Friday, September 2, 2016

[389-commits] dirsrvtests/tests

dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py | 340 ++++++++++
dirsrvtests/tests/tickets/ticket142_test.py | 307 ---------
2 files changed, 340 insertions(+), 307 deletions(-)

New commits:
commit 73d74f557e5dcc9939e8f4f0b4d928a06721a7a3
Author: Simon Pichugin <spichugi@redhat.com>
Date: Wed Aug 31 17:02:40 2016 +0200

Ticket 142 - Refactor and move CI test

Description: Move ticket142_test.py to pwdPolicy_inherit_global_test.py
to the password test suite. Refactor it and add one more test case.
Add test plan to an each test case.

https://fedorahosted.org/389/ticket/142

Reviewed by: mreynolds (Thanks!)

diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py
new file mode 100644
index 0000000..27d96c8
--- /dev/null
+++ b/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py
@@ -0,0 +1,340 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2016 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+#
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+import shutil
+import subprocess
+from lib389 import DirSrv, Entry, tools
+from lib389 import DirSrvTools
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+
+log = logging.getLogger(__name__)
+
+installation_prefix = None
+
+CONFIG_DN = 'cn=config'
+OU_PEOPLE = 'ou=People,' + DEFAULT_SUFFIX
+PWP_CONTAINER = 'nsPwPolicyContainer'
+PWP_CONTAINER_DN = 'cn=' + PWP_CONTAINER + ',' + OU_PEOPLE
+PWP_ENTRY_DN = 'cn=nsPwPolicyEntry,' + OU_PEOPLE
+PWP_CONTAINER_PEOPLE = 'cn="%s",%s' % (PWP_ENTRY_DN, PWP_CONTAINER_DN)
+PWP_TEMPLATE_ENTRY_DN = 'cn=nsPwTemplateEntry,' + OU_PEOPLE
+ATTR_INHERIT_GLOBAL = 'nsslapd-pwpolicy-inherit-global'
+ATTR_CHECK_SYNTAX = 'passwordCheckSyntax'
+
+BN = 'uid=buser,' + DEFAULT_SUFFIX
+TEMP_USER = 'cn=test{}'
+TEMP_USER_DN = '%s,%s' % (TEMP_USER, OU_PEOPLE)
+
+
+
+class TopologyStandalone(object):
+ def __init__(self, standalone):
+ standalone.open()
+ self.standalone = standalone
+
+
+@pytest.fixture(scope="module")
+def topology(request):
+ """This fixture is used to standalone topology for the 'module'."""
+
+ global installation_prefix
+
+ if installation_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
+
+ standalone = DirSrv(verbose=False)
+
+ # Args for the standalone instance
+ args_instance[SER_HOST] = HOST_STANDALONE
+ args_instance[SER_PORT] = PORT_STANDALONE
+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+ args_standalone = args_instance.copy()
+ standalone.allocate(args_standalone)
+
+ # Get the status of the instance and restart it if it exists
+ instance_standalone = standalone.exists()
+
+ # Remove the instance
+ if instance_standalone:
+ standalone.delete()
+
+ # Create the instance
+ standalone.create()
+
+ # Used to retrieve configuration information (dbdir, confdir...)
+ standalone.open()
+
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
+ # Here we have standalone instance up and running
+ return TopologyStandalone(standalone)
+
+
+@pytest.fixture(scope="module")
+def test_user(topology, request):
+ """User for binding operation"""
+
+ log.info('Adding user {}'.format(BN))
+ try:
+ topology.standalone.add_s(Entry((BN,
+ {'objectclass': ['top',
+ 'person',
+ 'organizationalPerson',
+ 'inetOrgPerson'],
+ 'cn': 'bind user',
+ 'sn': 'bind user',
+ 'userPassword': PASSWORD})))
+ log.info('Adding an aci for the bind user')
+ BN_ACI = '(targetattr="*")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///%s";)' % BN
+ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_ADD, 'aci', BN_ACI)])
+
+ except ldap.LDAPError as e:
+ log.error('Failed to add user (%s): error (%s)' % (BN,
+ e.message['desc']))
+ raise e
+
+ def fin():
+ log.info('Deleting user {}'.format(BN))
+ topology.standalone.delete_s(BN)
+ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_DELETE, 'aci', BN_ACI)])
+ request.addfinalizer(fin)
+
+
+@pytest.fixture(scope="module")
+def password_policy(topology, test_user):
+ """Set global password policy.
+ Then, set fine-grained subtree level password policy
+ to ou=People with no password syntax.
+
+ Note: do not touch nsslapd-pwpolicy-inherit-global -- off by default
+ """
+
+ log.info('Enable fine-grained policy')
+ try:
+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
+ 'nsslapd-pwpolicy-local',
+ 'on')])
+ except ldap.LDAPError as e:
+ log.error('Failed to set fine-grained policy: error {}'.format(
+ e.message['desc']))
+ raise e
+
+ log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
+ try:
+ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
+ '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
+ except subprocess.CalledProcessError as e:
+ log.error('Failed to create pw policy policy for {}: error {}'.format(
+ OU_PEOPLE, e.message['desc']))
+ raise e
+
+ log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
+ try:
+ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
+ 'pwdpolicysubentry',
+ PWP_CONTAINER_PEOPLE)])
+ except ldap.LDAPError as e:
+ log.error('Failed to pwdpolicysubentry pw policy '\
+ 'policy for {}: error {}'.format(OU_PEOPLE,
+ e.message['desc']))
+ raise e
+
+ log.info("Set the default settings for the policy container.")
+ topology.standalone.modify_s(PWP_CONTAINER_PEOPLE,
+ [(ldap.MOD_REPLACE, 'passwordMustChange', 'off'),
+ (ldap.MOD_REPLACE, 'passwordExp', 'off'),
+ (ldap.MOD_REPLACE, 'passwordMinAge', '0'),
+ (ldap.MOD_REPLACE, 'passwordChange', 'off'),
+ (ldap.MOD_REPLACE, 'passwordStorageScheme', 'ssha')])
+
+ check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'off')
+ check_attr_val(topology, CONFIG_DN, ATTR_CHECK_SYNTAX, 'off')
+
+
+def check_attr_val(topology, dn, attr, expected):
+ """Check that entry has the value"""
+
+ try:
+ centry = topology.standalone.search_s(dn, ldap.SCOPE_BASE, 'cn=*')
+ assert centry[0], 'Failed to get %s' % dn
+
+ val = centry[0].getValue(attr)
+ assert val == expected, 'Default value of %s is not %s, but %s' % (
+ attr, expected, val)
+
+ log.info('Default value of %s is %s' % (attr, expected))
+ except ldap.LDAPError as e:
+ log.fatal('Failed to search ' + dn + ': ' + e.message['desc'])
+ raise e
+
+
+@pytest.mark.parametrize('inherit_value,checksyntax_value',
+ [('off', 'off'), ('on', 'off'), ('off', 'on')])
+def test_entry_has_no_restrictions(topology, password_policy, test_user,
+ inherit_value, checksyntax_value):
+ """Make sure an entry added to ou=people
+ has no password syntax restrictions when:
+ - 'passwordCheckSyntax' is 'off' for 'nsslapd-pwpolicy-inherit-global'
+ equaled 'off' and 'on'
+ - 'passwordCheckSyntax' is 'on' for 'nsslapd-pwpolicy-inherit-global'
+ equaled 'off'
+
+ :Feature: Password policy
+
+ :Setup: Standalone instance, test user,
+ password policy entries for a subtree
+
+ :Steps: 1. Bind as test user
+ 2. Set 'nsslapd-pwpolicy-inherit-global' and
+ 'passwordCheckSyntax' accordingly:
+ a) 'off' and 'off'
+ b) 'on' and 'off'
+ c) 'off' and 'on'
+ 3. Try to add user with a short password
+
+ :Assert: No exception should occure
+ """
+
+ log.info('Set {} to {}'.format(ATTR_INHERIT_GLOBAL, inherit_value))
+ log.info('Set {} to {}'.format(ATTR_CHECK_SYNTAX, checksyntax_value))
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE,
+ ATTR_INHERIT_GLOBAL, inherit_value)])
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE,
+ ATTR_CHECK_SYNTAX, checksyntax_value)])
+
+ # Wait a second for cn=config to apply
+ time.sleep(1)
+ check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, inherit_value)
+ check_attr_val(topology, CONFIG_DN, ATTR_CHECK_SYNTAX, checksyntax_value)
+
+ log.info('Bind as test user')
+ topology.standalone.simple_bind_s(BN, PASSWORD)
+
+ log.info('Make sure an entry added to ou=people has '
+ 'no password syntax restrictions.')
+ try:
+ topology.standalone.add_s(Entry((TEMP_USER_DN.format('0'),
+ {'objectclass': ['top',
+ 'person',
+ 'organizationalPerson',
+ 'inetOrgPerson'],
+ 'cn': TEMP_USER.format('0'),
+ 'sn': TEMP_USER.format('0'),
+ 'userPassword': 'short'})))
+ except ldap.LDAPError as e:
+ log.fatal('Failed to add cn=test0 with userPassword: short: ' +
+ e.message['desc'])
+ raise e
+ finally:
+ log.info('Bind as DM user')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ log.info('Remove {}'.format(TEMP_USER_DN.format('0')))
+ try:
+ topology.standalone.delete_s(TEMP_USER_DN.format('0'))
+ except ldap.NO_SUCH_OBJECT as e:
+ log.fatal('There is no {}, it is a problem'.format(TEMP_USER_DN.format('0')))
+ raise e
+
+
+@pytest.mark.parametrize('container', [DN_CONFIG, PWP_CONTAINER_PEOPLE])
+def test_entry_has_restrictions(topology, password_policy, test_user, container):
+ """Set 'nsslapd-pwpolicy-inherit-global: on'
+ and 'passwordCheckSyntax: on'. Make sure that
+ syntax rules work, if set them at both: cn=config and
+ ou=people policy container.
+
+ :Feature: Password policy
+
+ :Setup: Standalone instance, test user,
+ password policy entries for a subtree
+
+ :Steps: 1. Bind as test user
+ 2. Switch 'nsslapd-pwpolicy-inherit-global: on'
+ 3. Switch 'passwordCheckSyntax: on'
+ 4. Set 'passwordMinLength: 9' to:
+ a) cn=config
+ b) ou=people policy container
+ 5. Try to add user with a short password (<9)
+ 6. Try to add user with a long password (>9)
+
+ :Assert: User should be rejected
+ """
+
+ log.info('Set {} to {}'.format(ATTR_INHERIT_GLOBAL, 'on'))
+ log.info('Set {} to {}'.format(ATTR_CHECK_SYNTAX, 'on'))
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE,
+ ATTR_INHERIT_GLOBAL, 'on')])
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE,
+ ATTR_CHECK_SYNTAX, 'on')])
+ topology.standalone.modify_s(container, [(ldap.MOD_REPLACE,
+ 'passwordMinLength' , '9')])
+
+ # Wait a second for cn=config to apply
+ time.sleep(1)
+ check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'on')
+ check_attr_val(topology, CONFIG_DN, ATTR_CHECK_SYNTAX, 'on')
+
+ log.info('Bind as test user')
+ topology.standalone.simple_bind_s(BN, PASSWORD)
+
+ log.info('Try to add user with a short password (<9)')
+ with pytest.raises(ldap.CONSTRAINT_VIOLATION):
+ topology.standalone.add_s(Entry((TEMP_USER_DN.format('0'),
+ {'objectclass': ['top',
+ 'person',
+ 'organizationalPerson',
+ 'inetOrgPerson'],
+ 'cn': TEMP_USER.format('0'),
+ 'sn': TEMP_USER.format('0'),
+ 'userPassword': 'short'})))
+
+ log.info('Try to add user with a long password (>9)')
+ try:
+ topology.standalone.add_s(Entry((TEMP_USER_DN.format('1'),
+ {'objectclass': ['top',
+ 'person',
+ 'organizationalPerson',
+ 'inetOrgPerson'],
+ 'cn': TEMP_USER.format('1'),
+ 'sn': TEMP_USER.format('1'),
+ 'userPassword': 'Reallylong1'})))
+ except ldap.LDAPError as e:
+ log.fatal('Failed to add cn=test1 with userPassword: short: '
+ + e.message['desc'])
+ raise e
+ finally:
+ log.info('Bind as DM user')
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ log.info('Remove {}'.format(TEMP_USER_DN.format('0')))
+ try:
+ topology.standalone.delete_s(TEMP_USER_DN.format('0'))
+ except ldap.NO_SUCH_OBJECT as e:
+ log.info('There is no {}, it is okay'.format(TEMP_USER_DN.format('0')))
+ try:
+ topology.standalone.delete_s(TEMP_USER_DN.format('1'))
+ except ldap.NO_SUCH_OBJECT as e:
+ log.fatal('There is no {}, it is a problem'.format(TEMP_USER_DN.format('1')))
+ raise e
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
diff --git a/dirsrvtests/tests/tickets/ticket142_test.py b/dirsrvtests/tests/tickets/ticket142_test.py
deleted file mode 100644
index 3c9cfce..0000000
--- a/dirsrvtests/tests/tickets/ticket142_test.py
+++ /dev/null
@@ -1,307 +0,0 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2015 Red Hat, Inc.
-# All rights reserved.
-#
-# License: GPL (version 3 or any later version).
-# See LICENSE for details.
-# --- END COPYRIGHT BLOCK ---
-#
-import os
-import sys
-import time
-import ldap
-import logging
-import pytest
-import shutil
-from lib389 import DirSrv, Entry, tools
-from lib389 import DirSrvTools
-from lib389.tools import DirSrvTools
-from lib389._constants import *
-from lib389.properties import *
-
-log = logging.getLogger(__name__)
-
-installation_prefix = None
-
-CONFIG_DN = 'cn=config'
-OU_PEOPLE = 'ou=People,' + DEFAULT_SUFFIX
-PWP_CONTAINER = 'nsPwPolicyContainer'
-PWP_CONTAINER_DN = 'cn=' + PWP_CONTAINER + ',' + OU_PEOPLE
-PWP_ENTRY_DN = 'cn=nsPwPolicyEntry,' + OU_PEOPLE
-PWP_TEMPLATE_ENTRY_DN = 'cn=nsPwTemplateEntry,' + OU_PEOPLE
-ATTR_INHERIT_GLOBAL = 'nsslapd-pwpolicy-inherit-global'
-
-BN = 'uid=buser,' + DEFAULT_SUFFIX
-
-
-class TopologyStandalone(object):
- def __init__(self, standalone):
- standalone.open()
- self.standalone = standalone
-
-
-@pytest.fixture(scope="module")
-def topology(request):
- '''
- This fixture is used to standalone topology for the 'module'.
- '''
- global installation_prefix
-
- if installation_prefix:
- args_instance[SER_DEPLOYED_DIR] = installation_prefix
-
- standalone = DirSrv(verbose=False)
-
- # Args for the standalone instance
- args_instance[SER_HOST] = HOST_STANDALONE
- args_instance[SER_PORT] = PORT_STANDALONE
- args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
- args_standalone = args_instance.copy()
- standalone.allocate(args_standalone)
-
- # Get the status of the instance and restart it if it exists
- instance_standalone = standalone.exists()
-
- # Remove the instance
- if instance_standalone:
- standalone.delete()
-
- # Create the instance
- standalone.create()
-
- # Used to retrieve configuration information (dbdir, confdir...)
- standalone.open()
-
- def fin():
- standalone.delete()
- request.addfinalizer(fin)
-
- # Here we have standalone instance up and running
- return TopologyStandalone(standalone)
-
-
-def _header(topology, label):
- topology.standalone.log.info("###############################################")
- topology.standalone.log.info("####### %s" % label)
- topology.standalone.log.info("###############################################")
-
-
-def check_attr_val(topology, dn, attr, expected):
- try:
- centry = topology.standalone.search_s(dn, ldap.SCOPE_BASE, 'cn=*')
- if centry:
- val = centry[0].getValue(attr)
- if val == expected:
- log.info('Default value of %s is %s' % (attr, expected))
- else:
- log.info('Default value of %s is not %s, but %s' % (attr, expected, val))
- assert False
- else:
- log.fatal('Failed to get %s' % dn)
- assert False
- except ldap.LDAPError as e:
- log.fatal('Failed to search ' + dn + ': ' + e.message['desc'])
- assert False
-
-
-def test_142_init(topology):
- """
- Set global password policy.
- Then, set fine-grained subtree level password policy to ou=People with no password syntax.
- Note: do not touch nsslapd-pwpolicy-inherit-global -- off by default
- Also, adding an ordinary bind user.
- """
- _header(topology, 'Testing Ticket 142 - Default password syntax settings do not work with fine-grained policies')
-
- log.info("Setting global password policy with password syntax.")
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on')])
-
- log.info("Setting fine-grained password policy.")
- topology.standalone.add_s(Entry((PWP_CONTAINER_DN, {
- 'objectclass': "top nsContainer".split()})))
- topology.standalone.add_s(Entry(('cn="%s",%s' % (PWP_ENTRY_DN, PWP_CONTAINER_DN), {
- 'objectclass': "top ldapsubentry passwordpolicy".split()})))
- topology.standalone.add_s(Entry(('cn="%s",%s' % (PWP_TEMPLATE_ENTRY_DN, PWP_CONTAINER_DN), {
- 'objectclass': "top ldapsubentry costemplate".split(),
- 'pwdpolicysubentry': 'cn="%s",%s' % (PWP_ENTRY_DN, PWP_CONTAINER_DN)})))
- topology.standalone.add_s(Entry(('cn=nsPwPolicy_CoS,%s' % OU_PEOPLE, {
- 'objectclass': "top ldapsubentry cosSuperDefinition cosPointerDefinition".split(),
- 'cosTemplateDn': 'cn="%s",%s' % (PWP_TEMPLATE_ENTRY_DN, PWP_CONTAINER_DN),
- 'cosAttribute': 'pwdpolicysubentry default operational-default'})))
-
- log.info(" with the default settings.")
- topology.standalone.modify_s('cn="%s",%s' % (PWP_ENTRY_DN, PWP_CONTAINER_DN),
- [(ldap.MOD_REPLACE, 'passwordMustChange', 'off'),
- (ldap.MOD_REPLACE, 'passwordExp', 'off'),
- (ldap.MOD_REPLACE, 'passwordMinAge', '0'),
- (ldap.MOD_REPLACE, 'passwordChange', 'off'),
- (ldap.MOD_REPLACE, 'passwordStorageScheme', 'ssha')])
-
- check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'off')
- check_attr_val(topology, CONFIG_DN, 'passwordCheckSyntax', 'off')
-
- log.info('Adding a bind user.')
- topology.standalone.add_s(Entry((BN,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'bind user',
- 'sn': 'bind user',
- 'userPassword': PASSWORD})))
-
- log.info('Adding an aci for the bind user.')
- topology.standalone.modify_s(OU_PEOPLE,
- [(ldap.MOD_ADD,
- 'aci',
- '(targetattr="*")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///%s";)' % BN)])
-
-
-def test_142_run_0(topology):
- """
- Make sure an entry added to ou=people has no password syntax restrictions.
- """
- _header(topology, 'Case 0 - Make sure an entry added to ou=people has no password syntax restrictions.')
-
- topology.standalone.simple_bind_s(BN, PASSWORD)
- try:
- topology.standalone.add_s(Entry(('cn=test0,%s' % OU_PEOPLE,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'test0',
- 'sn': 'test0',
- 'userPassword': 'short'})))
- except ldap.LDAPError as e:
- log.fatal('Failed to add cn=test0 with userPassword: short: ' + e.message['desc'])
- assert False
-
- log.info('PASSED')
-
-
-def test_142_run_1(topology):
- """
- Set 'nsslapd-pwpolicy-inherit-global: on'
- But passwordCheckSyntax is still off.
- Make sure an entry added to ou=people has the global password syntax restrictions.
- """
- _header(topology, 'Case 1 - Make sure an entry added to ou=people has no password syntax restrictions.')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, ATTR_INHERIT_GLOBAL, 'on')])
- check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'on')
- check_attr_val(topology, CONFIG_DN, 'passwordCheckSyntax', 'off')
- topology.standalone.simple_bind_s(BN, PASSWORD)
- try:
- topology.standalone.add_s(Entry(('cn=test1,%s' % OU_PEOPLE,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'test1',
- 'sn': 'test1',
- 'userPassword': 'short'})))
- except ldap.LDAPError as e:
- log.fatal('Failed to add cn=test1 with userPassword: short: ' + e.message['desc'])
- assert False
-
- log.info('PASSED')
-
-
-def test_142_run_2(topology):
- """
- Set 'passwordCheckSyntax: on'
- Set 'passwordMinLength: 9' for testing
- Make sure an entry added to ou=people has the global password syntax restrictions.
- """
- _header(topology, 'Case 2 - Make sure an entry added to ou=people has the global password syntax restrictions.')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN,
- [(ldap.MOD_REPLACE, 'passwordCheckSyntax', 'on'),
- (ldap.MOD_REPLACE, 'passwordMinLength', '9')])
- check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'on')
- check_attr_val(topology, CONFIG_DN, 'passwordCheckSyntax', 'on')
- topology.standalone.simple_bind_s(BN, PASSWORD)
- failed_as_expected = False
- try:
- topology.standalone.add_s(Entry(('cn=test2,%s' % OU_PEOPLE,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'test2',
- 'sn': 'test2',
- 'userPassword': 'Abcd2345'})))
- except ldap.LDAPError as e:
- log.info('Adding cn=test2 with "userPassword: Abcd2345" was expectedly rejected: ' + e.message['desc'])
- failed_as_expected = True
-
- if not failed_as_expected:
- log.fatal('Adding cn=test2 with "userPassword: Abcd2345" was unexpectedly successful despite of short password.')
- assert False
-
- try:
- topology.standalone.add_s(Entry(('cn=test2,%s' % OU_PEOPLE,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'test2',
- 'sn': 'test2',
- 'userPassword': 'Abcd23456'})))
- except ldap.LDAPError as e:
- log.fatal('Adding cn=test2 with "userPassword: Abcd23456" failed: ' + e.message['desc'])
- assert False
-
- log.info('PASSED')
-
-
-def test_142_run_3(topology):
- """
- Set 'passwordCheckSyntax: on'
- Set 'nsslapd-pwpolicy-inherit-global: off'
- Make sure an entry added to ou=people has no syntax restrictions.
- """
- _header(topology, 'Case 3 - Make sure an entry added to ou=people has no password syntax restrictions.')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN,
- [(ldap.MOD_REPLACE, ATTR_INHERIT_GLOBAL, 'off')])
- check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'off')
- check_attr_val(topology, CONFIG_DN, 'passwordCheckSyntax', 'on')
- topology.standalone.simple_bind_s(BN, PASSWORD)
- try:
- topology.standalone.add_s(Entry(('cn=test3,%s' % OU_PEOPLE,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'test3',
- 'sn': 'test3',
- 'userPassword': 'Abcd3456'})))
- except ldap.LDAPError as e:
- log.fatal('Adding cn=test3 with "userPassword: Abcd3456" failed: ' + e.message['desc'])
- assert False
-
- log.info('PASSED')
-
-
-def test_142_run_4(topology):
- """
- Set 'passwordCheckSyntax: on'
- Set 'nsslapd-pwpolicy-inherit-global: on'
- Set password syntax to fine-grained password policy to check it overrides the global settings.
- """
- _header(topology, 'Case 4 - Make sure an entry added to ou=people follows the fine-grained password syntax restrictions.')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN,
- [(ldap.MOD_REPLACE, ATTR_INHERIT_GLOBAL, 'on')])
- check_attr_val(topology, CONFIG_DN, ATTR_INHERIT_GLOBAL, 'on')
- check_attr_val(topology, CONFIG_DN, 'passwordCheckSyntax', 'on')
- topology.standalone.modify_s('cn="%s",%s' % (PWP_ENTRY_DN, PWP_CONTAINER_DN),
- [(ldap.MOD_REPLACE, 'passwordMinLength', '5'),
- (ldap.MOD_REPLACE, 'passwordMinCategories', '2')])
- try:
- topology.standalone.add_s(Entry(('cn=test4,%s' % OU_PEOPLE,
- {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
- 'cn': 'test4',
- 'sn': 'test4',
- 'userPassword': 'Abcd4'})))
- except ldap.LDAPError as e:
- log.fatal('Adding cn=test4 with "userPassword: Abcd4" failed: ' + e.message['desc'])
- assert False
-
- log.info('PASSED')
-
-
-if __name__ == '__main__':
- # Run isolated
- # -s for DEBUG mode
- CURRENT_FILE = os.path.realpath(__file__)
- pytest.main("-s %s" % CURRENT_FILE)

--
389-commits mailing list
389-commits@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-commits@lists.fedoraproject.org

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)