PasswordModifyExtendedOperationTestCase.java revision 3be59b3c0b3a13204a84aad9e391ec7914eea206
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2010 Sun Microsystems, Inc.
* Portions Copyright 2013-2015 ForgeRock AS.
*/
/**
* A set of test cases for the password modify extended operation.
*/
public class PasswordModifyExtendedOperationTestCase
extends ExtensionsTestCase
{
/**
* Ensures that the Directory Server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
public void startServer()
throws Exception
{
}
/**
* Retrieves a set of invalid configuration entries.
*
* @return The set of invalid configuration entries.
* @throws Exception If an unexpected problem occurs.
*/
public Object[][] getInvalidConfigs()
throws Exception
{
"dn: cn=Password Modify,cn=Extended Operations,cn=config",
"objectClass: top",
"objectClass: ds-cfg-extended-operation-handler",
"objectClass: ds-cfg-password-modify-extended-operation-handler",
"cn: Password Modify",
"ds-cfg-java-class: org.opends.server.extensions.PasswordModifyExtendedOperation",
"ds-cfg-enabled: true",
"",
"dn: cn=Password Modify,cn=Extended Operations,cn=config",
"objectClass: top",
"objectClass: ds-cfg-extended-operation-handler",
"objectClass: ds-cfg-password-modify-extended-operation-handler",
"cn: Password Modify",
"ds-cfg-java-class: org.opends.server.extensions.PasswordModifyExtendedOperation",
"ds-cfg-enabled: true",
"ds-cfg-identity-mapper: invaliddn",
"",
"dn: cn=Password Modify,cn=Extended Operations,cn=config",
"objectClass: top",
"objectClass: ds-cfg-extended-operation-handler",
"objectClass: ds-cfg-password-modify-extended-operation-handler",
"cn: Password Modify",
"ds-cfg-java-class: org.opends.server.extensions.PasswordModifyExtendedOperation",
"ds-cfg-enabled: true",
"ds-cfg-identity-mapper: cn=nonexistent,cn=config");
{
}
return array;
}
/**
* Tests the process of initializing the server with invalid configurations.
*
* @param e The configuration entry to use for the initialization.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(dataProvider = "invalidConfigs", expectedExceptions = { ConfigException.class, InitializationException.class})
public void testInitializeWithInvalidConfigs(Entry e)
throws Exception
{
AdminTestCaseUtils.getConfiguration(PasswordModifyExtendedOperationHandlerCfgDefn.getInstance(), e);
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a root user</LI>
* <LI>No authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsRootImplicitSelfWithOldPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
// Now change the password back to what it was.
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "newPassword",
"-c", "newPassword",
"-n", "password"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a root user</LI>
* <LI>Authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsRootExplicitSelfWithOldPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-c", "password",
"-n", "newPassword",
"-A"
};
// Now change the password back to what it was.
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "newPassword",
"-c", "newPassword",
"-n", "password",
"-A"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Unauthenticated client connection</LI>
* <LI>Authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsAnonymousExplicitRootWithOldPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:cn=Directory Manager",
"-c", "password",
"-n", "newPassword"
};
// Now change the password back to what it was.
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:cn=Directory Manager",
"-c", "newPassword",
"-n", "password"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>No authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserImplicitSelfWithOldPasswordWithNewPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>No authorization ID provided</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserImplicitSelfNoOldPasswordWithNewPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>No authorization ID provided</LI>
* <LI>No current password provided</LI>
* <LI>No new password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserImplicitSelfNoOldPasswordNoNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>Authorization ID provided ("dn:" form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>Authorization ID provided ("u:" form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserExplicitUColonSelfNoOldPasswordWithNewPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "u:test.user",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>userIdentity provided (LDAPDN form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserExplicitDNSelfNoOldPasswordWithNewPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "uid=test.user,o=test",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>userIdentity provided (userID form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserExplicitUSelfNoOldPasswordWithNewPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "test.user",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Unauthenticated client connection</LI>
* <LI>Authorization ID provided ("dn:" form)</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Unauthenticated client connection</LI>
* <LI>Authorization ID provided ("u:" form)</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "u:test.user",
"-c", "password",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP. It will use the following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a root user</LI>
* <LI>Authorization ID provided ("dn:" form) for a different user</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testRootPasswordResetNoCurrentPasswordWithNewPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using an authorization ID
* with the DN of a user that doesn't exist.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureDNColonNoSuchUser()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using an authorization ID with a malformed DN.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureDNColonMalformedDN()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:malformed",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using an authorization ID with the DN
* of a user where no part of the hierarchy exists.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureDNColonNoSuchBaseDN()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=doesnt.exist,o=doesnt.exist",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using an authorization ID with the uid
* of a user that doesn't exist.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureUColonNoSuchUser()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "u:test.user",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using an authorization ID with the uid
* of a user that doesn't exist and providing the current password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureUColonNoSuchUserWithCurrentPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "u:test.user",
"-c", "password",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using a malformed authorization ID.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureMalformedAuthZID()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "malformed",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using a bad current password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureWrongCurrentPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-c", "wrongPassword",
"-n", "newPassword"
};
}
/**
* Tests the password modify extended operation over LDAP using a pre-encoded new password.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAllowPreEncoded()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "{SSHA}Fv4b7f4AnRMUiGqBi9QA1xJrTtRTqS3WpRi81g=="
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation over LDAP using a pre-encoded new password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailurePreEncodedNewPassword()
throws Exception
{
/* Make sure preEncoded passwords are rejected */
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "{SSHA}Fv4b7f4AnRMUiGqBi9QA1xJrTtRTqS3WpRi81g=="
};
// don't restore password policy as this is already the default.
}
/**
* Tests the password modify extended operation over LDAP using a pre-encoded new password.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailurePreEncodedNewPasswordWithCurrentPassword()
throws Exception
{
/* Make sure preEncoded passwords are rejected. This should be the default, so we will not restore config after */
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "{SSHA}Fv4b7f4AnRMUiGqBi9QA1xJrTtRTqS3WpRi81g=="
};
}
/**
* Tests the password modify extended operation over an internal connection with a request whose value
* isn't a valid encoded sequence.
*/
@Test
public void testFailureInvalidRequestValueFormat()
{
}
/**
* Tests the password modify extended operation over an internal connection with a request that contain
* an invalid sequence element type.
*/
@Test
public void testFailureInvalidSequenceElementType() throws Exception
{
}
/**
* Tests the password modify extended operation over an unauthenticated internal connection
* and without providing an authorization ID.
*/
@Test
public void testFailureCompletelyAnonymous() throws Exception
{
}
/**
* Tests the password modify extended operation with a password policy that doesn't allow users
* to change their own passwords. The current password is not provided in the extended operation.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRejectUserPasswordChanges()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation with a password policy that doesn't allow users to change
* their own passwords. The current password is provided.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRejectUserPasswordChangesWithCurrentPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation without providing the current password
* but with a password policy that requires it.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRequireCurrentPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
try {
} finally {
// Reset to default configuration
}
}
/**
* Tests the password modify extended operation that requires secure authentication
* but a connection that doesn't provide it.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRequireSecureAuthentication()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
try {
} finally {
// Reset to default configuration
}
}
/**
* Tests the password modify extended operation that requires secure password changes
* but a connection that doesn't provide it, using self-authentication.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRequireSecurePasswordChanges()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation that requires secure password changes
* but a connection that doesn't provide it. Authenticating as Directory Manager.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
try {
} finally {
// Reset to default configuration
}
}
/**
* Tests the password modify extended operation with a password change that is within the minimum password age.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureWithinMinAge()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation with a password change that is within the minimum password age.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureWithinMinAgeWithCurrentPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation with a password change for a user whose password is expired
* but expired password changes are not allowed.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureExpiredChangesNotAllowed()
throws Exception
{
try {
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
} finally {
}
}
/**
* Tests the password modify extended operation with a password change for a user whose password is expired
* but expired password changes are allowed.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testExpiredChangesAllowed()
throws Exception
{
try {
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
}
finally {
}
}
/**
* Tests the password modify extended operation with a password change for a user
* where there is no new password provided and there is no password generator.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureNoPasswordNoGenerator()
throws Exception {
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password"
};
try {
} finally {
applyPwdPolicyMods(conn, dnStr, attr, "cn=Random Password Generator,cn=Password Generators,cn=config");
}
}
/**
* Tests the password modify extended operation with a password change for a user where there is no new password
* provided and there is no password generator.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureNoPasswordNoGeneratorWithPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password"
};
try {
}
finally {
applyPwdPolicyMods(conn, dnStr, attr, "cn=Random Password Generator,cn=Password Generators,cn=config");
}
}
/**
* Tests the password modify extended operation with a password change for a user where a password validator
* rejects the change.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureValidatorReject()
throws Exception
{
applyPwdPolicyMods(conn, dnStr, attr, "cn=Length-Based Password Validator,cn=Password Validators,cn=config");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "short"
};
try {
}
finally {
}
}
/**
* Tests the password modify extended operation with a password change for a user where a password validator
* rejects the change.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureValidatorRejectWithCurrentPassword()
throws Exception
{
applyPwdPolicyMods(conn, dnStr, attr, "cn=Length-Based Password Validator,cn=Password Validators,cn=config");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "short"
};
try {
}
finally {
}
}
/**
* Tests the password modify extended operation over LDAP when the existing
* account has multiple passwords.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAllowMultiplePasswords()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password",
"userPassword: password2");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests the password modify extended operation over LDAP when the existing account has multiple passwords.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAllowMultipleAuthPasswords()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: authPasswordObject",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"authPassword: password",
"authPassword: password2",
"ds-pwp-password-policy-dn: cn=SHA1 AuthPassword Policy,cn=Password Policies,cn=config");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
try {
} finally {
}
}
/**
* Tests to ensure that if the user provides the correct old password, then the last login time will be
* updated if that feature is enabled.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testUpdateLastLoginTime()
throws Exception
{
"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
"changetype: modify",
"replace: ds-cfg-last-login-time-attribute",
"ds-cfg-last-login-time-attribute: ds-pwp-last-login-time",
"-",
"replace: ds-cfg-last-login-time-format",
"ds-cfg-last-login-time-format: yyyyMMdd");
try
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newpassword"
};
}
finally
{
"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
"changetype: modify",
"replace: ds-cfg-last-login-time-attribute",
"-",
"replace: ds-cfg-last-login-time-format");
}
}
/**
* Tests to ensure that if the user provides an incorrect old password, then
* the auth failure times will be updated if that feature is enabled.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testUpdateAuthFailureTimes()
throws Exception
{
"ds-cfg-lockout-failure-count", "3");
try
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "wrongoldpassword",
"-n", "newpassword"
};
} finally {
"ds-cfg-lockout-failure-count", "0");
}
}
/**
* Tests to ensure that if the password is changed with a generated password, the pwdHistory is getting
* updated properly.
*
* @throws Exception If an unexpected error occurs.
*/
@Test()
public void testUpdatePasswordHistory()
throws Exception
{
"ds-cfg-password-history-count", "5");
try
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password"
};
}
finally
{
"ds-cfg-password-history-count", "0");
}
}
return TestCaseUtils.addEntry(
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
}
private void verifyPasswordPerformingInternalBind(DN name, String newPwd) throws DirectoryException {
// Perform an internal bind to verify the password was actually changed.
}
private void applyPwdPolicyMods(InternalClientConnection conn, String pwPolDN, String attr, String value)
throws DirectoryException
{
}
"20050101000000.000Z")));
}
}