core_ctrls_password_policy.xml revision d25372dc8e65a9ed019a88fdf659ca61313f1b31
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="core_ctrls_password_policy"/>
<function name="core_ctrls_password_policy">
<sequence>
<block name="'ctrls_password_policy'">
<sequence>
<script>
if not CurrentTestPath.has_key('group'):
CurrentTestPath['group']='core'
CurrentTestPath['suite']=STAXCurrentBlock
</script>
<call function="'testSuite_Preamble'"/>
<import machine="STAF_LOCAL_HOSTNAME"
file="'%s/testcases/core/core_setup.xml' % (TESTS_DIR)" />
<call function="'core_setup'" />
<!--- Test Suite information
#@TestSuiteName Core Controls password policy
#@TestSuitePurpose Verify that the controls functionality is
working in the Directory Server.
#@TestSuiteGroup core: Controls: password policy
#@TestScript core_ctrls_password_policy.xml
-->
<!--- Test Case information
#@TestMarker Core Controls Password Policy Tests
#@TestName Core Ctrls Pwd Policy Force Change on Add
#@TestPurpose Verify the pwpolicy control is returned in the
ldapsearch when the password policy is changed
to force-change-on-add.
#@TestPreamble
#@TestSteps modify the Default Password Policy, using
dsconfig, to set force-change-on-add to true.
#@TestSteps Next add a new user and do an ldapsearch of
that user using the verbose flag. The search
will fail with a LDAP_CONSTRAINT_VIOLATION.
#@TestSteps Next do a substring search of the output and
look for the control's OID
1.3.6.1.4.1.42.2.27.8.5.1.
#@TestSteps Lastly, reset the password policy.
#@TestPostamble
#@TestResult
-->
<!-- Global variables -->
<script>
peopleDn = 'ou=People,o=core tests,dc=example,dc=com'
</script>
<testcase name="getTestCaseName('Force Change on Add')">
<sequence>
<call function="'testCase_Preamble'"/>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'force-change-on-add' ,
'attributeValue' : 'true' }
</call>
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'entryToBeAdded' : '%s/core/ldifs/control1.ldif' %
remote.data }
</call>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=test.user1,%s' % peopleDn ,
'dsInstancePswd' : 'password' ,
'dsBaseDN' : peopleDn ,
'dsControl' : 'pwpolicy',
'dsVerbose' : 'True',
'dsFilter' : 'uid=test.user1' ,
'expectedRC' : 19 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<!-- looking for password policy control oid -->
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : '1.3.6.1.4.1.42.2.27.8.5.1' ,
'expectedResult' : '1' }
</call>
<!-- reset password policy -->
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'force-change-on-add' ,
'attributeValue' : 'false' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker Core Controls Password Policy Tests
#@TestName Core Ctrls Pwd Policy Lockout Failure Count
#@TestPurpose Verify the pwpolicy control is returned in the
ldapsearch when the password policy
lockout-failure-count is changed to 3, allowing
for only three tries using a bad password.
#@TestPreamble
#@TestSteps modify the Default Password Policy, using
dsconfig, to set lockout-failure-count to 3.
#@TestSteps Next add a new user and do three
ldapsearchs of that user suppling bad passwords
, and using the verbose flag. The search will
fail with a LDAP_INVALID_CREDENTIALS.
#@TestSteps Next do a substring search of the output and
look for the control's OID
1.3.6.1.4.1.42.2.27.8.5.1.
#@TestPostamble
#@TestResult
-->
<testcase name="getTestCaseName('Lockout Failure Count')">
<sequence>
<call function="'testCase_Preamble'"/>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'lockout-failure-count' ,
'attributeValue' : 3 }
</call>
<call function="'addEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'entryToBeAdded' : '%s/core/ldifs/control2.ldif'
% remote.data }
</call>
<script>
search_pwds = ['bad', 'bad', 'bad']
</script>
<iterate var="pwds" in="search_pwds" indexvar="index">
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsControl' : 'pwpolicy',
'dsVerbose' : 'True',
'dsInstanceDn' : 'uid=test.user2,%s' % peopleDn ,
'dsInstancePswd' : '%s' % pwds ,
'dsBaseDN' : peopleDn ,
'dsFilter' : 'uid=test.user2' ,
'expectedRC' : 49 }
</call>
</iterate>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsUsePasswordPolicyControl' : 'True',
'dsVerbose' : 'True',
'dsInstanceDn' : 'uid=test.user2,%s' % peopleDn ,
'dsInstancePswd' : 'password' ,
'dsBaseDN' : peopleDn ,
'dsFilter' : 'uid=test.user2' ,
'expectedRC' : 49 }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<!-- looking for password policy control oid -->
<call function="'searchStringForSubstring'">
{ 'returnString' : returnString ,
'testString' : '1.3.6.1.4.1.42.2.27.8.5.1' ,
'expectedResult' : '1' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<import machine="STAF_LOCAL_HOSTNAME"
file="'%s/testcases/core/core_cleanup.xml' % (TESTS_DIR)" />
<call function="'core_cleanup'" />
<call function="'testSuite_Postamble'"/>
</sequence>
</block>
</sequence>
</function>
</stax>