ITS#7084, ITS#7089, ITS#7788 Update test to account for new functionality

author Ondřej Kuzník <ondra@mistotebe.net>

Wed, 24 Jun 2020 11:54:27 +0000 (12:54 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Fri, 3 Jul 2020 20:42:14 +0000 (20:42 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Wed, 24 Jun 2020 11:54:27 +0000 (12:54 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Fri, 3 Jul 2020 20:42:14 +0000 (20:42 +0000)
diff --git a/tests/data/slapd-ppolicy.conf b/tests/data/slapd-ppolicy.conf

index ed47fe5dc051e45e6c88dcf5b362866891ac22c6..f1c83c49dee01f3a6ccfb46b59485fea049ffd8a 100644 (file)
--- a/tests/data/slapd-ppolicy.conf
+++ b/tests/data/slapd-ppolicy.conf
@@ -47,6 +47,7 @@ ppolicy_use_lockout
  
  access to attrs=userpassword
         by self write
+       by dn="uid=ndadmin, ou=People, dc=example, dc=com" manage
         by * auth
  
  access to *
diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy

index 5a7bdbe5e97146f90f31b89626731d34be39957b..f94d785b5538dee737ac8274e037a65134da845b 100755 (executable)
--- a/tests/scripts/test022-ppolicy
+++ b/tests/scripts/test022-ppolicy
@@ -38,6 +38,8 @@ KILLPIDS="$PID"
  
  USER="uid=nd, ou=People, dc=example, dc=com"
  PASS=testpassword
+PWADMIN="uid=ndadmin, ou=People, dc=example, dc=com"
+ADMINPASSWD=testpw
  
  sleep 1
  
@@ -216,17 +218,43 @@ if test $RC = 0 ; then
         exit 1
  fi
  
+echo "Testing failed logins when password/policy missing..."
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 \
+       -D "uid=test, ou=People,$BASEDN" -w hasnopolicy \
+       -b "$BASEDN" -s base > $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+       echo "Password accepted ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit 1
+fi
+
+$LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$BASEDN" -w hasnopw \
+       -b "$BASEDN" -s base > $SEARCHOUT 2>&1
+RC=$?
+if test $RC = 0 ; then
+       echo "Password accepted ($RC)!"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit 1
+fi
+
+$LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" \* \+ > $SEARCHOUT 2>&1
+COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l`
+if test $COUNT != 0 ; then
+       echo "Failed login stored on an account without policy and or password"
+       test $KILLSERVERS != no && kill -HUP $KILLPIDS
+       exit 1
+fi
+
  echo "Testing forced reset..."
  
-$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+$LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \
         $TESTOUT 2>&1 << EOMODS
  dn: uid=nd, ou=People, dc=example, dc=com
  changetype: modify
  replace: userPassword
  userPassword: $PASS
--
-replace: pwdReset
-pwdReset: TRUE
  
  EOMODS
  RC=$?
author	Ondřej Kuzník <ondra@mistotebe.net>
	Wed, 24 Jun 2020 11:54:27 +0000 (12:54 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Fri, 3 Jul 2020 20:42:14 +0000 (20:42 +0000)
tests/data/slapd-ppolicy.conf		patch \| blob \| blame \| history
tests/scripts/test022-ppolicy		patch \| blob \| blame \| history