def del_local_policy(inst, basedn, log, args):
log = log.getChild('del_local_policy')
targetdn = args.DN[0]
policy_type = _get_policy_type(inst, targetdn)
pwp_manager = PwPolicyManager(inst)
pwp_manager.delete_local_policy(targetdn)
print('Successfully deleted %s' % policy_type.lower())
def test_pwd_min_age(topology_st, test_user, password_policy):
"""If we set passwordMinAge to some value, for example to 10, then it
should not allow the user to change the password within 10 seconds after
his previous change.
:id: 85b98516-8c82-45bd-b9ec-90bd1245e09c
:setup: Standalone instance, a test user,
password policy entries for a user and a subtree
:steps:
1. Set passwordMinAge to 10 on the user pwpolicy entry
2. Set passwordMinAge to 10 on the subtree pwpolicy entry
3. Set passwordMinAge to 10 on the cn=config entry
4. Bind as test user
5. Try to change the password two times in a row
6. Wait 12 seconds
7. Try to change the password
8. Clean up - change the password to default while bound as DM
:expectedresults:
1. passwordMinAge should be successfully set on the user pwpolicy entry
2. passwordMinAge should be successfully set on the subtree pwpolicy entry
3. passwordMinAge should be successfully set on the cn=config entry
4. Bind should be successful
5. The password should be successfully changed
6. 12 seconds have passed
7. Constraint Violation error should be raised
8. Operation should be successful
"""
num_seconds = '10'
users = UserAccounts(topology_st.standalone, OU_PEOPLE, rdn=None)
user = users.get(TEST_USER_NAME)
log.info('Set passwordminage to "{}" - {}'.format(num_seconds, OU_PEOPLE))
pwp = PwPolicyManager(topology_st.standalone)
subtree_policy = pwp.get_pwpolicy_entry(OU_PEOPLE)
subtree_policy.set('passwordminage', num_seconds)
log.info('Set passwordminage to "{}" - {}'.format(num_seconds,
TEST_USER_DN))
user_policy = pwp.get_pwpolicy_entry(TEST_USER_DN)
user_policy.set('passwordminage', num_seconds)
log.info('Set passwordminage to "{}" - {}'.format(num_seconds, DN_CONFIG))
topology_st.standalone.config.set('passwordminage', num_seconds)
time.sleep(1)
log.info('Bind as user and modify userPassword')
user.rebind(TEST_USER_PWD)
user.reset_password('new_pass')
time.sleep(1)
log.info(
'Bind as user and modify userPassword straight away after previous change'
)
user.rebind('new_pass')
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
user.reset_password('new_new_pass')
log.info('Wait {} second'.format(int(num_seconds) + 2))
time.sleep(int(num_seconds) + 2)
try:
log.info('Bind as user and modify userPassword')
user.rebind('new_pass')
user.reset_password(TEST_USER_PWD)
except ldap.LDAPError as e:
log.error('Failed to change userpassword for {}: error {}'.format(
TEST_USER_DN, e.args[0]['info']))
raise e
finally:
log.info('Bind as DM')
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
user.reset_password(TEST_USER_PWD)
pwp.delete_local_policy(TEST_USER_DN)
pwp.delete_local_policy(OU_PEOPLE)
