base.py
+++ b/source4/dsdb/tests/python/password_lockout_base.py
@@ -5,6 +5,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
 from ldb import SCOPE_BASE, LdbError
 from ldb import ERR_CONSTRAINT_VIOLATION
 from ldb import ERR_INVALID_CREDENTIALS
+from ldb import SUCCESS as LDB_SUCCESS
 from ldb import Message, MessageElement, Dn
 from ldb import FLAG_MOD_REPLACE
 from samba import gensec, dsdb
@@ -212,11 +213,17 @@ class BasePasswordTestCase(PasswordTestCase):
                                                        FLAG_MOD_REPLACE, "lockOutObservationWindow")
         self.ldb.modify(m)
 
-    def _readd_user(self, creds, lockOutObservationWindow=0):
+    def _readd_user(self, creds, lockOutObservationWindow=0, simple=False):
         username = creds.get_username()
         userpass = creds.get_password()
         userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
 
+        if simple:
+            creds.set_bind_dn(userdn)
+            ldap_url = self.host_url_ldaps
+        else:
+            ldap_url = self.host_url
+
         delete_force(self.ldb, userdn)
         self.ldb.add({
              "dn": userdn,
@@ -247,10 +254,10 @@ userPassword: """ + userpass + """
         self._check_account_initial(userdn)
 
         # Fail once to get a badPasswordTime
-        self.assertLoginFailure(self.host_url, fail_creds, self.lp)
+        self.assertLoginFailure(ldap_url, fail_creds, self.lp)
 
         # Succeed to reset everything to 0
-        ldb = self.assertLoginSuccess(self.host_url, creds, self.lp)
+        ldb = self.assertLoginSuccess(ldap_url, creds, self.lp)
 
         return ldb
 
@@ -361,10 +368,17 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
                                                    userpass="thatsAcomplPASS0",
                                                    kerberos_state=DONT_USE_KERBEROS)
         self.lockout1ntlm_ldb = self._readd_user(self.lockout1ntlm_creds)
+        self.lockout1simple_creds = self.insta_creds(self.template_creds,
+                                                   username="lockout1simple",
+                                                   userpass="thatsAcomplPASS0",
+                                                   kerberos_state=DONT_USE_KERBEROS)
+        self.lockout1simple_ldb = self._readd_user(self.lockout1simple_creds,
+                                                   simple=True)
 
     def delete_ldb_connections(self):
         del self.lockout1krb5_ldb
         del self.lockout1ntlm_ldb
+        del self.lockout1simple_ldb
         del self.ldb
 
     def tearDown(self):