def test_global_tpr_maxuse_2(topology_st, test_user, request):
"""Test global TPR policy : passwordTPRMaxUse
Test that after less than passwordTPRMaxUse failures to bind
additional bind with valid password are successfull
:id: bd18bf8e-f3c3-4612-9009-500cf558317e
:customerscenario: False
:setup: Standalone instance
:steps:
1. Enable passwordMustChange
2. Set passwordTPRMaxUse=5
3. Set passwordMaxFailure to a higher value to not disturb the test
4. Bind with a wrong password less than passwordTPRMaxUse times and check INVALID_CREDENTIALS
7. Bind successfully with a valid password 10 times
and check passwordTPRRetryCount returns to 0
8. Reset password policy configuration
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
"""
try_tpr_failure = 5
# Set password policy config, passwordMaxFailure being higher than
# passwordTPRMaxUse so that TPR is enforced first
topology_st.standalone.config.replace('passwordMustChange', 'on')
topology_st.standalone.config.replace('passwordMaxFailure',
str(try_tpr_failure + 20))
topology_st.standalone.config.replace('passwordTPRMaxUse',
str(try_tpr_failure))
time.sleep(.5)
# Reset user's password
our_user = UserAccount(topology_st.standalone, TEST_USER_DN)
our_user.replace('userpassword', PASSWORD)
time.sleep(.5)
# Do less than passwordTPRMaxUse failing bind
try_tpr_failure = try_tpr_failure - 2
for i in range(try_tpr_failure):
# Bind as user with a wrong password
with pytest.raises(ldap.INVALID_CREDENTIALS):
our_user.rebind('wrong password')
time.sleep(.5)
# Check that pwdReset is TRUE
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
#assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE'
# Check that pwdTPRReset is TRUE
assert our_user.get_attr_val_utf8('pwdTPRReset') == 'TRUE'
assert our_user.get_attr_val_utf8('pwdTPRUseCount') == str(i + 1)
log.info(
"%dth failing bind (INVALID_CREDENTIALS) => pwdTPRUseCount = %d" %
(i + 1, i + 1))
# Now the #failures has not reached passwordTPRMaxUse
# Check that pwdReset is TRUE
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE'
# Check that pwdTPRReset is TRUE
assert our_user.get_attr_val_utf8('pwdTPRReset') == 'TRUE'
assert our_user.get_attr_val_utf8('pwdTPRUseCount') == str(try_tpr_failure)
log.info("last failing bind (INVALID_CREDENTIALS) => pwdTPRUseCount = %d" %
(try_tpr_failure))
our_user.rebind(PASSWORD)
our_user.replace('userpassword', PASSWORD)
# give time to update the pwp attributes in the entry
time.sleep(.5)
# Now check that all next attempts with correct password are successfull
# and passwordTPRRetryCount reset to 0
for i in range(10):
# Bind as user with valid password
our_user.rebind(PASSWORD)
time.sleep(.5)
# Check that pwdReset is TRUE
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
#assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE'
# Check that pwdTPRReset is FALSE
assert our_user.get_attr_val_utf8('pwdTPRReset') == 'FALSE'
#pdb.set_trace()
assert not our_user.present('pwdTPRUseCount')
def fin():
topology_st.standalone.restart()
# Reset password policy config
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.config.replace('passwordMustChange', 'off')
# Reset user's password
our_user.replace('userpassword', TEST_USER_PWD)
request.addfinalizer(fin)
def test_positive(topo):
"""
:id: ba6d5e9c-786b-11e8-860d-8c16451d917b
:setup: server
:steps:
1. Add filter role entry
2. Add ns container
3. Add cos template
4. Add CosClassic Definition
5. Cos entries should be added and searchable
6. employeeType attribute should be there in user entry as per the cos plugin property
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should success
5. Operation should success
6. Operation should success
"""
# Adding ns filter role
roles = FilterRoles(topo.standalone, DEFAULT_SUFFIX)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
# adding ns container
nsContainer(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties={'cn': 'cosTemplates'})
# creating cos template
properties = {
'employeeType':
'EngType',
'cn':
'"cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,dc=example,dc=com'
}
CosTemplate(topo.standalone, 'cn="cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# creating CosClassicDefinition
properties = {
'cosTemplateDn':
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(
DEFAULT_SUFFIX),
'cosAttribute':
'employeeType',
'cosSpecifier':
'nsrole',
'cn':
'cosClassicGenerateEmployeeTypeUsingnsrole'
}
CosClassicDefinition(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsrole,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# Adding User entry
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1'
}
user = UserAccount(topo.standalone,
'cn=enguser1,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
# Asserting Cos should be added and searchable
cosdef = CosClassicDefinitions(
topo.standalone,
DEFAULT_SUFFIX).get('cosClassicGenerateEmployeeTypeUsingnsrole')
assert cosdef.dn == 'cn=cosClassicGenerateEmployeeTypeUsingnsrole,dc=example,dc=com'
assert cosdef.get_attr_val_utf8(
'cn') == 'cosClassicGenerateEmployeeTypeUsingnsrole'
# CoS definition entry's cosSpecifier attribute specifies the employeeType attribute
assert user.present('employeeType')
