selftest: Add test that msDS-ExpirePasswordsOnSmartCardOnlyAccounts=TRUE is set

This assures us that the new provision sets the value by default.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

diff --git a/python/samba/tests/dsdb_quiet_provision_tests.py b/python/samba/tests/dsdb_quiet_provision_tests.py
index 81ef3ceb74f9c543e6a4931c07c3784eb0ca8b62..a7c9fbec83efc8b9b1733bb40a1311c0d5f5c6ab 100644 (file)
--- a/python/samba/tests/dsdb_quiet_provision_tests.py
+++ b/python/samba/tests/dsdb_quiet_provision_tests.py
@@ -67,3 +67,13 @@ class DsdbQuietProvisionTests(TestCase):
                                 expression=f"(&(objectClass = msKds-ProvRootKey)(msKds-UseStartTime<={min_use_start_time}))")
 
         self.assertGreater(len(res), 0)
+
+    def test_dsdb_smartcard_expire_set(self):
+        """In provision we set msDS-ExpirePasswordsOnSmartCardOnlyAccounts: TRUE for a new 2016 provision
+        """
+        dn = self.samdb.get_default_basedn()
+        res = self.samdb.search(dn,
+                                scope=ldb.SCOPE_BASE,
+                                expression="(msDS-ExpirePasswordsOnSmartCardOnlyAccounts=TRUE)")
+
+        self.assertEqual(len(res), 1)

diff --git a/selftest/knownfail.d/smartcard_expire b/selftest/knownfail.d/smartcard_expire
new file mode 100644 (file)
index 0000000..ac3821b
--- /dev/null
+++ b/selftest/knownfail.d/smartcard_expire
@@ -0,0 +1 @@
+^samba.tests.dsdb_quiet_provision_tests.samba.tests.dsdb_quiet_provision_tests.DsdbQuietProvisionTests.test_dsdb_smartcard_expire_set
\ No newline at end of file