def test_global_tpr_maxuse_2(topology_st, test_user, request): """Test global TPR policy : passwordTPRMaxUse Test that after less than passwordTPRMaxUse failures to bind additional bind with valid password are successfull :id: bd18bf8e-f3c3-4612-9009-500cf558317e :customerscenario: False :setup: Standalone instance :steps: 1. Enable passwordMustChange 2. Set passwordTPRMaxUse=5 3. Set passwordMaxFailure to a higher value to not disturb the test 4. Bind with a wrong password less than passwordTPRMaxUse times and check INVALID_CREDENTIALS 7. Bind successfully with a valid password 10 times and check passwordTPRRetryCount returns to 0 8. Reset password policy configuration :expected results: 1. Success 2. Success 3. Success 4. Success 5. Success 6. Success 7. Success 8. Success """ try_tpr_failure = 5 # Set password policy config, passwordMaxFailure being higher than # passwordTPRMaxUse so that TPR is enforced first topology_st.standalone.config.replace('passwordMustChange', 'on') topology_st.standalone.config.replace('passwordMaxFailure', str(try_tpr_failure + 20)) topology_st.standalone.config.replace('passwordTPRMaxUse', str(try_tpr_failure)) time.sleep(.5) # Reset user's password our_user = UserAccount(topology_st.standalone, TEST_USER_DN) our_user.replace('userpassword', PASSWORD) time.sleep(.5) # Do less than passwordTPRMaxUse failing bind try_tpr_failure = try_tpr_failure - 2 for i in range(try_tpr_failure): # Bind as user with a wrong password with pytest.raises(ldap.INVALID_CREDENTIALS): our_user.rebind('wrong password') time.sleep(.5) # Check that pwdReset is TRUE topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) #assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE' # Check that pwdTPRReset is TRUE assert our_user.get_attr_val_utf8('pwdTPRReset') == 'TRUE' assert our_user.get_attr_val_utf8('pwdTPRUseCount') == str(i + 1) log.info( "%dth failing bind (INVALID_CREDENTIALS) => pwdTPRUseCount = %d" % (i + 1, i + 1)) # Now the #failures has not reached passwordTPRMaxUse # Check that pwdReset is TRUE topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE' # Check that pwdTPRReset is TRUE assert our_user.get_attr_val_utf8('pwdTPRReset') == 'TRUE' assert our_user.get_attr_val_utf8('pwdTPRUseCount') == str(try_tpr_failure) log.info("last failing bind (INVALID_CREDENTIALS) => pwdTPRUseCount = %d" % (try_tpr_failure)) our_user.rebind(PASSWORD) our_user.replace('userpassword', PASSWORD) # give time to update the pwp attributes in the entry time.sleep(.5) # Now check that all next attempts with correct password are successfull # and passwordTPRRetryCount reset to 0 for i in range(10): # Bind as user with valid password our_user.rebind(PASSWORD) time.sleep(.5) # Check that pwdReset is TRUE topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) #assert our_user.get_attr_val_utf8('pwdReset') == 'TRUE' # Check that pwdTPRReset is FALSE assert our_user.get_attr_val_utf8('pwdTPRReset') == 'FALSE' #pdb.set_trace() assert not our_user.present('pwdTPRUseCount') def fin(): topology_st.standalone.restart() # Reset password policy config topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) topology_st.standalone.config.replace('passwordMustChange', 'off') # Reset user's password our_user.replace('userpassword', TEST_USER_PWD) request.addfinalizer(fin)
def test_positive(topo): """ :id: ba6d5e9c-786b-11e8-860d-8c16451d917b :setup: server :steps: 1. Add filter role entry 2. Add ns container 3. Add cos template 4. Add CosClassic Definition 5. Cos entries should be added and searchable 6. employeeType attribute should be there in user entry as per the cos plugin property :expectedresults: 1. Operation should success 2. Operation should success 3. Operation should success 4. Operation should success 5. Operation should success 6. Operation should success """ # Adding ns filter role roles = FilterRoles(topo.standalone, DEFAULT_SUFFIX) roles.create(properties={ 'cn': 'FILTERROLEENGROLE', 'nsRoleFilter': 'cn=eng*' }) # adding ns container nsContainer(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\ .create(properties={'cn': 'cosTemplates'}) # creating cos template properties = { 'employeeType': 'EngType', 'cn': '"cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,dc=example,dc=com' } CosTemplate(topo.standalone, 'cn="cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\ .create(properties=properties) # creating CosClassicDefinition properties = { 'cosTemplateDn': 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format( DEFAULT_SUFFIX), 'cosAttribute': 'employeeType', 'cosSpecifier': 'nsrole', 'cn': 'cosClassicGenerateEmployeeTypeUsingnsrole' } CosClassicDefinition(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsrole,{}'.format(DEFAULT_SUFFIX))\ .create(properties=properties) # Adding User entry properties = { 'uid': 'enguser1', 'cn': 'enguser1', 'sn': 'user', 'uidNumber': '1000', 'gidNumber': '2000', 'homeDirectory': '/home/' + 'enguser1' } user = UserAccount(topo.standalone, 'cn=enguser1,{}'.format(DEFAULT_SUFFIX)) user.create(properties=properties) # Asserting Cos should be added and searchable cosdef = CosClassicDefinitions( topo.standalone, DEFAULT_SUFFIX).get('cosClassicGenerateEmployeeTypeUsingnsrole') assert cosdef.dn == 'cn=cosClassicGenerateEmployeeTypeUsingnsrole,dc=example,dc=com' assert cosdef.get_attr_val_utf8( 'cn') == 'cosClassicGenerateEmployeeTypeUsingnsrole' # CoS definition entry's cosSpecifier attribute specifies the employeeType attribute assert user.present('employeeType')