3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2004 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
18 echo "running defines.sh"
19 . $SRCDIR/scripts/defines.sh
21 if test $PPOLICY = ppolicyno; then
22 echo "Password policy overlay not available, test skipped"
26 mkdir -p $TESTDIR $DBDIR1
28 echo "Starting slapd on TCP/IP port $PORT1..."
29 . $CONFFILTER $BACKEND $MONITORDB < $PPOLICYCONF > $CONF1
30 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
32 if test $WAIT != 0 ; then
38 USER="uid=nd, ou=People, dc=example, dc=com"
41 echo "Using ldapsearch to check that slapd is running..."
42 for i in 0 1 2 3 4 5; do
43 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
44 'objectclass=*' > /dev/null 2>&1
46 if test $RC = 0 ; then
49 echo "Waiting 5 seconds for slapd to start..."
52 if test $RC != 0 ; then
53 echo "ldapsearch failed $(RC)!"
54 test $KILLSERVERS != no && kill -HUP $KILLPIDS
58 echo "Using ldapadd to populate the database..."
59 $LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
60 $LDIFPPOLICY > $TESTOUT 2>&1
62 if test $RC != 0 ; then
63 echo "ldapadd failed ($RC)!"
64 test $KILLSERVERS != no && kill -HUP $KILLPIDS
68 echo "Testing account lockout..."
69 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1
71 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
73 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1
75 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1
76 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1
77 COUNT=`grep "Account locked" $SEARCHOUT | wc -l`
78 if test $COUNT != 2 ; then
79 echo "Account lockout test failed"
80 test $KILLSERVERS != no && kill -HUP $KILLPIDS
84 echo "Waiting 30 seconds for lockout to reset..."
87 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
88 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
90 if test $RC != 0 ; then
91 echo "ldapsearch failed ($RC)!"
92 test $KILLSERVERS != no && kill -HUP $KILLPIDS
96 echo "Testing password expiration..."
97 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
98 $TESTOUT 2>&1 << EOMODS
99 dn: uid=nd, ou=People, dc=example, dc=com
101 replace: pwdChangedTime
102 pwdChangedTime: 20031231000001Z
106 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
107 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
109 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
110 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
112 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
113 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
115 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
116 -b "$BASEDN" -s base >> $SEARCHOUT 2>&1
118 if test $RC = 0 ; then
119 echo "Password expiration failed ($RC)!"
120 test $KILLSERVERS != no && kill -HUP $KILLPIDS
124 COUNT=`grep "grace logins" $SEARCHOUT | wc -l`
125 if test $COUNT != 3 ; then
126 echo "Password expiration test failed"
127 test $KILLSERVERS != no && kill -HUP $KILLPIDS
131 echo "Resetting password to clear expired status"
132 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
134 -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1
136 if test $RC != 0 ; then
137 echo "ldappasswd failed ($RC)!"
138 test $KILLSERVERS != no && kill -HUP $KILLPIDS
142 echo "Filling password history..."
143 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS > \
144 $TESTOUT 2>&1 << EOMODS
145 dn: uid=nd, ou=People, dc=example, dc=com
148 userpassword: testpassword
150 replace: userpassword
151 userpassword: 20urgle12-1
153 dn: uid=nd, ou=People, dc=example, dc=com
156 userpassword: 20urgle12-1
158 replace: userpassword
159 userpassword: 20urgle12-2
161 dn: uid=nd, ou=People, dc=example, dc=com
164 userpassword: 20urgle12-2
166 replace: userpassword
167 userpassword: 20urgle12-3
169 dn: uid=nd, ou=People, dc=example, dc=com
172 userpassword: 20urgle12-3
174 replace: userpassword
175 userpassword: 20urgle12-4
177 dn: uid=nd, ou=People, dc=example, dc=com
180 userpassword: 20urgle12-4
182 replace: userpassword
183 userpassword: 20urgle12-5
185 dn: uid=nd, ou=People, dc=example, dc=com
188 userpassword: 20urgle12-5
190 replace: userpassword
191 userpassword: 20urgle12-6
195 if test $RC != 0 ; then
196 echo "ldapmodify failed ($RC)!"
197 test $KILLSERVERS != no && kill -HUP $KILLPIDS
200 echo "Testing password history..."
201 $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 > \
202 $TESTOUT 2>&1 << EOMODS
203 dn: uid=nd, ou=People, dc=example, dc=com
206 userPassword: 20urgle12-6
208 replace: userPassword
209 userPassword: 20urgle12-2
213 if test $RC = 0 ; then
214 echo "ldapmodify failed ($RC)!"
215 test $KILLSERVERS != no && kill -HUP $KILLPIDS
219 echo "Testing forced reset..."
221 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
222 $TESTOUT 2>&1 << EOMODS
223 dn: uid=nd, ou=People, dc=example, dc=com
225 replace: userPassword
226 userPassword: testpassword
233 if test $RC != 0 ; then
234 echo "ldapmodify failed ($RC)!"
235 test $KILLSERVERS != no && kill -HUP $KILLPIDS
239 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
240 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
242 if test $RC = 0 ; then
243 echo "Forced reset failed ($RC)!"
244 test $KILLSERVERS != no && kill -HUP $KILLPIDS
248 COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l`
249 if test $COUNT != 1 ; then
250 echo "Forced reset test failed"
251 test $KILLSERVERS != no && kill -HUP $KILLPIDS
255 echo "Clearing forced reset..."
257 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
258 $TESTOUT 2>&1 << EOMODS
259 dn: uid=nd, ou=People, dc=example, dc=com
265 if test $RC != 0 ; then
266 echo "ldapmodify failed ($RC)!"
267 test $KILLSERVERS != no && kill -HUP $KILLPIDS
271 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
272 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
274 if test $RC != 0 ; then
275 echo "Clearing forced reset failed ($RC)!"
276 test $KILLSERVERS != no && kill -HUP $KILLPIDS
280 echo "Testing Safe modify..."
282 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
283 -w $PASS -s failexpect \
284 -D "$USER" > $TESTOUT 2>&1
286 if test $RC = 0 ; then
287 echo "Safe modify test 1 failed ($RC)!"
288 test $KILLSERVERS != no && kill -HUP $KILLPIDS
294 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
295 -w $PASS -s failexpect -a $PASS \
296 -D "$USER" > $TESTOUT 2>&1
298 if test $RC != 0 ; then
299 echo "Safe modify test 2 failed ($RC)!"
300 test $KILLSERVERS != no && kill -HUP $KILLPIDS
304 echo "Testing length requirement..."
306 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
307 -w failexpect -a failexpect -s spw \
308 -D "$USER" > $TESTOUT 2>&1
310 if test $RC = 0 ; then
311 echo "Length requirement test failed ($RC)!"
312 test $KILLSERVERS != no && kill -HUP $KILLPIDS
315 COUNT=`grep "Password fails quality" $TESTOUT | wc -l`
316 if test $COUNT != 1 ; then
317 echo "Length requirement test failed"
318 test $KILLSERVERS != no && kill -HUP $KILLPIDS
322 test $KILLSERVERS != no && kill -HUP $KILLPIDS
324 echo ">>>>> Test succeeded"