3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2004 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 if test $PPOLICY = ppolicyno; then
20 echo "Password policy overlay not available, test skipped"
24 mkdir -p $TESTDIR $DBDIR1
26 echo "Starting slapd on TCP/IP port $PORT1..."
27 . $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
28 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
30 if test $WAIT != 0 ; then
36 USER="uid=nd, ou=People, dc=example, dc=com"
39 echo "Using ldapsearch to check that slapd is running..."
40 for i in 0 1 2 3 4 5; do
41 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
42 'objectclass=*' > /dev/null 2>&1
44 if test $RC = 0 ; then
47 echo "Waiting 5 seconds for slapd to start..."
50 if test $RC != 0 ; then
51 echo "ldapsearch failed $(RC)!"
52 test $KILLSERVERS != no && kill -HUP $KILLPIDS
56 echo "Using ldapadd to populate the database..."
57 $LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
58 $LDIFPPOLICY > $TESTOUT 2>&1
60 if test $RC != 0 ; then
61 echo "ldapadd failed ($RC)!"
62 test $KILLSERVERS != no && kill -HUP $KILLPIDS
66 echo "Testing account lockout..."
67 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
69 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
71 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
73 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1
74 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
75 COUNT=`grep "Account locked" $SEARCHOUT | wc -l`
76 if test $COUNT != 2 ; then
77 echo "Account lockout test failed"
78 test $KILLSERVERS != no && kill -HUP $KILLPIDS
82 echo "Waiting 30 seconds for lockout to reset..."
85 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
86 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
88 if test $RC != 0 ; then
89 echo "ldapsearch failed ($RC)!"
90 test $KILLSERVERS != no && kill -HUP $KILLPIDS
94 echo "Testing password expiration..."
95 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
96 $TESTOUT 2>&1 << EOMODS
97 dn: uid=nd, dc=example, dc=com
99 replace: pwdChangedTime
100 pwdChangedTime: 20031231000001Z
104 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS > $SEARCHOUT 2>&1
106 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
108 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
110 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
112 if test $RC = 0 ; then
113 echo "Password expiration failed ($RC)!"
114 test $KILLSERVERS != no && kill -HUP $KILLPIDS
118 COUNT=`grep "grace logins" $SEARCHOUT | wc -l`
119 if test $COUNT != 3 ; then
120 echo "Password expiration test failed"
121 test $KILLSERVERS != no && kill -HUP $KILLPIDS
125 echo "Resetting password to clear expired status"
126 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
128 -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
130 if test $RC != 0 ; then
131 echo "ldappasswd failed ($RC)!"
132 test $KILLSERVERS != no && kill -HUP $KILLPIDS
136 echo "Filling password history..."
137 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS > \
138 $TESTOUT 2>&1 << EOMODS
139 dn: uid=nd, ou=People, dc=example, dc=com
142 userpassword: testpassword
144 replace: userpassword
145 userpassword: 20urgle12-1
147 dn: uid=nd, ou=People, dc=example, dc=com
150 userpassword: 20urgle12-1
152 replace: userpassword
153 userpassword: 20urgle12-2
155 dn: uid=nd, ou=People, dc=example, dc=com
158 userpassword: 20urgle12-2
160 replace: userpassword
161 userpassword: 20urgle12-3
163 dn: uid=nd, ou=People, dc=example, dc=com
166 userpassword: 20urgle12-3
168 replace: userpassword
169 userpassword: 20urgle12-4
171 dn: uid=nd, ou=People, dc=example, dc=com
174 userpassword: 20urgle12-4
176 replace: userpassword
177 userpassword: 20urgle12-5
179 dn: uid=nd, ou=People, dc=example, dc=com
182 userpassword: 20urgle12-5
184 replace: userpassword
185 userpassword: 20urgle12-6
189 if test $RC != 0 ; then
190 echo "ldapmodify failed ($RC)!"
191 test $KILLSERVERS != no && kill -HUP $KILLPIDS
194 echo "Testing password history..."
195 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 > \
196 $TESTOUT 2>&1 << EOMODS
197 dn: uid=nd, ou=People, dc=example, dc=com
200 userPassword: 20urgle12-6
202 replace: userPassword
203 userPassword: 20urgle12-2
207 if test $RC = 0 ; then
208 echo "ldapmodify failed ($RC)!"
209 test $KILLSERVERS != no && kill -HUP $KILLPIDS
213 echo "Testing forced reset..."
215 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
216 $TESTOUT 2>&1 << EOMODS
217 dn: uid=nd, ou=People, dc=example, dc=com
219 replace: userPassword
220 userPassword: testpassword
227 if test $RC != 0 ; then
228 echo "ldapmodify failed ($RC)!"
229 test $KILLSERVERS != no && kill -HUP $KILLPIDS
233 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
234 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
236 if test $RC = 0 ; then
237 echo "Forced reset failed ($RC)!"
238 test $KILLSERVERS != no && kill -HUP $KILLPIDS
242 COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l`
243 if test $COUNT != 1 ; then
244 echo "Forced reset test failed"
245 test $KILLSERVERS != no && kill -HUP $KILLPIDS
249 echo "Clearing forced reset..."
251 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
252 $TESTOUT 2>&1 << EOMODS
253 dn: uid=nd, ou=People, dc=example, dc=com
259 if test $RC != 0 ; then
260 echo "ldapmodify failed ($RC)!"
261 test $KILLSERVERS != no && kill -HUP $KILLPIDS
265 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
266 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
268 if test $RC != 0 ; then
269 echo "Clearing forced reset failed ($RC)!"
270 test $KILLSERVERS != no && kill -HUP $KILLPIDS
274 echo "Testing Safe modify..."
276 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
277 -w $PASS -s failexpect \
278 -D "$USER" > $TESTOUT 2>&1
280 if test $RC = 0 ; then
281 echo "Safe modify test 1 failed ($RC)!"
282 test $KILLSERVERS != no && kill -HUP $KILLPIDS
288 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
289 -w $PASS -s failexpect -a $PASS \
290 -D "$USER" > $TESTOUT 2>&1
292 if test $RC != 0 ; then
293 echo "Safe modify test 2 failed ($RC)!"
294 test $KILLSERVERS != no && kill -HUP $KILLPIDS
298 echo "Testing length requirement..."
300 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
301 -w failexpect -a failexpect -s spw \
302 -D "$USER" > $TESTOUT 2>&1
304 if test $RC = 0 ; then
305 echo "Length requirement test failed ($RC)!"
306 test $KILLSERVERS != no && kill -HUP $KILLPIDS
309 COUNT=`grep "Password fails quality" $TESTOUT | wc -l`
310 if test $COUNT != 1 ; then
311 echo "Length requirement test failed"
312 test $KILLSERVERS != no && kill -HUP $KILLPIDS
316 test $KILLSERVERS != no && kill -HUP $KILLPIDS
318 echo ">>>>> Test succeeded"