3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2005 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 if test $PPOLICY = ppolicyno; then
20 echo "Password policy overlay not available, test skipped"
24 mkdir -p $TESTDIR $DBDIR1
26 echo "Starting slapd on TCP/IP port $PORT1..."
27 . $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
28 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
30 if test $WAIT != 0 ; then
36 USER="uid=nd, ou=People, dc=example, dc=com"
39 echo "Using ldapsearch to check that slapd is running..."
40 for i in 0 1 2 3 4 5; do
41 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
42 'objectclass=*' > /dev/null 2>&1
44 if test $RC = 0 ; then
47 echo "Waiting 5 seconds for slapd to start..."
50 if test $RC != 0 ; then
51 echo "ldapsearch failed $(RC)!"
52 test $KILLSERVERS != no && kill -HUP $KILLPIDS
56 echo "Using ldapadd to populate the database..."
57 $LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
58 $LDIFPPOLICY > $TESTOUT 2>&1
60 if test $RC != 0 ; then
61 echo "ldapadd failed ($RC)!"
62 test $KILLSERVERS != no && kill -HUP $KILLPIDS
66 echo "Testing account lockout..."
67 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
69 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
71 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
73 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1
74 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
75 COUNT=`grep "Account locked" $SEARCHOUT | wc -l`
76 if test $COUNT != 2 ; then
77 echo "Account lockout test failed"
78 test $KILLSERVERS != no && kill -HUP $KILLPIDS
82 echo "Waiting 20 seconds for lockout to reset..."
85 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
86 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
88 if test $RC != 0 ; then
89 echo "ldapsearch failed ($RC)!"
90 test $KILLSERVERS != no && kill -HUP $KILLPIDS
94 echo "Testing password expiration"
95 echo "Waiting 20 seconds for password to expire..."
98 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
99 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
101 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
102 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
104 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
105 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
107 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
108 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
110 if test $RC = 0 ; then
111 echo "Password expiration failed ($RC)!"
112 test $KILLSERVERS != no && kill -HUP $KILLPIDS
116 COUNT=`grep "grace logins" $SEARCHOUT | wc -l`
117 if test $COUNT != 3 ; then
118 echo "Password expiration test failed"
119 test $KILLSERVERS != no && kill -HUP $KILLPIDS
123 echo "Resetting password to clear expired status"
124 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
126 -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
128 if test $RC != 0 ; then
129 echo "ldappasswd failed ($RC)!"
130 test $KILLSERVERS != no && kill -HUP $KILLPIDS
134 echo "Filling password history..."
135 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS > \
136 $TESTOUT 2>&1 << EOMODS
137 dn: uid=nd, ou=People, dc=example, dc=com
140 userpassword: testpassword
142 replace: userpassword
143 userpassword: 20urgle12-1
145 dn: uid=nd, ou=People, dc=example, dc=com
148 userpassword: 20urgle12-1
150 replace: userpassword
151 userpassword: 20urgle12-2
153 dn: uid=nd, ou=People, dc=example, dc=com
156 userpassword: 20urgle12-2
158 replace: userpassword
159 userpassword: 20urgle12-3
161 dn: uid=nd, ou=People, dc=example, dc=com
164 userpassword: 20urgle12-3
166 replace: userpassword
167 userpassword: 20urgle12-4
169 dn: uid=nd, ou=People, dc=example, dc=com
172 userpassword: 20urgle12-4
174 replace: userpassword
175 userpassword: 20urgle12-5
177 dn: uid=nd, ou=People, dc=example, dc=com
180 userpassword: 20urgle12-5
182 replace: userpassword
183 userpassword: 20urgle12-6
187 if test $RC != 0 ; then
188 echo "ldapmodify failed ($RC)!"
189 test $KILLSERVERS != no && kill -HUP $KILLPIDS
192 echo "Testing password history..."
193 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 > \
194 $TESTOUT 2>&1 << EOMODS
195 dn: uid=nd, ou=People, dc=example, dc=com
198 userPassword: 20urgle12-6
200 replace: userPassword
201 userPassword: 20urgle12-2
205 if test $RC = 0 ; then
206 echo "ldapmodify failed ($RC)!"
207 test $KILLSERVERS != no && kill -HUP $KILLPIDS
211 echo "Testing forced reset..."
213 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
214 $TESTOUT 2>&1 << EOMODS
215 dn: uid=nd, ou=People, dc=example, dc=com
217 replace: userPassword
218 userPassword: testpassword
225 if test $RC != 0 ; then
226 echo "ldapmodify failed ($RC)!"
227 test $KILLSERVERS != no && kill -HUP $KILLPIDS
231 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
232 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
234 if test $RC = 0 ; then
235 echo "Forced reset failed ($RC)!"
236 test $KILLSERVERS != no && kill -HUP $KILLPIDS
240 COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l`
241 if test $COUNT != 1 ; then
242 echo "Forced reset test failed"
243 test $KILLSERVERS != no && kill -HUP $KILLPIDS
247 echo "Clearing forced reset..."
249 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
250 $TESTOUT 2>&1 << EOMODS
251 dn: uid=nd, ou=People, dc=example, dc=com
257 if test $RC != 0 ; then
258 echo "ldapmodify failed ($RC)!"
259 test $KILLSERVERS != no && kill -HUP $KILLPIDS
263 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
264 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
266 if test $RC != 0 ; then
267 echo "Clearing forced reset failed ($RC)!"
268 test $KILLSERVERS != no && kill -HUP $KILLPIDS
272 echo "Testing Safe modify..."
274 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
275 -w $PASS -s failexpect \
276 -D "$USER" > $TESTOUT 2>&1
278 if test $RC = 0 ; then
279 echo "Safe modify test 1 failed ($RC)!"
280 test $KILLSERVERS != no && kill -HUP $KILLPIDS
286 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
287 -w $PASS -s failexpect -a $PASS \
288 -D "$USER" > $TESTOUT 2>&1
290 if test $RC != 0 ; then
291 echo "Safe modify test 2 failed ($RC)!"
292 test $KILLSERVERS != no && kill -HUP $KILLPIDS
296 echo "Testing length requirement..."
298 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
299 -w failexpect -a failexpect -s spw \
300 -D "$USER" > $TESTOUT 2>&1
302 if test $RC = 0 ; then
303 echo "Length requirement test failed ($RC)!"
304 test $KILLSERVERS != no && kill -HUP $KILLPIDS
307 COUNT=`grep "Password fails quality" $TESTOUT | wc -l`
308 if test $COUNT != 1 ; then
309 echo "Length requirement test failed"
310 test $KILLSERVERS != no && kill -HUP $KILLPIDS
314 test $KILLSERVERS != no && kill -HUP $KILLPIDS
316 echo ">>>>> Test succeeded"