f'-U{dc_username}%{dc_password}')
self.assertCmdFail(result)
self.assertIn('Failed to add user', err)
- self.assertIn('LDAP_CONSTRAINT_VIOLATION', err)
+ self.assertIn('LDAP_UNWILLING_TO_PERFORM', err)
self.assertIn(f'{werror.WERR_PASSWORD_RESTRICTION:08X}', err)
# Now search for the user, and make sure we don't find anything.
break;
case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT:
- ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ if (io->ac->pwd_reset) {
+ ret = LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ }
*werror = WERR_PASSWORD_RESTRICTION;
ldb_asprintf_errstring(ldb,
"%08X: %s - check_password_restrictions: "
return ret;
case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH:
- ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ if (io->ac->pwd_reset) {
+ ret = LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ }
*werror = WERR_PASSWORD_RESTRICTION;
ldb_asprintf_errstring(ldb,
"%08X: %s - check_password_restrictions: "
return ret;
default:
- ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ if (io->ac->pwd_reset) {
+ ret = LDB_ERR_UNWILLING_TO_PERFORM;
+ } else {
+ ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ }
*werror = WERR_PASSWORD_RESTRICTION;
ldb_asprintf_errstring(ldb,
"%08X: %s - check_password_restrictions: "
self.fail("Password '%s' should have been rejected" % password)
except ldb.LdbError as e:
(num, msg) = e.args
- self.assertEqual(num, ldb.ERR_CONSTRAINT_VIOLATION, msg)
+ self.assertIn(num, (ldb.ERR_UNWILLING_TO_PERFORM,
+ ldb.ERR_CONSTRAINT_VIOLATION), msg)
self.assertTrue('0000052D' in msg, msg)
def assert_password_valid(self, user, password):
self.fail()
except ldb.LdbError as e:
(num, msg) = e.args
- self.assertEqual(num, ldb.ERR_CONSTRAINT_VIOLATION, msg)
+ self.assertIn(num, (ldb.ERR_CONSTRAINT_VIOLATION,
+ ldb.ERR_UNWILLING_TO_PERFORM), msg)
self.assertTrue('0000052D' in msg, msg)
# check setting a password that meets the PSO settings works
projects / thirdparty / samba.git / commitdiff
