From: Tim Beale <timbeale@catalyst.net.nz>
Date: Tue, 8 May 2018 02:45:17 +0000 (+1200)
Subject: tests: Extend PSO tests to cover password-history/length/complexity
X-Git-Tag: ldb-1.4.0~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f82161caf299059c6d35bf28b9dfd8c1e4ddb30;p=thirdparty%2Fsamba.git

tests: Extend PSO tests to cover password-history/length/complexity

Unhobble the PSO test cases so that they not only check the
msDS-ResultantPSO constructed attribute, but also that the corresponding
PSO's password-history, minimum password length, and complexity settings
are actually used.

The tests now fail once more, as actually using the PSO's settings isn't
implemented yet.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---

diff --git a/selftest/knownfail.d/password_settings b/selftest/knownfail.d/password_settings
index a3c6a72cabf..a0cf46fda71 100644
--- a/selftest/knownfail.d/password_settings
+++ b/selftest/knownfail.d/password_settings
@@ -1,3 +1,7 @@
+samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_basics\(ad_dc_ntvfs\)
+samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_equal_precedence\(ad_dc_ntvfs\)
+samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_nested_groups\(ad_dc_ntvfs\)
+samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_special_groups\(ad_dc_ntvfs\)
 samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_min_age\(ad_dc_ntvfs\)
 samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_max_age\(ad_dc_ntvfs\)
 samba4.ldap.password_settings.python.password_settings.PasswordSettingsTestCase.test_pso_add_user\(ad_dc_ntvfs\)
diff --git a/source4/dsdb/tests/python/password_settings.py b/source4/dsdb/tests/python/password_settings.py
index 4ba534f956d..7712d241597 100644
--- a/source4/dsdb/tests/python/password_settings.py
+++ b/source4/dsdb/tests/python/password_settings.py
@@ -129,11 +129,6 @@ class PasswordSettingsTestCase(PasswordTestCase):
                         "Expected PSO %s, not %s" %(pso.name,
                                                     str(resultant_pso)))
 
-        # temporarily returning early here will just test the resultant-PSO
-        # constructed attribute. Remove this return to also test min password
-        # length, complexity, and password-history
-        return
-
         # we're mirroring the pwd_history for the user, so make sure this is
         # up-to-date, before we start making password changes
         if user.last_pso: