security_history_based.xml revision d81978a0815d5b8a75633c35e3e1f8708d36f017
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="history_based"/>
<function name="history_based">
<sequence>
<!--- Test Suite information
#@TestSuiteName History based
#@TestSuitePurpose Reject Passwords looking in the History Base
#@TestSuiteGroup History Based
#@TestScript security_history_based.xml
-->
<!--- Define default value for basedn -->
<script>
basedn1 = 'ou=people,ou=password tests,'
basedn = '%s o=Pwd Validator Tests,dc=example,dc=com' % basedn1
msg = 'Security: Pwd Validator: History Based:'
</script>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: Preamble
#@TestIssue none
#@TestPurpose Preamble Enabling History Based Validator
#@TestPreamble none
#@TestStep Admin Enabling History Based Validator set
password-history-count to 3
#@TestPostamble none
#@TestResult Success if the test is PASS
-->
<testcase name="getTestCaseName('History Based: Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s Preamble - Admin Enabling Validator' % msg
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'password-history-count' ,
'attributeValue' : '3' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: user modify password 1
#@TestIssue none
#@TestPurpose user modify password 1
#@TestPreamble none
#@TestStep user modify password 1 from sprain to sprainone
RC 0
#@TestStep user modify password back to old password sprain
RC 53
#@TestStep user binding with password 1 sprainone RC 0
#@TestPostamble none
#@TestResult Success if the 3 tests are PASS
-->
<testcase name="getTestCaseName('History Based: user modifying password 1')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s user modifying password 1' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprain' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'sprainone' }
</call>
<message>
'%s user modifying password back to old password' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainone' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'sprain' ,
'expectedRC' : 53 }
</call>
<script>
knownIssue(3270)
</script>
<message>
'%s user binding with password 1' % msg
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainone' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<script>
knownIssue(3270)
</script>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: user modifying password 2
#@TestIssue none
#@TestPurpose user modifying password 2
#@TestPreamble none
#@TestStep user modify password from sprainone to spraintwo
RC 0
#@TestStep user modify password back to old passwords sprain
and sprainone RC 53
#@TestStep user binding with password 2 spraintwo RC 0
#@TestStep Check manage-account get-password-history
#@TestPostamble none
#@TestResult Success if the 4 tests are PASS
-->
<testcase name="getTestCaseName('History Based: user modifying password 2')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s user modifying password 2' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainone' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'spraintwo' }
</call>
<script>
knownIssue(3270)
</script>
<message>
'%s user modifying password back to old passwords' % msg
</message>
<script>
modify_pwds = ['sprain', 'sprainone']
</script>
<iterate var="pwds" in="modify_pwds" indexvar="index">
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'spraintwo' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : '%s' % pwds ,
'expectedRC' : 53 }
</call>
</iterate>
<script>
knownIssue(3270)
</script>
<message>
'%s user binding with password 2' % msg
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
'dsInstancePswd' : 'spraintwo' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<script>
knownIssue(3270)
</script>
<message>
'%s Check manage-account get-password-history ' % msg
</message>
<call function="'manageAccountWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'get-password-history' ,
'targetDn' : 'uid=scarter,%s' % basedn }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'Password History: 2' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: user modifying password 3
#@TestIssue none
#@TestPurpose user modifying password 3
#@TestPreamble none
#@TestStep user modify password from spraintwo to sprainthree
RC 0
#@TestStep user modify password back to old passwords sprain
sprainone and spraintwo RC 53
#@TestStep user binding with password 3 sprainthree RC 0
#@TestPostamble none
#@TestResult Success if the 3 tests are PASS
-->
<testcase name="getTestCaseName('History Based: user modifying password 3')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s user modifying password 3' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'spraintwo' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'sprainthree' }
</call>
<script>
knownIssue(3270)
</script>
<message>
'%s user modifying password back to old passwords' % msg
</message>
<script>
modify_pwds = ['sprain', 'sprainone', 'spraintwo']
</script>
<iterate var="pwds" in="modify_pwds" indexvar="index">
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainthree' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : '%s' % pwds ,
'expectedRC' : 53 }
</call>
</iterate>
<script>
knownIssue(3270)
</script>
<message>
'%s user binding with password 3' % msg
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainthree' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<script>
knownIssue(3270)
</script>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: user modifying password 4
#@TestIssue none
#@TestPurpose user modifying password 4
#@TestPreamble none
#@TestStep user modify password from sprainthree to sprainfour
RC 0
#@TestStep user modify password back to last 3 passwords
sprainone spraintwo and sprainthree RC 53
#@TestStep user modify password back to original password
sprain RC 0
#@TestStep user binding with original password sprain RC 0
#@TestPostamble none
#@TestResult Success if the 4 tests are PASS
-->
<testcase name="getTestCaseName('History Based: user modifying password 4')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s user modifying password 4' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainthree' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn ,
'dsNewPassword' : 'sprainfour' }
</call>
<script>
knownIssue(3270)
</script>
<message>
'%s user modifying password back to old passwords' % msg
</message>
<script>
modify_pwds = ['sprainone', 'spraintwo', 'sprainthree']
</script>
<iterate var="pwds" in="modify_pwds" indexvar="index">
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainfour' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : '%s' % pwds ,
'expectedRC' : 53 }
</call>
</iterate>
<script>
knownIssue(3270)
</script>
<message>
'%s user modifying password to original one' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
'dsInstancePswd' : 'sprainfour' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'sprain' }
</call>
<script>
knownIssue(3270)
</script>
<message>
'%s user binding with original password' % msg
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprain' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: Modify password history duration
#@TestIssue none
#@TestPurpose user modifying password history duration
#@TestPreamble none
#@TestStep set password-history-duration to 10 s
#@TestPostamble none
#@TestResult Success if the test is PASS
-->
<testcase name="getTestCaseName
('History Based: Modify password history duration')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s Admin modifying password history duration' % msg
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'password-history-duration' ,
'attributeValue' : '10 s' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: user modifying password after
duration
#@TestIssue none
#@TestPurpose The "Password History Duration" property specifies
the maximum length of time that a formerly-used
password should remain in the user's password
history
#@TestPreamble none
#@TestStep Sleep of 15 seconds
#@TestStep user modifying password after duration RC 0
#@TestStep user binding with password after duration RC 0
#@TestPostamble none
#@TestResult Success if the 3 tests are PASS
-->
<testcase name="getTestCaseName
('History Based: user modifying password after duration')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Pwd Validator: History Based: - Sleeping'
</message>
<call function="'Sleep'">
{ 'sleepForMilliSeconds' : '15000' }
</call>
<message>
'%s user modifying password after duration' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprain' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn ,
'dsNewPassword' : 'sprainone' , }
</call>
<message>
'%s user binding with password after duration' % msg
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainone' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case information
#@TestMarker History Based
#@TestName History Based: Postamble
#@TestIssue none
#@TestPurpose Postamble Admin resetting password history duration
and count
#@TestPreamble none
#@TestStep reset password-history-duration to 0 d
#@TestStep reset password-history-count to 0
#@TestStep user modifying password back to old passwords RC 0
#@TestStep user Searching With Password sprain RC 0
#@TestPostamble none
#@TestResult Success if the 3 tests are PASS
-->
<testcase name="getTestCaseName('History Based: Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'%s Postamble Step 1. Admin resets password history duration' % msg
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'password-history-duration' ,
'attributeValue' : '0 d' }
</call>
<message>
'%s Postamble Step 2. Admin resetting password history count' % msg
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'password-history-count' ,
'attributeValue' : '0' }
</call>
<!--- User Change Password -->
<message>
'%s Postamble Step 3. user modify pwd back to old passwords' % msg
</message>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainone' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'spraintwo' }
</call>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'spraintwo' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn ,
'dsNewPassword' : 'sprainthree' }
</call>
<call function="'ldapPasswordModifyWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprainthree' ,
'dsAuthzID' : 'dn:uid=scarter, %s' % basedn,
'dsNewPassword' : 'sprain' }
</call>
<message>
'%s Postamble Step 4. User Searching With Password' % msg
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=scarter,%s' % basedn,
'dsInstancePswd' : 'sprain' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>