PasswordModifyExtendedOperationTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2010 Sun Microsystems, Inc.
* Portions Copyright 2013-2015 ForgeRock AS.
*/
/**
* A set of test cases for the password modify extended operation.
*/
public class PasswordModifyExtendedOperationTestCase
extends ExtensionsTestCase
{
/**
* Ensures that the Directory Server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
public void startServer()
throws Exception
{
}
/**
* Retrieves a set of invalid configuration entries.
*
* @return The set of invalid configuration entries.
* @throws Exception If an unexpected problem occurs.
*/
public Object[][] getInvalidConfigs()
throws Exception
{
"dn: cn=Password Modify,cn=Extended Operations,cn=config",
"objectClass: top",
"objectClass: ds-cfg-extended-operation-handler",
"objectClass: ds-cfg-password-modify-extended-operation-handler",
"cn: Password Modify",
"ds-cfg-java-class: org.opends.server." +
"extensions.PasswordModifyExtendedOperation",
"ds-cfg-enabled: true",
"",
"dn: cn=Password Modify,cn=Extended Operations,cn=config",
"objectClass: top",
"objectClass: ds-cfg-extended-operation-handler",
"objectClass: ds-cfg-password-modify-extended-operation-handler",
"cn: Password Modify",
"ds-cfg-java-class: org.opends.server." +
"extensions.PasswordModifyExtendedOperation",
"ds-cfg-enabled: true",
"ds-cfg-identity-mapper: invaliddn",
"",
"dn: cn=Password Modify,cn=Extended Operations,cn=config",
"objectClass: top",
"objectClass: ds-cfg-extended-operation-handler",
"objectClass: ds-cfg-password-modify-extended-operation-handler",
"cn: Password Modify",
"ds-cfg-java-class: org.opends.server." +
"extensions.PasswordModifyExtendedOperation",
"ds-cfg-enabled: true",
"ds-cfg-identity-mapper: cn=nonexistent,cn=config");
{
}
return array;
}
/**
* Tests the process of initializing the server with invalid configurations.
*
* @param e The configuration entry to use for the initialization.
*
* @throws Exception If an unexpected problem occurs.
*/
expectedExceptions = { ConfigException.class,
InitializationException.class })
public void testInitializeWithInvalidConfigs(Entry e)
throws Exception
{
e);
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a root user</LI>
* <LI>No authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsRootImplicitSelfWithOldPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
new InternalClientConnection(new AuthenticationInfo());
// Now change the password back to what it was.
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "newPassword",
"-c", "newPassword",
"-n", "password"
};
0);
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a root user</LI>
* <LI>Authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsRootExplicitSelfWithOldPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-c", "password",
"-n", "newPassword",
"-A"
};
0);
// Perform an internal bind to verify the password was actually changed.
new InternalClientConnection(new AuthenticationInfo());
// Now change the password back to what it was.
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "newPassword",
"-c", "newPassword",
"-n", "password",
"-A"
};
0);
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Unauthenticated client conection</LI>
* <LI>Authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsAnonymousExplicitRootWithOldPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:cn=Directory Manager",
"-c", "password",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
new InternalClientConnection(new AuthenticationInfo());
// Now change the password back to what it was.
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:cn=Directory Manager",
"-c", "newPassword",
"-n", "password"
};
0);
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>No authorization ID provided</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserImplicitSelfWithOldPasswordWithNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>No authorization ID provided</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserImplicitSelfNoOldPasswordWithNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>No authorization ID provided</LI>
* <LI>No current password provided</LI>
* <LI>No new password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserImplicitSelfNoOldPasswordNoNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password"
};
0);
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>Authorization ID provided ("dn:" form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>Authorization ID provided ("u:" form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserExplicitUColonSelfNoOldPasswordWithNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "u:test.user",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>userIdentity provided (LDAPDN form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserExplicitDNSelfNoOldPasswordWithNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "uid=test.user,o=test",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a normal user</LI>
* <LI>userIdentity provided (userID form)</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAsUserExplicitUSelfNoOldPasswordWithNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "test.user",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Unauthenticated client connection</LI>
* <LI>Authorization ID provided ("dn:" form)</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Unauthenticated client connection</LI>
* <LI>Authorization ID provided ("u:" form)</LI>
* <LI>Current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "u:test.user",
"-c", "password",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP. It will use the
* following configuration:
* <BR>
* <UL>
* <LI>Authenticated as a root user</LI>
* <LI>Authorization ID provided ("dn:" form) for a different user</LI>
* <LI>No current password provided</LI>
* <LI>New password provided</LI>
* </UL>
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testRootPasswordResetNoCurrentPasswordWithNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
0);
// Perform an internal bind to verify the password was actually changed.
}
/**
* Tests the password modify extended operation over LDAP using an
* authorization ID with the DN of a user that doesn't exist.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureDNColonNoSuchUser()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using an
* authorization ID with a malformed DN.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureDNColonMalformedDN()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:malformed",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using an
* authorization ID with the DN of a user where no part of the hierarchy
* exists.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureDNColonNoSuchBaseDN()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=doesnt.exist,o=doesnt.exist",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using an
* authorization ID with the uid of a user that doesn't exist.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureUColonNoSuchUser()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "u:test.user",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using an
* authorization ID with the uid of a user that doesn't exist and providing
* the current password..
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureUColonNoSuchUserWithCurrentPassword()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "u:test.user",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using a malformed
* authorization ID.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureMalformedAuthZID()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "malformed",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using a bad
* current password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureWrongCurrentPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-c", "wrongPassword",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using a pre-encoded
* new password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAllowPreEncoded()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "{SSHA}Fv4b7f4AnRMUiGqBi9QA1xJrTtRTqS3WpRi81g=="
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using a pre-encoded
* new password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailurePreEncodedNewPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
/* Make sure preEncoded passwords are rejected */
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "{SSHA}Fv4b7f4AnRMUiGqBi9QA1xJrTtRTqS3WpRi81g=="
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP using a pre-encoded
* new password.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailurePreEncodedNewPasswordWithCurrentPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
/* Make sure preEncoded passwords are rejected */
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "{SSHA}Fv4b7f4AnRMUiGqBi9QA1xJrTtRTqS3WpRi81g=="
};
int exitCode =
}
/**
* Tests the password modify extended operation over an internal connection
* with a request whose value isn't a valid encoded sequence.
*/
@Test
public void testFailureInvalidRequestValueFormat()
{
}
/**
* Tests the password modify extended operation over an internal connection
* with a request that contain an invalid sequence element type.
*/
@Test
public void testFailureInvalidSequenceElementType() throws Exception
{
}
/**
* Tests the password modify extended operation over an unauthenticated
* internal connection and without providing an authorization ID.
*/
@Test
public void testFailureCompletelyAnonymous() throws Exception
{
"newPassword");
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Tests the password modify extended operation with a password policy that
* doesn't allow users to change their own passwords.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRejectUserPasswordChanges()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password policy that
* doesn't allow users to change their own passwords.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRejectUserPasswordChangesWithCurrentPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation without providing the current
* password but with a password policy that requires it.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRequireCurrentPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation that requires secure
* authentication but a connection that doesn't provide it.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRequireSecureAuthentication()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation that requires secure
* password changes but a connection that doesn't provide it.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureRequireSecurePasswordChanges()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation that requires secure
* password changes but a connection that doesn't provide it.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password change that is
* within the minimum password age.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureWithinMinAge()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password change that is
* within the minimum password age.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureWithinMinAgeWithCurrentPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password change for a
* user whose password is expired but expired password changes are not
* allowed.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureExpiredChangesNotAllowed()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
"20050101000000.000Z")));
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password change for a
* user whose password is expired but expired password changes are allowed.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testExpiredChangesAllowed()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: bypass-acl",
"userPassword: password");
"20050101000000.000Z")));
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password change for a
* user where there is no new password provided and there is no password
* generator.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureNoPasswordNoGenerator()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password"
};
int exitCode =
"cn=Random Password Generator,cn=Password Generators,cn=config";
}
/**
* Tests the password modify extended operation with a password change for a
* user where there is no new password provided and there is no password
* generator.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureNoPasswordNoGeneratorWithPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password"
};
int exitCode =
"cn=Random Password Generator,cn=Password Generators,cn=config";
}
/**
* Tests the password modify extended operation with a password change for a
* user where a password validator rejects the change.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureValidatorReject()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
"cn=Length-Based Password Validator,cn=Password Validators,cn=config";
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "uid=test.user,o=test",
"-w", "password",
"-n", "short"
};
int exitCode =
}
/**
* Tests the password modify extended operation with a password change for a
* user where a password validator rejects the change.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testFailureValidatorRejectWithCurrentPassword()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
"cn=Length-Based Password Validator,cn=Password Validators,cn=config";
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "short"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP when the existing
* account has multiple passwords.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAllowMultiplePasswords()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password",
"userPassword: password2");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests the password modify extended operation over LDAP when the existing
* account has multiple passwords.
*
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testAllowMultipleAuthPasswords()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: authPasswordObject",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"authPassword: password",
"authPassword: password2",
"ds-pwp-password-policy-dn: cn=SHA1 AuthPassword Policy," +
"cn=Password Policies,cn=config");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-D", "cn=Directory Manager",
"-w", "password",
"-a", "dn:uid=test.user,o=test",
"-c", "password",
"-n", "newPassword"
};
int exitCode =
}
/**
* Tests to ensure that if the user provides the correct old password, then
* the last login time will be updated if that feature is enabled.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testUpdateLastLoginTime()
throws Exception
{
TestCaseUtils.applyModifications(false,
"dn: uid=test.user,o=test",
"changetype: add",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: oldpassword",
// FIXME -- I shouldn't have to add this ACI explicitly, but for some
// reason the global ACIs are getting removed and never put back,
// and without this ACI the user won't have permission to change
// its own password. If we ever change the access control syntax
// then this will likely need to be updated, but I don't want to
// have to give the user the bypass-acl privilege.
"aci: (targetattr=\"*\")(version 3.0; acl \"Self Modify Rights\"; " +
"allow (read,search,compare,write) userdn=\"ldap:///self\";)");
"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
"changetype: modify",
"replace: ds-cfg-last-login-time-attribute",
"ds-cfg-last-login-time-attribute: ds-pwp-last-login-time",
"-",
"replace: ds-cfg-last-login-time-format",
"ds-cfg-last-login-time-format: yyyyMMdd");
try
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "oldpassword",
"-n", "newpassword"
};
}
finally
{
"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
"changetype: modify",
"replace: ds-cfg-last-login-time-attribute",
"-",
"replace: ds-cfg-last-login-time-format");
}
}
/**
* Tests to ensure that if the user provides an incorrect old password, then
* the auth failure times will be updated if that feature is enabled.
*
* @throws Exception If an unexpected error occurs.
*/
@Test
public void testUpdateAuthFailureTimes()
throws Exception
{
TestCaseUtils.applyModifications(false,
"dn: uid=test.user,o=test",
"changetype: add",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: oldpassword");
"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
"changetype: modify",
"replace: ds-cfg-lockout-failure-count",
"ds-cfg-lockout-failure-count: 3");
try
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-a", "dn:uid=test.user,o=test",
"-c", "wrongoldpassword",
"-n", "newpassword"
};
}
finally
{
"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
"changetype: modify",
"replace: ds-cfg-lockout-failure-count",
"ds-cfg-lockout-failure-count: 0");
}
}
}