5785N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
5785N/A ! The contents of this file are subject to the terms of the 5785N/A ! Common Development and Distribution License, Version 1.0 only 5785N/A ! (the "License"). You may not use this file except in compliance 5785N/A ! See the License for the specific language governing permissions 5785N/A ! and limitations under the License. 5785N/A ! When distributing Covered Code, include this CDDL HEADER in each 6982N/A ! If applicable, add the following below this CDDL HEADER, with the 6982N/A ! fields enclosed by brackets "[]" replaced with your own identifying 5785N/A ! Portions Copyright [yyyy] [name of copyright owner] 5785N/A ! Copyright 2007-2008 Sun Microsystems, Inc. 5785N/A ! Portions Copyright 2012 ForgeRock AS 5785N/A <!--- Test Case information 5785N/A #@TestName Admin Changing Password Policy Settings 5785N/A #@TestPurpose Admin Changing Password Policy Settings 5785N/A #@TestStep Set expire-passwords-without-warning true 5785N/A #@TestStep Set min-password-age 1s 5785N/A #@TestStep Set max-password-age 3s 5785N/A #@TestStep Set password-expiration-warning-interval 1s 5785N/A #@TestStep Set grace-login-count 3 5785N/A #@TestResult Success if dsconfig returns 0 5785N/A <
function name="pwp_grace_login_001" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP Set Password Policy Settings')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Modifying password policy setting.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'set-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Get Default Password Policy.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'get-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>
5785N/A <!--- Test Case information 5785N/A #@TestName Min Password Age More than Max Password Age 5785N/A #@TestPurpose Verify that min-password-age is not more than max-password-age 5785N/A #@TestStep Change Password Policy min password age beyond limit 5785N/A #@TestStep Set min-password-age 10s 5785N/A #@TestStep Set max-password-age 3s 5785N/A #@TestStep Set password-expiration-warning-interval 1s 5785N/A #@TestResult Success if dsconfig returns 1 5785N/A <
function name="pwp_grace_login_002" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP Min Password Age Greater than Max Password Age')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Admin modifying password policy settings.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'set-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions,
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>
5785N/A <!--- Test Case information 5785N/A #@TestName Min Password Age More than Expiration Warning Interval 5785N/A #@TestPurpose Verify that min-password-age is not more than password-expiration-warning-interval 5785N/A #@TestStep Change Password Policy min password age to limit 5785N/A #@TestStep Set min-password-age 2s 5785N/A #@TestStep Set max-password-age 3s 5785N/A #@TestStep Set password-expiration-warning-interval 1s 5785N/A #@TestResult Success if dsconfig returns 1 5785N/A <
function name="pwp_grace_login_003" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP Min Password Age More than Expiration Warning Interval')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Modifying password policy settings.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'set-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions,
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>
5785N/A <!--- Test Case information 5785N/A #@TestName Password Expiration Warning Interval Too Big 5785N/A #@TestPurpose Verify that password-expiration-warning-interval can not be 5785N/A greater than max-password-age 5785N/A #@TestStep Change Password Policy expire warning interval beyond limit 5785N/A #@TestStep Set min-password-age 1s 5785N/A #@TestStep Set max-password-age 3s 5785N/A #@TestStep Set password-expiration-warning-interval 10 s 5785N/A #@TestResult Success if dsconfig returns 1 5785N/A <
function name="pwp_grace_login_004" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP Password Expiration Warning Interval Too Big')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Admin modifying password policy settings.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'set-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions,
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>
5785N/A <!--- Test Case information 5785N/A #@TestName Grace Login Count Expired 5785N/A #@TestPurpose Grace Login Count Expired 5785N/A #@TestStep Verify grace login use times with manage-account 5785N/A #@TestStep Search Bind 1 SearchObject returns 19 5785N/A #@TestStep Verify remaining grace login with manage-account 5785N/A #@TestStep Verify grace login use times with manage-account 5785N/A #@TestStep Search Bind 2 SearchObject returns 19 5785N/A #@TestStep Verify remaining grace login with manage-account 5785N/A #@TestStep Search Bind 3 SearchObject returns 49 5785N/A #@TestStep Verify remaining grace login with manage-account 5785N/A #@TestStep Search Bind 4 SearchObject returns 49 5785N/A #@TestStep Verify remaining grace login with manage-account 5785N/A #@TestStep Verify manage-account get-all 5785N/A #@TestResult Success if all the steps are PASS 5785N/A <
function name="pwp_grace_login_005" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP Grace Login Count Expired')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Get Default Password Policy.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'get-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Pause 2 seconds.' % msg }
5785N/A { 'sleepForMilliSeconds' : '2000' }
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Verify remaining grace login count with manage-account ' % msg }
5785N/A <
call function="'manageAccountWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5785N/A 'subcommand' : 'get-remaining-grace-login-count' ,
5785N/A 'targetDn' : 'uid=btalbot,%s' % basedn }
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Verify grace login use times with manage-account ' % msg }
5785N/A <
call function="'manageAccountWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5785N/A 'subcommand' : 'get-grace-login-use-times' ,
5785N/A 'targetDn' : 'uid=btalbot,%s' % basedn }
5785N/A returnString = STAXResult[0][1]
5789N/A <
call function="'searchString'">
5785N/A { 'returnString' : returnString ,
5785N/A 'expectedString' : 'Grace Login Use Times:' }
5785N/A <!-- The password has expired, entering grace login period --> 5785N/A remaining_grace_login_count = 2
5785N/A <
loop from="1" to="grace_login_count" var="loop">
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Search Bind %s' % (msg,loop) }
5785N/A <
call function="'SearchObject'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5785N/A 'dsInstanceDn' : 'uid=btalbot,%s' % basedn ,
5785N/A 'dsInstancePswd' : 'trident',
5785N/A 'dsBaseDN' : 'dc=example,dc=com' ,
5785N/A 'dsFilter' : 'objectclass=*' ,
5785N/A 'extraParams' : '-s base' ,
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Verify remaining grace login count.' % msg }
5785N/A <
call function="'manageAccountWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5785N/A 'subcommand' : 'get-remaining-grace-login-count' ,
5785N/A 'targetDn' : 'uid=btalbot,%s' % basedn }
5785N/A returnString = STAXResult[0][1]
5789N/A <
call function="'searchString'">
5785N/A { 'returnString' : returnString ,
5785N/A 'expectedString' : 'Remaining Grace Login Count: %s' % remaining_grace_login_count }
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Verify grace login use times.' % msg }
5785N/A <
call function="'manageAccountWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5785N/A 'subcommand' : 'get-grace-login-use-times' ,
5785N/A 'targetDn' : 'uid=btalbot,%s' % basedn }
5785N/A returnString = STAXResult[0][1]
5789N/A <
call function="'searchString'">
5785N/A { 'returnString' : returnString ,
5785N/A 'expectedString' : 'Grace Login Use Times: 20' }
5785N/A remaining_grace_login_count -= 1
5785N/A <!-- The password has expired, no grace logins remaining --> 5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Search Bind 4' % msg }
5785N/A <
call function="'SearchObject'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5785N/A 'dsInstanceDn' : 'uid=btalbot,%s' % basedn ,
5785N/A 'dsInstancePswd' : 'trident',
5785N/A 'dsBaseDN' : 'dc=example,dc=com' ,
5785N/A 'dsFilter' : 'objectclass=*' ,
5785N/A 'extraParams' : '-s base' ,
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Verify remaining grace login with manage-account' % msg }
5785N/A <
call function="'manageAccountWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5785N/A 'subcommand' : 'get-remaining-grace-login-count' ,
5785N/A 'targetDn' : 'uid=btalbot,%s' % basedn }
5785N/A returnString = STAXResult[0][1]
5789N/A <
call function="'searchString'">
5785N/A { 'returnString' : returnString ,
5785N/A 'expectedString' : 'Remaining Grace Login Count: 0' }
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Verify manage-account get-all' % msg }
5785N/A <
call function="'manageAccountWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5785N/A 'targetDn' : 'uid=btalbot,%s' % basedn }
5785N/A returnString = STAXResult[0][1]
5789N/A <
call function="'searchString'">
5785N/A { 'returnString' : returnString ,
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>
5785N/A <!--- Test Case information 5785N/A #@TestName User Reset Password During Grace Login 5785N/A #@TestPurpose User Reset Password During Grace Login 5785N/A #@TestStep Search Bind 1 SearchObject returns 19 5785N/A #@TestStep User resetting password 5785N/A #@TestStep Admin reset max password age set 5785N/A #@TestStep Set max-password-age to 24h 5785N/A #@TestStep Search Bind 2 SearchObject returns 0 5785N/A #@TestStep Search Bind 2 SearchObject returns 0 5785N/A #@TestResult Success if the 5 steps are PASS 5785N/A <
function name="pwp_grace_login_006" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP User Reset Password During Grace Login')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Reset Password, Search Bind 1' % msg }
5785N/A <
call function="'SearchObject'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5785N/A 'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
5785N/A 'dsInstancePswd' : 'forsook',
5785N/A 'dsBaseDN' : 'dc=example,dc=com' ,
5785N/A 'dsFilter' : 'objectclass=*' ,
5785N/A 'extraParams' : '-s base' ,
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Reset Password, User resetting password' % msg }
5785N/A <
call function="'ldapPasswordModifyWithScript'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5785N/A 'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
5785N/A 'dsInstancePswd' : 'forsook' ,
5785N/A 'dsAuthzID' : 'dn:uid=kwinters,%s' % basedn ,
5785N/A 'dsNewPassword' : 'newforsook' }
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Reset Password, Admin reset max password age' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'set-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Reset Password, Search Bind 2' % msg }
5785N/A <
call function="'SearchObject'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5785N/A 'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
5785N/A 'dsInstancePswd' : 'newforsook',
5785N/A 'dsBaseDN' : 'dc=example,dc=com' ,
5785N/A 'dsFilter' : 'objectclass=*' ,
5785N/A 'extraParams' : '-s base' }
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Reset Password, Search Bind 3' % msg }
5785N/A <
call function="'SearchObject'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5785N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5785N/A 'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
5785N/A 'dsInstancePswd' : 'newforsook',
5785N/A 'dsBaseDN' : 'dc=example,dc=com' ,
5785N/A 'dsFilter' : 'objectclass=*' ,
5785N/A 'extraParams' : '-s base' }
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>
5785N/A <!--- Test Case information 5785N/A #@TestName Admin Resetting Password Policy Settings 5785N/A #@TestPurpose Admin Resetting Password Policy Settings 5785N/A #@TestStep Reset expire-passwords-without-warning to false 5785N/A #@TestStep Reset max-password-age 0s 5785N/A #@TestStep Reset min-password-age 0s 5785N/A #@TestStep Reset password-expiration-warning-interval 5d 5785N/A #@TestStep Reset grace-login-count 0 5785N/A #@TestResult Success if dsconfig returns 0 5785N/A <
function name="pwp_grace_login_007" scope="local">
5785N/A <
testcase name="getTestCaseName('PWP Admin Reset Password Policy Settings')">
5785N/A <
call function="'testCase_Preamble'"/>
5785N/A 'Test Name = %s' % STAXCurrentTestcase
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Admin resetting password policy settings.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'set-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions
5785N/A <
call function="'testStep'">
5785N/A { 'stepMessage' : '%s Get Default Password Policy.' % msg }
5785N/A dsconfigOptions=' '.join(options)
5785N/A <
call function="'dsconfig'">
5785N/A { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5785N/A 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
5785N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5785N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5785N/A 'subcommand' : 'get-password-policy-prop',
5785N/A 'optionsString' : dsconfigOptions
5785N/A <
catch exception="'STAXException'" typevar="eType" var="eInfo">
5785N/A <
message log="1" level="'fatal'">
5785N/A '%s: Test failed. eInfo(%s)' % (eType,eInfo)
5785N/A <
call function="'testCase_Postamble'"/>