Exemplo n.º 1
0
def set_global_policy(inst, basedn, log, args):
    log = log.getChild('set_global_policy')
    pwp_manager = PwPolicyManager(inst)
    attrs = _args_to_attrs(args, pwp_manager.arg_to_attr)
    pwp_manager.set_global_policy(attrs)

    print('Successfully updated global password policy')
Exemplo n.º 2
0
def test_ticket49039(topo):
    """Test "password must change" verses "password min age".  Min age should not
    block password update if the password was reset.
    """

    # Setup SSL (for ldappasswd test)
    topo.standalone.enable_tls()

    # Configure password policy
    try:
        policy = PwPolicyManager(topo.standalone)
        policy.set_global_policy(
            properties={
                'nsslapd-pwpolicy-local': 'on',
                'passwordMustChange': 'on',
                'passwordExp': 'on',
                'passwordMaxAge': '86400000',
                'passwordMinAge': '8640000',
                'passwordChange': 'on'
            })
    except ldap.LDAPError as e:
        log.fatal('Failed to set password policy: ' + str(e))

    # Add user, bind, and set password
    try:
        topo.standalone.add_s(
            Entry((USER_DN, {
                'objectclass': 'top extensibleObject'.split(),
                'uid': 'user1',
                'userpassword': PASSWORD
            })))
    except ldap.LDAPError as e:
        log.fatal('Failed to add user: error ' + e.args[0]['desc'])
        assert False

    # Reset password as RootDN
    try:
        topo.standalone.modify_s(
            USER_DN,
            [(ldap.MOD_REPLACE, 'userpassword', ensure_bytes(PASSWORD))])
    except ldap.LDAPError as e:
        log.fatal('Failed to bind: error ' + e.args[0]['desc'])
        assert False

    time.sleep(1)

    # Reset password as user
    try:
        topo.standalone.simple_bind_s(USER_DN, PASSWORD)
    except ldap.LDAPError as e:
        log.fatal('Failed to bind: error ' + e.args[0]['desc'])
        assert False

    try:
        topo.standalone.modify_s(
            USER_DN,
            [(ldap.MOD_REPLACE, 'userpassword', ensure_bytes(PASSWORD))])
    except ldap.LDAPError as e:
        log.fatal('Failed to change password: error ' + e.args[0]['desc'])
        assert False

    ###################################
    # Make sure ldappasswd also works
    ###################################

    # Reset password as RootDN
    try:
        topo.standalone.simple_bind_s(DN_DM, PASSWORD)
    except ldap.LDAPError as e:
        log.fatal('Failed to bind as rootdn: error ' + e.args[0]['desc'])
        assert False

    try:
        topo.standalone.modify_s(
            USER_DN,
            [(ldap.MOD_REPLACE, 'userpassword', ensure_bytes(PASSWORD))])
    except ldap.LDAPError as e:
        log.fatal('Failed to bind: error ' + e.args[0]['desc'])
        assert False

    time.sleep(1)

    # Run ldappasswd as the User.
    os.environ["LDAPTLS_CACERTDIR"] = topo.standalone.get_cert_dir()
    cmd = ('ldappasswd' + ' -h ' + topo.standalone.host + ' -Z -p 38901 -D ' +
           USER_DN + ' -w password -a password -s password2 ' + USER_DN)
    os.system(cmd)
    time.sleep(1)

    try:
        topo.standalone.simple_bind_s(USER_DN, "password2")
    except ldap.LDAPError as e:
        log.fatal('Failed to bind: error ' + e.args[0]['desc'])
        assert False

    log.info('Test Passed')