ITS#9279 test Netscape password expiration controls

and do some LDIF cleanup

diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy
index 543226ec53968156ebf7b24dbce63660386242f4..c233086545edecd6e2bf205b829f57940935c290 100755 (executable)
--- a/tests/scripts/test022-ppolicy
+++ b/tests/scripts/test022-ppolicy
@@ -152,7 +152,7 @@ fi
 echo "Filling password history..."
 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \
        $TESTOUT 2>&1 << EOMODS
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userpassword
 userpassword: $PASS
@@ -160,7 +160,7 @@ userpassword: $PASS
 replace: userpassword
 userpassword: 20urgle12-1
 
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userpassword
 userpassword: 20urgle12-1
@@ -168,7 +168,7 @@ userpassword: 20urgle12-1
 replace: userpassword
 userpassword: 20urgle12-2
 
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userpassword
 userpassword: 20urgle12-2
@@ -176,7 +176,7 @@ userpassword: 20urgle12-2
 replace: userpassword
 userpassword: 20urgle12-3
 
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userpassword
 userpassword: 20urgle12-3
@@ -184,7 +184,7 @@ userpassword: 20urgle12-3
 replace: userpassword
 userpassword: 20urgle12-4
 
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userpassword
 userpassword: 20urgle12-4
@@ -192,7 +192,7 @@ userpassword: 20urgle12-4
 replace: userpassword
 userpassword: 20urgle12-5
 
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userpassword
 userpassword: 20urgle12-5
@@ -210,7 +210,7 @@ fi
 echo "Testing password history..."
 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \
        $TESTOUT 2>&1 << EOMODS
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: userPassword
 userPassword: 20urgle12-6
@@ -259,7 +259,7 @@ echo "Testing forced reset..."
 
 $LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \
        $TESTOUT 2>&1 << EOMODS
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 replace: userPassword
 userPassword: $PASS
@@ -292,7 +292,7 @@ echo "Clearing forced reset..."
 
 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
        $TESTOUT 2>&1 << EOMODS
-dn: uid=nd, ou=People, dc=example, dc=com
+dn: $USER
 changetype: modify
 delete: pwdReset
 
@@ -661,6 +661,100 @@ fi
 
 fi
 
+echo ""
+echo "Testing obsolete Netscape ppolicy controls..."
+echo "Enabling Netscape controls..."
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcPPolicySendNetscapeControls
+olcPPolicySendNetscapeControls: TRUE
+-
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
+echo "Reconfiguring policy to remove grace logins..."
+$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: cn=Standard Policy, ou=Policies, dc=example, dc=com
+changetype: modify
+delete: pwdGraceAuthnLimit
+-
+replace: pwdMaxAge
+pwdMaxAge: 15
+-
+
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+       echo "ldapmodify failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
+OLDPASS=$PASS
+PASS=newpass
+$LDAPPASSWD -H $URI1 \
+       -w secret -s $PASS \
+       -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+       echo "Setting new password failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit $RC
+fi
+
+echo "Clearing forced reset..."
+$LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
+       $TESTOUT 2>&1 << EOMODS
+dn: $USER
+changetype: modify
+delete: pwdReset
+
+EOMODS
+
+DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+    -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'`
+DELAY=`expr $DELAY - 10`
+
+echo "Testing password expiration"
+echo "Waiting $DELAY seconds for password to expire..."
+sleep $DELAY
+
+$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
+       -b "$BASEDN" -s base > $SEARCHOUT 2>&1
+sleep 3
+$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
+       -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+sleep 3
+$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
+       -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+sleep 3
+$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
+       -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+sleep 3
+$LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \
+       -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+       echo "Password expiration failed ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit 1
+fi
+COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l`
+if test $COUNT = 0 ; then
+       echo "Password expiring warning test failed!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit 1
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 echo ">>>>> Test succeeded"