SubentryPasswordPolicyTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2010 Sun Microsystems, Inc.
* Portions Copyright 2011-2015 ForgeRock AS.
*/
/**
* A set of test cases for the Directory Server subentry password policy.
*/
@SuppressWarnings("javadoc")
public class SubentryPasswordPolicyTestCase
extends CoreTestCase
{
{
// Add suffix entry.
{
}
// Add base entry.
{
}
"dn: uid=rogasawara," + BASE,
"objectclass: top",
"objectclass: person",
"objectclass: organizationalPerson",
"objectclass: inetOrgPerson",
"uid: rogasawara",
"userpassword: password",
"mail: rogasawara@example.com",
"givenname: Rodney",
"sn: Ogasawara",
"cn: Rodney Ogasawara",
"title: Sales, Director"
);
}
{
}
{
}
/**
* Retrieves a set of invalid configurations that cannot be used to
* initialize a password policy.
*
* @return A set of invalid configurations that cannot be used to
* initialize a password policy.
*
* @throws Exception If an unexpected problem occurs.
*/
public Object[][] getInvalidConfigurations()
throws Exception
{
"dn: cn=Temp Policy 1," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy 1",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: 1",
"pwdAttribute: userPassword",
"",
"dn: cn=Temp Policy 2," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy 2",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300 seconds",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: userPassword",
"",
"dn: cn=Temp Policy 3," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy 3",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: noSuchAttribute",
"",
"dn: cn=Temp Policy 4," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy 4",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: -3",
"pwdMustChange: TRUE",
"pwdAttribute: userPassword",
"",
"dn: cn=Temp Policy 5," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy 5",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 2147483648",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: userPassword",
"",
"dn: cn=Temp Policy 6," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: pwdValidatorPolicy",
"objectClass: subentry",
"cn: Temp Policy 6",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: userPassword",
"",
"dn: cn=Temp Policy 7," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: pwdValidatorPolicy",
"objectClass: subentry",
"cn: Temp Policy 7",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: userPassword",
"ds-cfg-password-validator: Not_A_DN",
"",
"dn: cn=Temp Policy 8," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: pwdValidatorPolicy",
"objectClass: subentry",
"cn: Temp Policy 8",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: userPassword",
"ds-cfg-password-validator: cn=Unique Characters Inexistant,cn=Password Validators,cn=config"
);
{
}
return configEntries;
}
/**
* Ensures that password policy creation will fail when given
* an invalid configuration.
*
* @param e The entry containing an invalid password policy
* configuration.
*
* @throws Exception If an unexpected problem occurs.
*/
public void testInvalidConfigurations(Entry e)
throws Exception
{
}
/**
* Ensures that password policy constructed from subentry
* is active and has a valid configuration.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testValidConfiguration()
throws Exception
{
// The values are selected on a basis that they
// should differ from default password policy.
"dn: cn=Temp Policy," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: authPassword",
"pwdMinAge: 600",
"pwdMaxAge: 2147483647",
"pwdInHistory: 5",
"pwdExpireWarning: 864000",
"pwdGraceAuthNLimit: 3",
"pwdFailureCountInterval: 3600",
"pwdAllowUserChange: FALSE",
"pwdSafeModify: TRUE"
);
// Check all pwp attributes for correct values.
"authPassword"));
/* Check the password validator attributes for correct values.
* The default unit-test config has a single Password validator which is
* enabled for the default password policy.
*/
{
}
// Make sure this policy applies to the test entry
// its supposed to target and that its the same
// policy object as previously tested.
"uid=rogasawara," + BASE));
false);
// Make sure this policy is gone and default
// policy is in effect instead.
}
/**
* Ensures that password policy constructed from subentry,
* containing a password validator reference,
* is active and has a valid configuration.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testValidConfigurationWithValidator()
throws Exception
{
// The values are selected on a basis that they
// should differ from default password policy.
"dn: cn=Temp Validator Policy," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: pwdValidatorPolicy",
"objectClass: subentry",
"cn: Temp Policy",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: TRUE",
"pwdAttribute: authPassword",
"pwdMinAge: 600",
"pwdMaxAge: 2147483647",
"pwdInHistory: 5",
"pwdExpireWarning: 864000",
"pwdGraceAuthNLimit: 3",
"pwdFailureCountInterval: 3600",
"pwdAllowUserChange: FALSE",
"pwdSafeModify: TRUE",
"ds-cfg-password-validator: cn=Unique Characters,cn=Password Validators,cn=config",
"ds-cfg-password-validator: cn=Length-Based Password Validator,cn=Password Validators,cn=config"
);
// Check the password validator attributes for correct values.
// Make sure this policy applies to the test entry
// its supposed to target and that its the same
// policy object as previously tested.
// Make sure this policy is gone and default
// policy is in effect instead.
}
/**
* Ensures that password policy pwdPolicySubentry
* operational attribute reflects active password
* policy for a given user entry.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testPasswordPolicySubentryAttribute()
throws Exception
{
"uid=rogasawara," + BASE));
"pwdpolicysubentry");
// Make sure that default policy is in effect
// for the user entry.
// Add new subentry policy with the
// scope to apply to the user entry.
"dn: cn=Temp Policy," + SUFFIX,
"objectClass: top",
"objectClass: pwdPolicy",
"objectClass: subentry",
"cn: Temp Policy",
"subtreeSpecification: { base \"ou=people\" }",
"pwdLockoutDuration: 300",
"pwdMaxFailure: 3",
"pwdMustChange: true",
"pwdAttribute: userPassword"
);
// Make sure just added policy is in effect.
"uid=rogasawara," + BASE));
// Remove subentry policy and make sure
// default policy is in effect again.
"uid=rogasawara," + BASE));
}
}