3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2004 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 if test $PPOLICY = ppolicyno; then
20 echo "Password policy overlay not available, test skipped"
24 mkdir -p $TESTDIR $DBDIR1
26 echo "Starting slapd on TCP/IP port $PORT1..."
27 . $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
28 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
30 if test $WAIT != 0 ; then
36 USER="uid=nd, ou=People, dc=example, dc=com"
39 echo "Using ldapsearch to check that slapd is running..."
40 for i in 0 1 2 3 4 5; do
41 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
42 'objectclass=*' > /dev/null 2>&1
44 if test $RC = 0 ; then
47 echo "Waiting 5 seconds for slapd to start..."
50 if test $RC != 0 ; then
51 echo "ldapsearch failed $(RC)!"
52 test $KILLSERVERS != no && kill -HUP $KILLPIDS
56 echo "Using ldapadd to populate the database..."
57 $LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
58 $LDIFPPOLICY > $TESTOUT 2>&1
60 if test $RC != 0 ; then
61 echo "ldapadd failed ($RC)!"
62 test $KILLSERVERS != no && kill -HUP $KILLPIDS
66 echo "Testing account lockout..."
67 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
69 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
71 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
73 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1
74 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
75 COUNT=`grep "Account locked" $SEARCHOUT | wc -l`
76 if test $COUNT != 2 ; then
77 echo "Account lockout test failed"
78 test $KILLSERVERS != no && kill -HUP $KILLPIDS
82 echo "Waiting 30 seconds for lockout to reset..."
85 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
86 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
88 if test $RC != 0 ; then
89 echo "ldapsearch failed ($RC)!"
90 test $KILLSERVERS != no && kill -HUP $KILLPIDS
94 echo "Testing password expiration..."
95 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
96 $TESTOUT 2>&1 << EOMODS
97 dn: uid=nd, ou=People, dc=example, dc=com
99 replace: pwdChangedTime
100 pwdChangedTime: 20031231000001Z
104 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
105 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
107 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
108 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
110 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
111 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
113 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
114 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
116 if test $RC = 0 ; then
117 echo "Password expiration failed ($RC)!"
118 test $KILLSERVERS != no && kill -HUP $KILLPIDS
122 COUNT=`grep "grace logins" $SEARCHOUT | wc -l`
123 if test $COUNT != 3 ; then
124 echo "Password expiration test failed"
125 test $KILLSERVERS != no && kill -HUP $KILLPIDS
129 echo "Resetting password to clear expired status"
130 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
132 -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
134 if test $RC != 0 ; then
135 echo "ldappasswd failed ($RC)!"
136 test $KILLSERVERS != no && kill -HUP $KILLPIDS
140 echo "Filling password history..."
141 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS > \
142 $TESTOUT 2>&1 << EOMODS
143 dn: uid=nd, ou=People, dc=example, dc=com
146 userpassword: testpassword
148 replace: userpassword
149 userpassword: 20urgle12-1
151 dn: uid=nd, ou=People, dc=example, dc=com
154 userpassword: 20urgle12-1
156 replace: userpassword
157 userpassword: 20urgle12-2
159 dn: uid=nd, ou=People, dc=example, dc=com
162 userpassword: 20urgle12-2
164 replace: userpassword
165 userpassword: 20urgle12-3
167 dn: uid=nd, ou=People, dc=example, dc=com
170 userpassword: 20urgle12-3
172 replace: userpassword
173 userpassword: 20urgle12-4
175 dn: uid=nd, ou=People, dc=example, dc=com
178 userpassword: 20urgle12-4
180 replace: userpassword
181 userpassword: 20urgle12-5
183 dn: uid=nd, ou=People, dc=example, dc=com
186 userpassword: 20urgle12-5
188 replace: userpassword
189 userpassword: 20urgle12-6
193 if test $RC != 0 ; then
194 echo "ldapmodify failed ($RC)!"
195 test $KILLSERVERS != no && kill -HUP $KILLPIDS
198 echo "Testing password history..."
199 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 > \
200 $TESTOUT 2>&1 << EOMODS
201 dn: uid=nd, ou=People, dc=example, dc=com
204 userPassword: 20urgle12-6
206 replace: userPassword
207 userPassword: 20urgle12-2
211 if test $RC = 0 ; then
212 echo "ldapmodify failed ($RC)!"
213 test $KILLSERVERS != no && kill -HUP $KILLPIDS
217 echo "Testing forced reset..."
219 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
220 $TESTOUT 2>&1 << EOMODS
221 dn: uid=nd, ou=People, dc=example, dc=com
223 replace: userPassword
224 userPassword: testpassword
231 if test $RC != 0 ; then
232 echo "ldapmodify failed ($RC)!"
233 test $KILLSERVERS != no && kill -HUP $KILLPIDS
237 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
238 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
240 if test $RC = 0 ; then
241 echo "Forced reset failed ($RC)!"
242 test $KILLSERVERS != no && kill -HUP $KILLPIDS
246 COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l`
247 if test $COUNT != 1 ; then
248 echo "Forced reset test failed"
249 test $KILLSERVERS != no && kill -HUP $KILLPIDS
253 echo "Clearing forced reset..."
255 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
256 $TESTOUT 2>&1 << EOMODS
257 dn: uid=nd, ou=People, dc=example, dc=com
263 if test $RC != 0 ; then
264 echo "ldapmodify failed ($RC)!"
265 test $KILLSERVERS != no && kill -HUP $KILLPIDS
269 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
270 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
272 if test $RC != 0 ; then
273 echo "Clearing forced reset failed ($RC)!"
274 test $KILLSERVERS != no && kill -HUP $KILLPIDS
278 echo "Testing Safe modify..."
280 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
281 -w $PASS -s failexpect \
282 -D "$USER" > $TESTOUT 2>&1
284 if test $RC = 0 ; then
285 echo "Safe modify test 1 failed ($RC)!"
286 test $KILLSERVERS != no && kill -HUP $KILLPIDS
292 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
293 -w $PASS -s failexpect -a $PASS \
294 -D "$USER" > $TESTOUT 2>&1
296 if test $RC != 0 ; then
297 echo "Safe modify test 2 failed ($RC)!"
298 test $KILLSERVERS != no && kill -HUP $KILLPIDS
302 echo "Testing length requirement..."
304 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
305 -w failexpect -a failexpect -s spw \
306 -D "$USER" > $TESTOUT 2>&1
308 if test $RC = 0 ; then
309 echo "Length requirement test failed ($RC)!"
310 test $KILLSERVERS != no && kill -HUP $KILLPIDS
313 COUNT=`grep "Password fails quality" $TESTOUT | wc -l`
314 if test $COUNT != 1 ; then
315 echo "Length requirement test failed"
316 test $KILLSERVERS != no && kill -HUP $KILLPIDS
320 test $KILLSERVERS != no && kill -HUP $KILLPIDS
322 echo ">>>>> Test succeeded"