external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 7294e5c0 | patch | commit | ignore whitespace

add tags for test specs, change functions, fix 80 charc - maudj

maudj

13.14.2008 e072968725a1a50807ac4f4c2eb1e8f05f5ef073

add tags for test specs, change functions, fix 80 charc - maudj

12 files modified

	opends/tests/functional-tests/testcases/security/pwd_policy/security_force_pwd_change.xml	428 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_force_pwd_change_all_users.xml	131 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_grace_login.xml	226 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_last_login.xml	489 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_lockout_duration.xml	170 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_lockout_fail_cnt.xml	96 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_min_pwd_age.xml	95 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_mult_pwd_policies.xml	151 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_preencoded_pwds.xml	131 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_pwd_policy.xml	38 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_setup_pwd_policy.xml	12 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/functional-tests/testcases/security/pwd_policy/security_teardown_pwd_policy.xml	20 ●●●●● patch \| view \| raw \| blame \| history

 opends/tests/functional-tests/testcases/security/pwd_policy/security_force_pwd_change.xml

@@ -32,12 +32,38 @@
  <function name="force_pwd_change">

      <sequence>
        
        <!--- Test Suite information
         #@TestSuiteName       Force Password Change
         #@TestSuitePurpose    Force Password Change
         #@TestSuiteGroup      Force Password Change
         #@TestScript          security_force_pwd_change.xml
        -->
 
    <!--- Define default value for basedn -->
     <script>
     basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
     basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
     </script>

       
        <!--- Test Case information
   #@TestMarker         Force Password Change
   #@TestName           Force Pwd Change On Add
   #@TestIssue          none
   #@TestPurpose        Force Pwd Change On Add
   #@TestPreamble       none
   #@TestStep           Step 1. Checking existence of ds-cfg-force-change-on-add
   #@TestStep           Step 2. Admin Enabling Force Password On Add
   #@TestPostamble      none
   #@TestResult         Success if the 2 steps are PASS
        -->

        <testcase name="getTestCaseName('Preamble - Force Pwd Change On Add')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Preamble Step 1. Checking existence of ds-cfg-force-change-on-add'
'Security: Pwd Change: Preamble Step 1. Chk ds-cfg-force-change-on-add exists'
            </message>

            <call function="'compareEntry'">
@@ -46,12 +72,12 @@
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'ds-cfg-force-change-on-add:false',
                'entryToBeCompared'   : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
                'entryToBeCompared'   : basepwp }
            </call>


            <message>
               'Security: Pwd Change: Preamble Step 2. Admin Enabling Force Password On Add'
  'Security: Pwd Change: Preamble Step 2. Admin Enabling Force Password On Add'
            </message>

            <call function="'modifyPwdPolicy'">
@@ -68,7 +94,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Add Single New User -->
        <!--- Test Case information
          #@TestMarker        Force Password Change
          #@TestName          Add Single New User
          #@TestIssue         none
          #@TestPurpose       Add Single New User
          #@TestPreamble      none
          #@TestStep          add_entry1.ldif
          #@TestStep          User Searching With Password SearchObject RC 19
          #@TestPostamble     none
          #@TestResult        Success if the 2 steps are PASS
        -->

        <testcase name="getTestCaseName('Add Single New User')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -77,11 +114,12 @@
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/security/pwd_policy/add_entry1.ldif' % logsRemoteDataDir }
          { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
            'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
            'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
            'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
            'entryToBeAdded'   : '%s/security/pwd_policy/add_entry1.ldif' \
                                 % logsRemoteDataDir }
            </call>

            <message>
@@ -91,19 +129,30 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mcat,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mcat,%s' % basedn ,
                'dsInstancePswd'   : 'pizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base',
                'expectedRC'       : 19 }              
                'expectedRC'       : 19 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Change Password -->
        <!--- Test Case information
          #@TestMarker        Force Password Change
          #@TestName          Added User changes password
          #@TestIssue         none
          #@TestPurpose       Added User changes password
          #@TestPreamble      none
          #@TestStep          User Change Password
          #@TestStep          User Searching With Password SearchObject RC 0
          #@TestPostamble     none
          #@TestResult        Success if the 2 steps are PASS
        -->

        <testcase name="getTestCaseName('Added User Change Password')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -111,15 +160,13 @@
               'Security: Pwd Change: User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mcat,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mcat,%s' % basedn ,
                    'dsInstancePswd'         : 'pizza' ,
                    'DNToModify'             : 'uid=mcat,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newpizza' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mcat,%s' % basedn ,
                    'dsNewPassword'          : 'newpizza' }
            </call>
            
            <message>
@@ -129,7 +176,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mcat,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mcat,%s' % basedn ,
                'dsInstancePswd'   : 'newpizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -140,12 +187,24 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Disable Force Password On Add -->
        <testcase name="getTestCaseName('Postamble - Disable Force Pwd On Add')">
        <!--- Test Case information
          #@TestMarker        Force Password Change
          #@TestName          Admin Disable Force Password On Add
          #@TestIssue         none
          #@TestPurpose       Admin Disable Force Password On Add
          #@TestPreamble      none
          #@TestStep          Step 1. Admin Disabling Force Password On Add
          #@TestStep          Step 2. Adding Single New User add_entry2.ldif
          #@TestStep          Step 3. User Searching With Password RC 0
          #@TestPostamble     none
          #@TestResult        Success if the 3 steps are PASS
        -->
        
      <testcase name="getTestCaseName('Postamble - Disable Force Pwd On Add')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Postamble Step 1. Admin Disabling Force Password On Add'
 'Security: Pwd Change: Postamble Step 1. Admin Disabling Force Password On Add'
            </message>

            <call function="'modifyPwdPolicy'">
@@ -167,18 +226,19 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/security/pwd_policy/add_entry2.ldif' % logsRemoteDataDir }
                'entryToBeAdded'   : '%s/security/pwd_policy/add_entry2.ldif' \
                                     % logsRemoteDataDir }
            </call>


            <message>
               'Security: Pwd Change: Postamble Step 3. User Searching With Password'
          'Security: Pwd Change: Postamble Step 3. User Searching With Password'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'pizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -189,11 +249,24 @@
          </sequence>
        </testcase>

        <testcase name="getTestCaseName('Preamble - Force Pwd Change On Reset')">
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Force Pwd Change On Reset
          #@TestIssue        none
          #@TestPurpose      Force Pwd Change On Reset
          #@TestPreamble     none
          #@TestStep         Step 1. Checking ds-cfg-force-change-on-reset exist
          #@TestStep         Step 2. Admin Enabling Force Password On Reset
                             Change ds-cfg-force-change-on-reset to true
          #@TestPostamble    none
          #@TestResult       Success if the 2 steps are PASS
        -->
        
      <testcase name="getTestCaseName('Preamble - Force Pwd Change On Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Preamble Step 1. Checking existence of ds-cfg-force-change-on-reset'
'Security: Pwd Change: Preamble Step 1. Chk ds-cfg-force-change-on-reset exists'
            </message>

            <call function="'compareEntry'">
@@ -202,11 +275,11 @@
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'ds-cfg-force-change-on-reset:false',
                'entryToBeCompared'   : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
                'entryToBeCompared'   : basepwp }
            </call>

            <message>
               'Security: Pwd Change: Preamble Step 2. Admin Enabling Force Password On Reset'
 'Security: Pwd Change: Preamble Step 2. Admin Enabling Force Password On Reset'
            </message>

            <call function="'modifyPwdPolicy'">
@@ -223,7 +296,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Change User Pwd -->

        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Admin Reset User Pwd
          #@TestIssue        none
          #@TestPurpose      Admin Reset User Pwd
          #@TestPreamble     none
          #@TestStep         Admin Resetting User Pwd
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Admin Reset User Pwd')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -231,22 +315,30 @@
               'Security: Pwd Change: Admin Resetting User Pwd'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=mdog,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'adminpizza' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mdog,%s' % basedn ,
                    'dsNewPassword'          : 'adminpizza' }
            </call>
            
            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Search With Old Pwd -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Search With Old Pwd
          #@TestIssue        none
          #@TestPurpose      User Search With Old Pwd
          #@TestPreamble     none
          #@TestStep         User Search With Old Pwd : SearchObject returns 49
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Old Pwd - Search')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -257,19 +349,30 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'pizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base',
                'expectedRC'       : 49 }              
                'expectedRC'       : 49 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Add With Old Pwd -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Add With Old Pwd
          #@TestIssue        none
          #@TestPurpose      User Add With Old Pwd
          #@TestPreamble     none
          #@TestStep         User Adding Attr With Old Password RC 49
          #@TestStep         Checking User-added Attribute Exists RC 16
          #@TestPostamble    none
          #@TestResult       Success if the 2 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Old Pwd - Add')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -280,9 +383,9 @@
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mdog,%s' % basedn ,
                    'dsInstancePswd'         : 'pizza' ,
                    'DNToModify'             : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'DNToModify'             : 'uid=mdog,%s' % basedn ,
                    'attributeName'          : 'pager' ,
                    'newAttributeValue'      : '+1 999 555 1212' ,
                    'changetype'             : 'add'  ,
@@ -290,7 +393,7 @@
            </call>
            
            <message>
               'Security: Pwd Change: Checking For Existence of User-added Attribute'
          'Security: Pwd Change: Checking For Existence of User-added Attribute'
            </message>

            <call function="'compareEntry'">
@@ -299,15 +402,26 @@
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'pager:+1 999 555-1212',
                'entryToBeCompared'   : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'expectedRC'          : 16 }                
                'entryToBeCompared'   : 'uid=mdog,%s' % basedn ,
                'expectedRC'          : 16 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

     <!--- Test Case : User Delete With Old Pwd -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Delete With Old Pwd
          #@TestIssue        none
          #@TestPurpose      User Delete With Old Pwd
          #@TestPreamble     none
          #@TestStep         User Deleting Attr With Old Password RC 49
          #@TestStep         Checking For Existence of User-deleted Attribute
          #@TestPostamble    none
          #@TestResult       Success if the 2 step are PASS
        -->
     
        <testcase name="getTestCaseName('Old Pwd - Delete')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -318,16 +432,16 @@
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mdog,%s' % basedn ,
                    'dsInstancePswd'         : 'pizza' ,
                    'DNToModify'             : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'DNToModify'             : 'uid=mdog,%s' % basedn ,
                    'attributeName'          : 'roomnumber' ,
                    'changetype'             : 'delete' ,
                    'expectedRC'             : 49  }
            </call>
            
            <message>
               'Security: Pwd Change: Checking For Existence of User-deleted Attribute'
       'Security: Pwd Change: Checking For Existence of User-deleted Attribute'
            </message>

            <call function="'compareEntry'">
@@ -336,14 +450,24 @@
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'roomnumber:4612',
                'entryToBeCompared'   : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' }
                'entryToBeCompared'   : 'uid=mdog,%s' % basedn , }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

     <!--- Test Case : User Delete With Old Pwd -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Old Pwd - Compare
          #@TestIssue        none
          #@TestPurpose      Old Pwd - Compare
          #@TestPreamble     none
          #@TestStep         Checking For Existence of User Attribute RC 49
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
     
        <testcase name="getTestCaseName('Old Pwd - Compare')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -354,18 +478,28 @@
            <call function="'compareEntry'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'      : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'        : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'        : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'      : 'pizza' ,
                'attrToBeCompared'    : 'l:Sunnyvale',
                'entryToBeCompared'   : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'expectedRC'          : 49 }                
                'entryToBeCompared'   : 'uid=mdog,%s' % basedn ,
                'expectedRC'          : 49 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Search With Assigned Pwd -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Search With Assigned Pwd
          #@TestIssue        none
          #@TestPurpose      User Search With Assigned Pwd
          #@TestPreamble     none
          #@TestStep         User Searching With Assigned Password RC 19
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Search With Assigned Pwd')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -376,19 +510,31 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'adminpizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base',
                'expectedRC'       : 19 }                
                'expectedRC'       : 19 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Change Password -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Change Password
          #@TestIssue        none
          #@TestPurpose      User Change Password
          #@TestPreamble     none
          #@TestStep         User Changing Password after reset
          #@TestStep         User Searching With Assigned Password RC 49
          #@TestStep         User Searching With New Password SearchObject RC 0
          #@TestPostamble    none
          #@TestResult       Success if the 3 steps are PASS
        -->
        
        <testcase name="getTestCaseName('User Change Password After Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -396,15 +542,13 @@
               'Security: Pwd Change: User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mdog,%s' % basedn ,
                    'dsInstancePswd'         : 'adminpizza' ,
                    'DNToModify'             : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newpizza' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mdog,%s' % basedn ,
                    'dsNewPassword'          : 'newpizza' }
            </call>
            
            <message>
@@ -414,12 +558,12 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'adminpizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }                
                'expectedRC'       : 49 }
            </call>

            <message>
@@ -429,7 +573,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'newpizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -441,7 +585,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Enable Maximum Reset Age -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Admin Enable Maximum Reset Age - Long Reset Time
          #@TestIssue        none
          #@TestPurpose      Admin Enable Maximum Reset Age - Long Reset Time
          #@TestPreamble     none
          #@TestStep         Admin Enabling Maximum Reset Age - Long Reset Time
                             set max-password-reset-age to 30 m
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Admin Enable Max Reset Age Long')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -463,46 +618,64 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Change User Pwd -->
        <testcase name="getTestCaseName('Admin Reset User Pwd - Long Reset Time')">
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Admin Change User Pwd - Long Reset Time
          #@TestIssue        none
          #@TestPurpose      Admin Change User Pwd - Long Reset Time
          #@TestPreamble     none
          #@TestStep         Admin Changing User Pwd
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
    <testcase name="getTestCaseName('Admin Reset User Pwd - Long Reset Time')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Admin Changing User Pwd'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=mdog,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'adminlongpizza' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mdog,%s' % basedn ,
                    'dsNewPassword'          : 'adminlongpizza' }
            </call>
            
            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Change Password -->
        <testcase name="getTestCaseName('User Change Password - Long Reset Time')">
        
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Change Password - Long Reset Time
          #@TestIssue        none
          #@TestPurpose      User Changing Password - Long Reset Time
          #@TestPreamble     none
          #@TestStep         User Changing Password - Long Reset Time
          #@TestStep         User Searching With Password RC 0
          #@TestPostamble    none
          #@TestResult       Success if the 2 steps are PASS
        -->
        
    <testcase name="getTestCaseName('User Change Password - Long Reset Time')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mdog,%s' % basedn ,
                    'dsInstancePswd'         : 'adminlongpizza' ,
                    'DNToModify'             : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newlongpizza' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mdog,%s' % basedn ,
                    'dsNewPassword'          : 'newlongpizza' }
            </call>
            
            <message>
@@ -512,7 +685,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'newlongpizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -523,7 +696,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Enable Maxmimum Reset Age -->
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Admin Enable Maxmimum Reset Age - Short Reset Time
          #@TestIssue        none
          #@TestPurpose      Admin Enable Maxmimum Reset Age - Short Reset Time
          #@TestPreamble     none
          #@TestStep         Admin Enable Maxmimum Reset Age Short Reset Time
                             set max-password-reset-age to 8 s
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Admin Enable Max Reset Age Short')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -545,35 +729,56 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Change User Pwd -->
        <testcase name="getTestCaseName('Admin Reset User Pwd - Short Reset Time')">
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Admin Change User Pwd - Short Reset Time
          #@TestIssue        none
          #@TestPurpose      Admin Changing User Pwd -Short Reset Time
          #@TestPreamble     none
          #@TestStep         Admin Changing User Pwd
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
    <testcase name="getTestCaseName('Admin Reset User Pwd - Short Reset Time')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Admin Changing User Pwd'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=mdog,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'adminshortpizza' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mdog,%s' % basedn ,
                    'dsNewPassword'          : 'adminshortpizza' }
            </call>
            
            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Change Password -->
        <testcase name="getTestCaseName('User Change Password - Short Reset Time')">
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         User Change Password -Short Reset Time
          #@TestIssue        none
          #@TestPurpose      User Change Password -Short Reset Time
          #@TestPreamble     none
          #@TestStep         User Change Password sleep 12000
          #@TestStep         User Changing Password ldapPasswordModifyWithScript
                              returns 49
          #@TestStep         User Searching With Password SearchObject return 49
          #@TestPostamble    none
          #@TestResult       Success if the 3 steps are PASS
        -->
        
    <testcase name="getTestCaseName('User Change Password - Short Reset Time')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: User Change Password - Short Reset Time - Sleeping'
      'Security: Pwd Change: User Change Password - Short Reset Time - Sleeping'
            </message>

            <call function="'Sleep'">
@@ -584,15 +789,13 @@
               'Security: Pwd Change: User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mdog,%s' % basedn ,
                    'dsInstancePswd'         : 'adminpizza' ,
                    'DNToModify'             : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newshortpizza' ,
                    'changetype'             : 'replace' ,
                    'dsAuthzID'              : 'dn:uid=mdog,%s' % basedn ,
                    'dsNewPassword'          : 'newshortpizza' ,
                    'expectedRC'             : 49  }
            </call>
            
@@ -603,24 +806,37 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=mdog,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=mdog,%s' % basedn ,
                'dsInstancePswd'   : 'newshortpizza' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base',
                'expectedRC'       : 49 }                  
                'expectedRC'       : 49 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : Admin Disable Force Password On Reset -->
        <testcase name="getTestCaseName('Postamble - Disable Force Pwd On Reset')">
        <!--- Test Case information
          #@TestMarker       Force Password Change
          #@TestName         Admin Disable Force Password On Reset
          #@TestIssue        none
          #@TestPurpose      Admin Disable Force Password On Reset
          #@TestPreamble     none
          #@TestStep         Step 1. Admin Disabling Max Pwd Age
                             set max-password-reset-age to 0 s
          #@TestStep         Step 2. Admin Disabling Force Password On Reset
                             set force-change-on-reset to false
          #@TestPostamble    none
          #@TestResult       Success if the 2 steps are PASS
        -->
        
    <testcase name="getTestCaseName('Postamble - Disable Force Pwd On Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Postamble Step 1. Admin Disabling Max Pwd Age'
           'Security: Pwd Change: Postamble Step 1. Admin Disabling Max Pwd Age'
            </message>

            <call function="'modifyPwdPolicy'">
@@ -634,7 +850,7 @@
            </call>
            
            <message>
               'Security: Pwd Change: Postamble Step 2. Admin Disabling Force Password On Reset'
'Security: Pwd Change: Postamble Step 2. Admin Disabling Force Pwd On Reset'
            </message>

            <call function="'modifyPwdPolicy'">

 opends/tests/functional-tests/testcases/security/pwd_policy/security_force_pwd_change_all_users.xml

@@ -33,18 +33,45 @@

      <sequence>

        <!--- Test Case : User Search With Password -->
        <!--- Test Suite information
         #@TestSuiteName       Force PasswordChange All Users
         #@TestSuitePurpose    Force PasswordChange All Users
         #@TestSuiteGroup      Force PasswordChange All Users
         #@TestScript          security_force_pwd_change_all_users.xml
        -->
        
        <!--- Define default value for basedn -->
     <script>
     basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
     </script>
     
     
        <!--- Test Case information
          #@TestMarker       Force PasswordChange All Users
          #@TestName         User Search With Password
          #@TestIssue        none
          #@TestPurpose      Set the Pwd Expiration Time to a past date
          #@TestPreamble     none
          #@TestStep         Step 1 - User Searching With Password
          #@TestStep         Step 2 - Admin Enabling Exp Pwd No Warning
                             set expire-passwords-without-warning to true
          #@TestStep         Step 3 - Admin Setting Pwd Time Exp
                             set require-change-by-time to 20061030183752.848Z
          #@TestPostamble    none
          #@TestResult       Success if the 3 steps are PASS
        -->

        <testcase name="getTestCaseName('Preamble Setup')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Pwd Change: Preamble Step 1 - User Searching With Password'
         'Security: Pwd Change: Preamble Step 1 - User Searching With Password'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -53,21 +80,21 @@


            <message>
               'Security: Pwd Change: Preamble Step 2 - Admin Enabling Exp Pwd No Warning'
     'Security: Pwd Change: Preamble Step 2 - Admin Enabling Exp Pwd No Warning'
            </message>

            <call function="'modifyPwdPolicy'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'propertyName'           : 'Default Password Policy' ,
                    'attributeName'          : 'expire-passwords-without-warning' ,
                    'attributeValue'         : 'true' }
               { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                 'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                 'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                 'propertyName'           : 'Default Password Policy' ,
                 'attributeName'          : 'expire-passwords-without-warning' ,
                 'attributeValue'         : 'true' }
            </call>
            
            <message>
               'Security: Pwd Change: Preamble Step 3 -Admin Setting Pwd Time Exp'
           'Security: Pwd Change: Preamble Step 3 -Admin Setting Pwd Time Exp'
            </message>

            <call function="'modifyPwdPolicy'">
@@ -84,7 +111,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : User Search With Expired Password -->
        <!--
        - Test Case information
          #@TestMarker       Force PasswordChange All Users
          #@TestName         User Search With Expired Password
          #@TestIssue        none
          #@TestPurpose      User Search With Expired Password
          #@TestPreamble     none
          #@TestStep         User Search With Expired Password RC 49
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('User Search With Exp Password')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -95,19 +133,31 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base',
                'expectedRC'       : 49 }                            
                'expectedRC'       : 49 }
            </call>

            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : Admin Disable Exp Pwd No Warning -->
        <!--
        - Test Case information
          #@TestMarker       Force PasswordChange All Users
          #@TestName         Admin Disable Exp Pwd No Warning
          #@TestIssue        none
          #@TestPurpose      Admin Disable Exp Pwd No Warning
          #@TestPreamble     none
          #@TestStep         Admin Disabling Exp Pwd No Warning
                             set expire-passwords-without-warning to false
          #@TestPostamble    none
          #@TestResult       Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Admin Disable Exp Pwd No Warning')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -116,20 +166,32 @@
            </message>

            <call function="'modifyPwdPolicy'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'propertyName'           : 'Default Password Policy' ,
                    'attributeName'          : 'expire-passwords-without-warning' ,
                    'attributeValue'         : 'false' }
               { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                 'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                 'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                 'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                 'propertyName'           : 'Default Password Policy' ,
                 'attributeName'          : 'expire-passwords-without-warning' ,
                 'attributeValue'         : 'false' }
            </call>
            
            <call function="'testCase_Postamble'"/>
          </sequence>
        </testcase>

        <!--- Test Case : User Search With Expired Password 2-->
       <!--
        - Test Case information
          #@TestMarker       Force PasswordChange All Users
          #@TestName         User Search With Expired Password 2
          #@TestIssue        none
          #@TestPurpose      User Search With Expired Password 2
          #@TestPreamble     none
          #@TestStep         User Searching With Expired Password 2
                             SearchObject grep will expire
          #@TestPostamble    none
          #@TestResult       Success if the steps is PASS
        -->
        
        <testcase name="getTestCaseName('User Search With Exp Password 2')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -140,7 +202,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -159,7 +221,20 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin Reset Pwd Time Exp -->
        <!--
        - Test Case information
          #@TestMarker       Force PasswordChange All Users
          #@TestName         Admin Reset Pwd Time Exp
          #@TestIssue        none
          #@TestPurpose      Admin Reset Pwd Time Exp 
          #@TestPreamble     none
          #@TestStep         Admin Resetting Pwd Time Exp
                             remove require-change-by-time 20061030183752.848Z
          #@TestStep         User Searching With Password SearchObject returns 0
          #@TestPostamble    none
          #@TestResult       Success if the 2 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Postamble Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -185,9 +260,9 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=scarter,%s' % basedn ,
                'dsInstancePswd'   : 'sprain' ,
                'dsBaseDN'   : 'dc=example,dc=com' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' }
            </call>

 opends/tests/functional-tests/testcases/security/pwd_policy/security_grace_login.xml

@@ -32,19 +32,48 @@
  <function name="grace_login">

      <sequence>
        
        <!--- Test Suite information
            #@TestSuiteName       Grace Login
            #@TestSuitePurpose    Test the Password Policy Grace Login
            #@TestSuiteGroup      Grace Login
            #@TestScript          security_grace_login.xml
        -->

        <testcase name="getTestCaseName('Preamble, Admin Changing Pwd Policy Settings')">
        <!--- Define default value for basedn -->
          <script>
   basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
   basepwp ='cn=Default Password Policy,cn=Password Policies,cn=config'
          </script>


        <!--- Test Case information
          #@TestMarker          Grace Login
          #@TestName            Admin Changing Pwd Policy Settings
          #@TestIssue           none
          #@TestPurpose         Admin Changing Pwd Policy Settings
          #@TestPreamble        none
          #@TestStep            set ds-cfg-expire-passwords-without-warning true
                                ds-cfg-min-password-age 1 seconds
                                ds-cfg-max-password-age 3 seconds
                                ds-cfg-password-expiration-warning-interval 1 s
                                ds-cfg-grace-login-count 2
          #@TestPostamble       none
          #@TestResult          Success if modifyAnAttribute returns 0
        -->
        
 <testcase name="getTestCaseName('Preamble, Admin Change Pwd Policy Settings')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            
            <script>
                listAttrs=[]
                listAttrs.append("ds-cfg-expire-passwords-without-warning:true")
                listAttrs.append("ds-cfg-min-password-age:1 seconds")
                listAttrs.append("ds-cfg-max-password-age:3 seconds")
                listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
                listAttrs.append("ds-cfg-grace-login-count:2")
            </script>
       <script>
       listAttrs=[]
       listAttrs.append("ds-cfg-expire-passwords-without-warning:true")
       listAttrs.append("ds-cfg-min-password-age:1 seconds")
       listAttrs.append("ds-cfg-max-password-age:3 seconds")
       listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
       listAttrs.append("ds-cfg-grace-login-count:2")
       </script>
            
            <message>
               'Security: Grace Login: Admin modifying password policy settings'
@@ -55,7 +84,7 @@
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
                    'DNToModify'             : basepwp ,
                    'listAttributes'         : listAttrs ,
                    'changetype'             : 'replace' }
            </call>
@@ -66,17 +95,31 @@
          </sequence>
        </testcase>

        <!-- Issue 2032 -->
        <testcase name="getTestCaseName('Preamble, Admin Changing min password age beyond limit')">
        <!--- Test Case information
          #@TestMarker          Grace Login
          #@TestName            Admin Changing min password age beyond limit
          #@TestIssue           2032
          #@TestPurpose         Testing issue 2032
          #@TestPreamble        none
          #@TestStep            Change Pwd Policy min password age beyond limit
                                set ds-cfg-min-password-age 10 seconds
                                ds-cfg-max-password-age 3 seconds
                                ds-cfg-password-expiration-warning-interval 1 s
          #@TestPostamble       none
          #@TestResult          Success if modifyAnAttribute returns 53
        -->
        
<testcase name="getTestCaseName
('Preamble, Admin Change min pwd age beyond limit')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            
            <script>
                listAttrs=[]
                listAttrs.append("ds-cfg-min-password-age:10 seconds")
                listAttrs.append("ds-cfg-max-password-age:3 seconds")
                listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
            </script>
       <script>
       listAttrs=[]
       listAttrs.append("ds-cfg-min-password-age:10 seconds")
       listAttrs.append("ds-cfg-max-password-age:3 seconds")
       listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
       </script>
            
            <message>
               'Security: Grace Login: Admin modifying password policy settings'
@@ -87,7 +130,7 @@
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
                    'DNToModify'             : basepwp ,
                    'listAttributes'         : listAttrs ,
                    'changetype'             : 'replace' ,
                    'expectedRC'             : 53 }
@@ -99,17 +142,30 @@
          </sequence>
        </testcase>

        <!-- Issue 2032 -->
        <testcase name="getTestCaseName('Preamble, Admin Changing min password age to limit')">
        <!--- Test Case information
          #@TestMarker          Grace Login
          #@TestName            Admin Changing min password age to limit
          #@TestIssue           2032
          #@TestPurpose         Testing issue 2032
          #@TestPreamble        none
          #@TestStep            Change Pwd Policy min password age to limit
                                set ds-cfg-min-password-age 2 seconds
                                ds-cfg-max-password-age 3 seconds
                                ds-cfg-password-expiration-warning-interval 1 s
          #@TestPostamble       none
          #@TestResult          Success if modifyAnAttribute returns 53
        -->
        
<testcase name="getTestCaseName('Preamble, Admin Change min pwd age to limit')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            
            <script>
                listAttrs=[]
                listAttrs.append("ds-cfg-min-password-age:2 seconds")
                listAttrs.append("ds-cfg-max-password-age:3 seconds")
                listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
            </script>
       <script>
       listAttrs=[]
       listAttrs.append("ds-cfg-min-password-age:2 seconds")
       listAttrs.append("ds-cfg-max-password-age:3 seconds")
       listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
       </script>
            
            <message>
               'Security: Grace Login: Admin modifying password policy settings'
@@ -120,7 +176,7 @@
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
                    'DNToModify'             : basepwp ,
                    'listAttributes'         : listAttrs ,
                    'changetype'             : 'replace' ,
                    'expectedRC'             : 53 }
@@ -132,17 +188,31 @@
          </sequence>
        </testcase>

        <!-- Issue 2032 -->
        <testcase name="getTestCaseName('Preamble, Admin Changing expire warning interval beyond limit')">
        <!--- Test Case information
          #@TestMarker       Grace Login
          #@TestName         Admin Changing expire warning interval beyond limit
          #@TestIssue        2032
          #@TestPurpose      Testing issue 2032
          #@TestPreamble     none
          #@TestStep         Change Pwd Pol expire warning interval beyond limit
                             set ds-cfg-min-password-age 1 seconds
                             ds-cfg-max-password-age 3 seconds
                             ds-cfg-password-expiration-warning-interval 10 s
          #@TestPostamble    none
          #@TestResult       Success if modifyAnAttribute returns 53
        -->
        
<testcase name="getTestCaseName
('Preamble, Admin Change expire warning interval beyond limit')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            
            <script>
                listAttrs=[]
                listAttrs.append("ds-cfg-min-password-age:1 seconds")
                listAttrs.append("ds-cfg-max-password-age:3 seconds")
                listAttrs.append("ds-cfg-password-expiration-warning-interval:10 seconds")
            </script>
      <script>
      listAttrs=[]
      listAttrs.append("ds-cfg-min-password-age:1 seconds")
      listAttrs.append("ds-cfg-max-password-age:3 seconds")
      listAttrs.append("ds-cfg-password-expiration-warning-interval:10 seconds")
      </script>
            
            <message>
               'Security: Grace Login: Admin modifying password policy settings'
@@ -153,7 +223,7 @@
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
                    'DNToModify'             : basepwp ,
                    'listAttributes'         : listAttrs ,
                    'changetype'             : 'replace' ,
                    'expectedRC'             : 53 }
@@ -165,6 +235,21 @@
          </sequence>
        </testcase>

        <!--- Test Case information
          #@TestMarker          Grace Login
          #@TestName            Search Bad Pwd 4x
          #@TestIssue           none
          #@TestPurpose         Search Bad Pwd 4x
          #@TestPreamble        none
          #@TestStep            Pause 2 seconds
          #@TestStep            Search Bind 1 SearchObject returns 19
          #@TestStep            Search Bind 2 SearchObject returns 19
          #@TestStep            Search Bind 3 SearchObject returns 49
          #@TestStep            Search Bind 4 SearchObject returns 49
          #@TestPostamble       none
          #@TestResult          Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Search Bad Pwd 4x')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -184,7 +269,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=btalbot,%s' % basedn ,
                  'dsInstancePswd'   : 'trident',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -199,7 +284,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=btalbot,%s' % basedn ,
                  'dsInstancePswd'   : 'trident',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -214,7 +299,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=btalbot,%s' % basedn ,
                  'dsInstancePswd'   : 'trident',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -228,7 +313,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=btalbot,%s' % basedn ,
                  'dsInstancePswd'   : 'trident',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -241,6 +326,22 @@
          </sequence>
        </testcase>

        <!--- Test Case information
          #@TestMarker          Grace Login
          #@TestName            Reset Pwd
          #@TestIssue           none
          #@TestPurpose         Reset Pwd
          #@TestPreamble        none
          #@TestStep            Search Bind 1 SearchObject returns 19
          #@TestStep            User resetting password
          #@TestStep            Admin reset max password age set 
                                max-password-age to 24 h
          #@TestStep            Search Bind 2 SearchObject returns 0
          #@TestStep            Search Bind 2 SearchObject returns 0
          #@TestPostamble       none
          #@TestResult          Success if the 5 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Reset Pwd')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -252,7 +353,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'   : 'forsook',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -267,13 +368,13 @@
            <call function="'modifyAnAttribute'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=kwinters,%s' % basedn ,
                    'dsInstancePswd'         : 'forsook' ,
                    'DNToModify'             : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'DNToModify'             : 'uid=kwinters,%s' % basedn ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newforsook' ,
                    'changetype'             : 'replace' }
            </call>
             </call>
    
            <message>
               'Security: Grace Login: Reset Pwd, Admin reset max password age'
@@ -296,7 +397,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'   : 'newforsook',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -310,7 +411,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'   : 'newforsook',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -322,17 +423,32 @@
          </sequence>
        </testcase>

        <testcase name="getTestCaseName('Postamble, Admin Resetting Pwd Policy Settings')">
        <!--- Test Case information
          #@TestMarker          Grace Login
          #@TestName            Admin Resetting Pwd Policy Settings
          #@TestIssue           none
          #@TestPurpose         Admin Resetting Pwd Policy Settings
          #@TestPreamble        none
          #@TestStep            set ds-cfg-expire-passwords-without-warning to 
                                false ds-cfg-max-password-age 0 seconds
                                ds-cfg-min-password-age 0 seconds
                                ds-cfg-password-expiration-warning-interval 5 d
                                ds-cfg-grace-login-count 0
          #@TestPostamble       none
          #@TestResult          Success if modifyAnAttribute returns 0
        -->
      
<testcase name="getTestCaseName('Postamble, Admin Reset Pwd Policy Settings')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            
            <script>
                listAttrs=[]
                listAttrs.append("ds-cfg-expire-passwords-without-warning:false")
                listAttrs.append("ds-cfg-max-password-age:0 seconds")
                listAttrs.append("ds-cfg-min-password-age:0 seconds")
                listAttrs.append("ds-cfg-password-expiration-warning-interval:5 d")
                listAttrs.append("ds-cfg-grace-login-count:0")
             listAttrs=[]
             listAttrs.append("ds-cfg-expire-passwords-without-warning:false")
             listAttrs.append("ds-cfg-max-password-age:0 seconds")
             listAttrs.append("ds-cfg-min-password-age:0 seconds")
             listAttrs.append("ds-cfg-password-expiration-warning-interval:5 d")
             listAttrs.append("ds-cfg-grace-login-count:0")
            </script>
            
            <message>
@@ -344,7 +460,7 @@
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
                    'DNToModify'             : basepwp ,
                    'listAttributes'         : listAttrs ,
                    'changetype'             : 'replace' }
            </call>

 opends/tests/functional-tests/testcases/security/pwd_policy/security_last_login.xml

@@ -32,8 +32,31 @@
  <function name="last_login">

      <sequence>

        <!--- Test Case : Check for ds-cfg-idle-lockout-interval -->
        
         <!--- Test Suite information
            #@TestSuiteName       Last Login
            #@TestSuitePurpose    Test Password Policy for Last Login
            #@TestSuiteGroup      Last Login
            #@TestScript          security_last_login.xml
          -->
 
         <!--- Define default value for basedn -->
          <script>
            basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
          </script>
        
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Check for ds-cfg-idle-lockout-interval
            #@TestIssue           none
            #@TestPurpose         Check for ds-cfg-idle-lockout-interval
            #@TestPreamble        none
            #@TestStep            Checking existence of 
                                  ds-cfg-idle-lockout-interval with value set 0
            #@TestPostamble       none
            #@TestResult          Success if compareEntry returns 0
        -->
        
        <testcase name="getTestCaseName('Preamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>          
@@ -55,7 +78,24 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin enable last login attribute only-->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin enable last login attribute only
            #@TestIssue           none
            #@TestPurpose         Admin enable last login attribute only
            #@TestPreamble        none
            #@TestStep            Admin Enable Last Login Attribute Only
                                  modifyPwdPolicy set last-login-time-attribute 
                                  to ds-pwp-last-login-time
            #@TestStep            User Binding With Password returns 0
            #@TestStep            Checking for Absence of Last Login Time
                                  SearchObject attribute ds-pwp-last-login-time 
                                  returns 0 checktestStringNotPresent 
                                  ds-pwp-last-login-time
            #@TestPostamble       none
            #@TestResult          Success if the 3 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Admin Enable Last Login Attr Only')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -80,7 +120,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -96,7 +136,7 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=jreuter,%s' % basedn ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'ds-pwp-last-login-time' }
            </call>
@@ -115,7 +155,25 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin enable last login format only -->
        <!--- Test Case information
          #@TestMarker          Last Login
          #@TestName            Admin enable last login format only
          #@TestIssue           none
          #@TestPurpose         Admin enable last login format only
          #@TestPreamble        none
          #@TestStep            Admin Disable Last Login Attribute Only set
                                last-login-time-attribute to reset
          #@TestStep            Admin Enable Last Login Format Only set
                                last-login-time-format to EEE, MMM dd, 
                                yyyy HH:mm:ss
          #@TestStep            User Binding With Password returns 0
          #@TestStep            Checking for Absence of Last Login Time
                                SearchObject attribute ds-pwp-last-login-time
                                checktestStringNotPresent ds-pwp-last-login-time
          #@TestPostamble       none
          #@TestResult          Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Admin Enable Last Login Format Only')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -154,7 +212,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -170,7 +228,7 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=jreuter,%s' % basedn ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'ds-pwp-last-login-time' }
            </call>
@@ -189,7 +247,23 @@
          </sequence>
        </testcase>

        <!--- Test Case : Admin enable both last login attribute and format-->
        <!--- Test Case information
          #@TestMarker        Last Login
          #@TestName          Admin enable both last login attribute and format
          #@TestIssue         none
          #@TestPurpose       Admin enable both last login attribute and format
          #@TestPreamble      none
          #@TestStep          Admin Enable Last Login Attribute And Format
                              set last-login-time-attribute to 
                              ds-pwp-last-login-time
          #@TestStep          User Binding With Password returns 0
          #@TestStep          Checking for Absence of Last Login Time
                              SearchObject ds-pwp-last-login-time returns 0
                              checktestString ds-pwp-last-login-time
          #@TestPostamble     none
          #@TestResult        Success if the 3 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Admin Enable Last Login Attr And Format')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -214,7 +288,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -230,7 +304,7 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'dsBaseDN'         : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsBaseDN'         : 'uid=jreuter,%s' % basedn ,
                'dsFilter'         : 'objectclass=*'  ,
                'attributes'       : 'ds-pwp-last-login-time' }
            </call>
@@ -249,7 +323,24 @@
          </sequence>
        </testcase>

        <!--- Test Case : Long Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Long Idle Lockout Interval
            #@TestIssue           none
            #@TestPurpose         Long Idle Lockout Interval
            #@TestPreamble        none
            #@TestStep            Step 1. Check User Bind returns 0
            #@TestStep            Step 2. Admin Changing Idle Lockout Interval
                                  set idle-lockout-interval to 50 s
            #@TestStep            Step 3. User Binding Before Idle Lockout
                                  SearchObject returns 0
            #@TestStep            Step 4. Sleep sleepForMilliSeconds 60000
            #@TestStep            Step 5. User Binding After Idle Lockout
                                  SearchObject returns 49
            #@TestPostamble       none
            #@TestResult          Success if the 5 steps are PASS
        -->

        <testcase name="getTestCaseName('Long Idle Lockout')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -260,7 +351,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -288,7 +379,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -312,7 +403,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'destroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -325,7 +416,20 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin Reset Idle Lockout Interval 1
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval 1
            #@TestPreamble        none
            #@TestStep            Step 1. set idle-lockout-interval to 0 s
            #@TestStep            Step 2. User Binding SearchObject returns 0
            #@TestStep            Step 3. Sleep sleepForMilliSeconds 60000
            #@TestStep            Step 4. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 4 tests are PASS
        -->
        
        <testcase name="getTestCaseName('Reset Idle Lockout')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -350,7 +454,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'destroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -373,7 +477,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'destroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -385,7 +489,26 @@
          </sequence>
        </testcase>

        <!--- Test Case : Password Change Override -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Password Change Override
            #@TestIssue           none
            #@TestPurpose         Password Change Override
            #@TestPreamble        none
            #@TestStep            Step 1. Check User Bind SearchObject returns 0
            #@TestStep            Step 2. Admin Changing Idle Lockout Interval
                                  set idle-lockout-interval to 50 s
            #@TestStep            Step 3. User Binding Before Idle Lockout
                                  SearchObject returns 0
            #@TestStep            Step 4. Sleep sleepForMilliSeconds 30000
            #@TestStep            Step 5. User Changing Password
            #@TestStep            Step 6. Sleep sleepForMilliSeconds to 30000
            #@TestStep            Step 7. User Binding After Idle Lockout
                                  SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 7 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Idle Lockout - Pwd Change Override')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -396,7 +519,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -424,7 +547,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'destroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -445,15 +568,13 @@
               'Security: Last Login: Long Idle Lockout - Password Change Override Step 5. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=jreuter,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newdestroy' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=jreuter,%s' % basedn ,
                    'dsNewPassword'          : 'newdestroy' }
            </call>
            
            <message>
@@ -471,7 +592,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -482,8 +603,22 @@

          </sequence>
        </testcase>
        
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin Reset Idle Lockout Interval 2
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval 2
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Resetting Idle Lockout Interval
                                  set idle-lockout-interval to 0
            #@TestStep            Step 2. User Binding SearchObject returns 0
            #@TestStep            Step 3. Sleep sleepForMilliSeconds 60000
            #@TestStep            Step 4. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 4 steps are PASS
        -->

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <testcase name="getTestCaseName('Reset Idle Lockout 2')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -508,7 +643,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -530,7 +665,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -542,7 +677,27 @@
          </sequence>
        </testcase>

        <!--- Test Case : User Bind Reset Last Login Time -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            User Bind Reset Last Login Time
            #@TestIssue           none
            #@TestPurpose         User Bind Reset Last Login Time
            #@TestPreamble        none
            #@TestStep            Step 1. Check User Bind SearchObject returns 0
            #@TestStep            Step 2. Admin Changing Idle Lockout Interval
                                  set idle-lockout-interval to 50 s
            #@TestStep            Step 3. User Binding Before Idle Lockout
                                  SearchObject returns 0
            #@TestStep            Step 4. Sleep sleepForMilliSeconds 30000
            #@TestStep            Step 5. User Bind To Reset Last Login Time
                                  SearchObject returns 0
            #@TestStep            Step 6. Sleep sleepForMilliSeconds 30000
            #@TestStep            Step 7. User Binding After Idle Lockout
                                  SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 7 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Idle Lockout - User Bind Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -553,7 +708,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -582,7 +737,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -605,7 +760,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -628,7 +783,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -640,7 +795,21 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin Reset Idle Lockout Interval 3
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval 3
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Resetting Idle Lockout Interval
                                  set idle-lockout-interval to 0
            #@TestStep            Step 2. User Binding SearchObject returns 0
            #@TestStep            Step 3. Sleep sleepForMilliSeconds 60000
            #@TestStep            Step 4. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Reset Idle Lockout 3')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -665,7 +834,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -687,7 +856,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -699,7 +868,22 @@
          </sequence>
        </testcase>

        <!--- Test Case : Long Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Long Idle Lockout Interval
            #@TestIssue           none
            #@TestPurpose         Long Idle Lockout Interval
            #@TestPreamble        none
            #@TestStep            Step 1. Disable Last Login set 
                                  last-login-time-attribute to reset
            #@TestStep            Step 2. Check User Bind SearchObject returns 0
            #@TestStep            Step 3. Admin Changing Idle Lockout Interval
                                  set idle-lockout-interval to 50 s
            #@TestStep            Step 4. User Binding SearchObject returns 49
            #@TestPostamble       none
            #@TestResult          Success if the 4 steps are PASS
        -->        
        
        <testcase name="getTestCaseName('Long Idle Lockout - Disabled Last Login')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -724,7 +908,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -752,7 +936,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -765,7 +949,23 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
          #@TestMarker       Last Login
          #@TestName         Admin Reset Idle Lockout Interval 4
          #@TestIssue        none
          #@TestPurpose      Admin Reset Idle Lockout Interval 4
          #@TestPreamble     none
          #@TestStep         Step 1. Enable Last Login Attribute set
                             last-login-time-attribute to ds-pwp-last-login-time
          #@TestStep         Step 2. Admin Resetting Idle Lockout Interval
                             set idllockout-interval to 0 s
          #@TestStep         Step 3. User Binding SearchObject returns 0
          #@TestStep         Step 4. Sleep sleepForMilliSeconds 60000
          #@TestStep         Step 5. User Binding SearchObject returns 0
          #@TestPostamble    none
          #@TestResult       Success if the 5 steps are PASS
        -->

        <testcase name="getTestCaseName('Reset Idle Lockout 4')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -804,7 +1004,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -826,7 +1026,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -838,7 +1038,22 @@
          </sequence>
        </testcase>

        <!--- Test Case : Long Idle Lockout Interval -->
        <!--- Test Case information
          #@TestMarker          Last Login
          #@TestName            Long Idle Lockout Interval Disabled Last Login 2
          #@TestIssue           none
          #@TestPurpose         Long Idle Lockout Interval Disabled Last Login 2
          #@TestPreamble        none
          #@TestStep            Step 1. Disable Last Login set
                                last-login-time-format to reset
          #@TestStep            Step 2. Check User Bind SearchObject returns 0
          #@TestStep            Step 3. Admin Changing Idle Lockout Interval
                                set idle-lockout-interval to 50 s
          #@TestStep            Step 4. User Binding SearchObject returns 49
          #@TestPostamble       none
          #@TestResult          Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Idle Lockout - Disabled Last Login 2')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -863,7 +1078,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -891,7 +1106,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -904,7 +1119,24 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin Reset Idle Lockout Interval 5
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval 5
            #@TestPreamble        none
            #@TestStep            Step 1. Enable Last Login Attribute set
                                  last-login-time-format to EEE, MMM dd, 
                                  yyyy HH:mm:ss
            #@TestStep            Step 2. Admin Resetting Idle Lockout Interval
                                  set idle-lockout-interval to 0 s
            #@TestStep            Step 3. User Binding SearchObject returns 0
            #@TestStep            Step 4. Sleep sleepForMilliSeconds to 60000
            #@TestStep            Step 5. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 5 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Reset Idle Lockout 5')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -943,7 +1175,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -966,7 +1198,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -978,7 +1210,24 @@
          </sequence>
        </testcase>

        <!--- Test Case : Long Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Long Idle Lockout Interval - Repeat
            #@TestIssue           none
            #@TestPurpose         Long Idle Lockout Interval - Repeat
            #@TestPreamble        none
            #@TestStep            Step 1. Check User Bind SearchObject returns 0
            #@TestStep            Step 2. Admin Changing Idle Lockout Interval
                                  set idle-lockout-interval to 50 s
            #@TestStep            Step 3. User Binding Before Idle Lockout
                                  SearchObject returns 0
            #@TestStep            Step 4. Sleep sleepForMilliSeconds to 60000
            #@TestStep            Step 5. User Binding After Idle Lockout
                                  SearchObject returns 49
            #@TestPostamble       none
            #@TestResult          Success if the 5 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Idle Lockout - Repeat')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -989,7 +1238,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -1017,7 +1266,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -1041,7 +1290,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1054,7 +1303,21 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin Reset Idle Lockout Interval 6
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval 6
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Resetting Idle Lockout Interval
                                  set idle-lockout-interval to 0 s
            #@TestStep            Step 2. User Binding SearchObject returns 0
            #@TestStep            Step 3. Sleep sleepForMilliSeconds to 60000
            #@TestStep            Step 4. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Reset Idle Lockout 6')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -1079,7 +1342,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1103,7 +1366,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'newdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1115,7 +1378,26 @@
          </sequence>
        </testcase>

        <!--- Test Case : Long Idle Lockout Interval -->
        <!--- Test Case information
          #@TestMarker        Last Login
          #@TestName          Long Idle Lockout Interval - Pwd Change Override 2
          #@TestIssue         none
          #@TestPurpose       Long Idle Lockout Interval - Pwd Change Override 2
         SearchObject returns 0
          #@TestPreamble      none
          #@TestStep          Step 1. Check User Bind SearchObject returns 0
          #@TestStep          Step 2. Admin Changing Idle Lockout Interval
                              set idle-lockout-interval to 50 s
          #@TestStep          Step 3. User Binding Before Idle Lockout
                              SearchObject returns 0
          #@TestStep          Step 4. Sleep sleepForMilliSeconds to 60000
          #@TestStep          Step 5. User Changing Password
          #@TestStep          Step 6. User Binding After Idle Lockout
                              SearchObject returns 0
          #@TestPostamble     none
          #@TestResult        Success if the 6 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Idle Lockout - Pwd Change Override 2')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -1126,7 +1408,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -1155,7 +1437,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'newdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -1175,15 +1457,13 @@
               'Security: Last Login: Long Idle Lockout - Pwd Change Override 2 Step 5. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=jreuter,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'anotherdestroy' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=jreuter,%s' % basedn ,
                    'dsNewPassword'          : 'anotherdestroy' }
            </call>
            
            <message>
@@ -1193,7 +1473,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'anotherdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1205,7 +1485,21 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Admin Reset Idle Lockout Interval 7
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval 7
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Resetting Idle Lockout Interval
                                  set idle-lockout-interval to 0 s
            #@TestStep            Step 2. User Binding SearchObject returns 0
            #@TestStep            Step 3. Sleep sleepForMilliSeconds 60000
            #@TestStep            Step 4. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Reset Idle Lockout 7')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -1230,7 +1524,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'anotherdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1254,7 +1548,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'anotherdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1266,7 +1560,26 @@
          </sequence>
        </testcase>

        <!--- Test Case : Long Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Long Idle Lockout - Pwd Change Override 3
            #@TestIssue           none
            #@TestPurpose         Long Idle Lockout - Pwd Change Override 3
            #@TestPreamble        none
            #@TestStep            Step 1. Disable Last Login set
                                  last-login-time-format to reset
            #@TestStep            Step 2. Check User Bind SearchObject returns 0
            #@TestStep            Step 3. Admin Changing Idle Lockout Interval
                                  set idle-lockout-interval to 50 s
            #@TestStep            Step 4. User Binding Before Idle Lockout
                                  SearchObject returns 49
            #@TestStep            Step 5. Admin Changing Password
            #@TestStep            Step 6. User Binding After Admin Pwd Change
                                  SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 6 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Idle Lockout - Pwd Change Override 3')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -1291,7 +1604,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'anotherdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -1320,7 +1633,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                'dsInstancePswd'   : 'anotherdestroy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -1332,15 +1645,13 @@
               'Security: Last Login: Long Idle Lockout - Pwd Change Override 3 Step 5. Admin Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=jreuter,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'lastdestroy' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=jreuter,%s' % basedn ,
                    'dsNewPassword'          : 'lastdestroy' }
            </call>
            
            <message>
@@ -1350,7 +1661,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'lastdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1362,7 +1673,23 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Reset Idle Lockout Interval -->
        <!--- Test Case information
            #@TestMarker          Last Login
            #@TestName            Postamble Admin Reset Idle Lockout Interval
            #@TestIssue           none
            #@TestPurpose         Admin Reset Idle Lockout Interval
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Resetting Idle Lockout Interval
                                  set idle-lockout-interval'  to 0 s 
            #@TestStep            Step 2. Admin Disabling Last Login Time 
                                  Attribute last-login-time-attribute to reset
            #@TestStep            Step 3. User Binding SearchObject returns 0
            #@TestStep            Step 4. Sleep sleepForMilliSeconds 60000
            #@TestStep            Step 5. User Binding SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the 5 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Postamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -1401,7 +1728,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'lastdestroy',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -1425,7 +1752,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=jreuter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=jreuter,%s' % basedn ,
                  'dsInstancePswd'   : 'lastdestroy' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,

 opends/tests/functional-tests/testcases/security/pwd_policy/security_lockout_duration.xml

@@ -32,7 +32,41 @@
  <function name="lockout_duration">

      <sequence>
        
         <!--- Test Suite information
           #@TestSuiteName       Lockout Duration
           #@TestSuitePurpose    Test Lockout Duration in Password Policy
           #@TestSuiteGroup      Lockout Duration
           #@TestScript          security_lockout_duration.xml
          -->
 
    <!--- Define default value for basedn -->
          <script>
            basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
          </script>

         
        <!--- Test Case information
           #@TestMarker         Lockout Duration
           #@TestName           Preamble
           #@TestIssue          none
           #@TestPurpose        Preamble
           #@TestPreamble       none
           #@TestStep           Step 1. Checking existence of 
                                ds-cfg-lockout-duration compareEntry returns 0
           #@TestStep           Step 2. Admin Changing Lockout Count
                                set lockout-failure-count to 3 
           #@TestStep           Step 3. User Lockout With Bad Pwd 3x 
                                SearchObject returns 49 (3x with bad, 
                                1x with correct one)
           #@TestStep           Step 4. Admin Resetting User Pwd
           #@TestStep           Step 5. User Bind With New Password
                                SearchObject returns 0
           #@TestPostamble      none
           #@TestResult         Success if the 5 steps are PASS
        -->
        
        
        <testcase name="getTestCaseName('Preamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -75,7 +109,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -88,15 +122,13 @@
               'Security: Lockout Duration: Preamble Step 4. Admin Resetting User Pwd'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=mward,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'adminnormal' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mward,%s' % basedn ,
                    'dsNewPassword'          : 'adminnormal' }
            </call>
            
            <message>
@@ -106,7 +138,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : 'adminnormal' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -118,7 +150,17 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Change Lockout Cnt -->
       <!--- Test Case information
           #@TestMarker         Lockout Duration
           #@TestName           Admin Change Lockout Duration
           #@TestIssue          none
           #@TestPurpose        Admin making Lockout Duration Short
           #@TestPreamble       none
           #@TestStep           set lockout-duration to 5 s
           #@TestPostamble      none
           #@TestResult         Success if the 5 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Make Lockout Duration Short')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -141,7 +183,24 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Change Lockout Duration -->
       <!--- Test Case information
           #@TestMarker         Lockout Duration
           #@TestName           Testing Lockout Duration Short
           #@TestIssue          none
           #@TestPurpose        Testing Lockout Duration Short
           #@TestPreamble       none
           #@TestStep           Step 1. User Lockout with Bad Pwd 3x 
                                SearchObject returns 49 (3x with bad, 
                                1x with correct one)
                                Sleeping sleepForMilliSeconds 8000
           #@TestStep           Step 2. User Changing Password returns 0
           #@TestStep           Step 3. Admin Resetting User Pwd
           #@TestStep           Step 4. User Bind With New Password
                                SearchObject returns 0
           #@TestPostamble      none
           #@TestResult         Success if the 4 steps are PASS
        -->        
        
        <testcase name="getTestCaseName('Short Lockout Duration')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -157,7 +216,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -178,15 +237,13 @@
               'Security: lockout Duration: Short Lockout Duration Step 2. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=mward,%s' % basedn ,
                    'dsInstancePswd'         : 'adminnormal' ,
                    'DNToModify'             : 'uid=mward,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newnormal' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mward,%s' % basedn ,
                    'dsNewPassword'          : 'newnormal' }
            </call>
            
            <message>
@@ -196,7 +253,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : 'newnormal' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -208,7 +265,17 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Change Lockout Cnt -->
     <!--- Test Case information
           #@TestMarker         Lockout Duration
           #@TestName           Admin Change Lockout Duration
           #@TestIssue          none
           #@TestPurpose        Admin making Lockout Duration Long
           #@TestPreamble       none
           #@TestStep           set lockout-duration to 5 days
           #@TestPostamble      none
           #@TestResult         Success if the step is PASS
        -->
        
        <testcase name="getTestCaseName('Make Lockout Duration Long')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -231,7 +298,25 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Change Lockout Duration -->
 
        <!--- Test Case information
           #@TestMarker         Lockout Duration
           #@TestName           Testing Lockout Duration Long
           #@TestIssue          none
           #@TestPurpose        Testing Lockout Duration Long
           #@TestPreamble       none
           #@TestStep           Step 1. User Initial Bind returns 0
           #@TestStep           Step 2. User Lockout with Bad Pwd 3x 
                                SearchObject returns 49 (3x with bad, 
                                1x with correct one)
                                Sleeping sleepForMilliSeconds 8000
           #@TestStep           Step 3. User Changing Password returns 49
           #@TestStep           Step 4. User Bind With New Password
                                SearchObject returns 49
           #@TestPostamble      none
           #@TestResult         Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Long Lockout Duration')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -242,7 +327,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=bjablons,%s' % basedn ,
                  'dsInstancePswd'   : 'strawberry' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -261,7 +346,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=bjablons,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -282,15 +367,13 @@
               'Security: lockout Duration: Long Lockout Duration Step 3. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=bjablons,%s' % basedn ,
                    'dsInstancePswd'         : 'strawberry' ,
                    'DNToModify'             : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newberry' ,
                    'changetype'             : 'replace' ,
                    'dsAuthzID'              : 'dn:uid=bjablons,%s' % basedn ,
                    'dsNewPassword'          : 'newberry' ,
                    'expectedRC'             : 49 }
            </call>
            
@@ -301,7 +384,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=bjablons,%s' % basedn ,
                  'dsInstancePswd'   : 'newberry' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -314,6 +397,25 @@
          </sequence>
        </testcase>


        <!--- Test Case information
           #@TestMarker         Lockout Duration
           #@TestName           Postamble
           #@TestIssue          none
           #@TestPurpose        Postamble
           #@TestPreamble       none
           #@TestStep           Step 1. Admin resetting Lockout Duration to 0
           #@TestStep           Step 2. User Lockout with Bad Pwd 3x 
                                SearchObject returns 49 (3x with bad, 
                                1x with correct one)
                                Sleeping sleepForMilliSeconds 8000
           #@TestStep           Step 3. User Changing Password returns 0
           #@TestStep           Step 4. User Bind With New Password
                                SearchObject returns 0
           #@TestPostamble      none
           #@TestResult         Success if the 4 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Postamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -343,7 +445,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -356,15 +458,13 @@
               'Security: Lockout Duration: Postamble Step 3. Admin Resetting User Pwd'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : DIRECTORY_INSTANCE_DN ,
                    'dsInstancePswd'         : DIRECTORY_INSTANCE_PSWD ,
                    'DNToModify'             : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'normal' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=mward,%s' % basedn ,
                    'dsNewPassword'          : 'normal' }
            </call>
            
            <message>
@@ -374,7 +474,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=mward,%s' % basedn ,
                  'dsInstancePswd'   : 'normal' ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,

 opends/tests/functional-tests/testcases/security/pwd_policy/security_lockout_fail_cnt.xml

@@ -32,13 +32,40 @@
  <function name="lockout_fail_cnt">

      <sequence>
        
          <!--- Test Suite information
            #@TestSuiteName       Lockout Failure Count
            #@TestSuitePurpose    Test the password Policy Lockout Failure Count
            #@TestSuiteGroup      Lockout Failure Count
            #@TestScript          security_lockout_fail_cnt.xml
          -->
          
   <!--- Define default value for basedn,basepwp, msg -->
   <script>
   basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
   basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
   msg = 'Security: Lockout Fail Cnt:'
   </script>

        <!--- Test Case : Preamble 1 - Check Default-->
        <!--- Test Case information
          #@TestMarker          Lockout Failure Count
          #@TestName            Test Preamble
          #@TestIssue           none
          #@TestPurpose         Check Default value ds-cfg-lockout-failure-count
          #@TestPreamble        none
          #@TestStep            Step 1. Check for existence of
                                ds-cfg-lockout-failure-count and value is 0
          #@TestStep            Step 2. Default Bind With Bad Pwd 3x RC 49
                                then User search with good password returns 0
          #@TestPostamble       none
          #@TestResult          Success if the 2 steps are PASS
        -->
          
        <testcase name="getTestCaseName('Preamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Lockout Fail Cnt: Preamble Step 1. Check for existence of ds-cfg-lockout-failure-count'
'%s Preamble Step 1. Check for existence of ds-cfg-lockout-failure-count' % msg
            </message>

            <call function="'compareEntry'">
@@ -47,11 +74,11 @@
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'    : 'ds-cfg-lockout-failure-count:0',
                'entryToBeCompared'   : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
                'entryToBeCompared'   : basepwp }
            </call>

            <message>
               'Security: Lockout Fail Cnt: Preamble Step 2. Default Bind With Bad Pwd 3x'
'%s Preamble Step 2. Default Bind With Bad Pwd 3x' % msg
            </message>

            <script>
@@ -62,7 +89,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -74,7 +101,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                  'dsInstancePswd'   : 'oranges',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -85,7 +112,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Amin Change Lockout Cnt -->
        <!--- Test Case information
          #@TestMarker          Lockout Failure Count
          #@TestName            Admin Change Lockout Count
          #@TestIssue           none
          #@TestPurpose         Admin Change Lockout Count
          #@TestPreamble        none
          #@TestStep            Admin Changing Lockout Count set
                                lockout-failure-count to 3
          #@TestPostamble       none
          #@TestResult          Success if modifyPwdPolicy returns 0.
        -->

        <testcase name="getTestCaseName('Admin Change Lockout Cnt')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -108,12 +146,22 @@
          </sequence>
        </testcase>

        <!--- Test Case : Lockout With Bad Pwd 3x -->
        <!--- Test Case information
          #@TestMarker          Lockout Failure Count
          #@TestName            Lockout With Bad Pwd 3x
          #@TestIssue           none
          #@TestPurpose         Lockout With Bad Pwd 3x
          #@TestPreamble        none
          #@TestStep            Lockout With Bad Pwd 3x SearchObject RC 49 3x
          #@TestPostamble       none
          #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Lockout With Bad Pwd 3x')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Lockout Fail Cnt: Lockout With Bad Pwd 3x'
               '%s Lockout With Bad Pwd 3x' % msg
            </message>

            <script>
@@ -124,7 +172,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -138,12 +186,26 @@
          </sequence>
        </testcase>

        <!--- Test Case : Postamble Reset -->
        <!--- Test Case information
          #@TestMarker        Lockout Failure Count
          #@TestName          Postamble Reset
          #@TestIssue         none
          #@TestPurpose       Reseting the Password policy and verify it
          #@TestPreamble      none
          #@TestStep          Step 1. Admin Resetting Lockout Fail Count
                              set lockout-failure-count to 0
          #@TestStep          Step 2. Check Bind With Previous User Lockout RC 0
          #@TestStep          Step 3. Check Bind With Bad Pwd 3x RC 49 3x
                              then User search with good password returns 0
          #@TestPostamble     none
          #@TestResult        Success if the 3 steps are PASS
        -->
        
        <testcase name="getTestCaseName('Postamble Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Lockout Fail Cnt: Postamble Reset: Step 1. Admin Resetting Lockout Fail Count'
'%s Postamble Reset: Step 1. Admin Resetting Lockout Fail Count' % msg
            </message>

            <call function="'modifyPwdPolicy'">
@@ -157,14 +219,14 @@
            </call>
            
            <message>
               'Security: Lockout Fail Cnt: Postamble Step 2. Check Bind With Previous User Lockout'
'%s Postamble Step 2. Check Bind With Previous User Lockout' % msg
            </message>

            <!--- Check Lockouted User -->
           <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=bhall,%s' % basedn ,
                'dsInstancePswd'   : 'oranges' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -172,7 +234,7 @@
            </call>

            <message>
               'Security: Lockout Fail Cnt: Postamble Step 3. Check Bind With Bad Pwd 3x'
      '%s Postamble Step 3. Check Bind With Bad Pwd 3x' % msg
            </message>

            <script>
@@ -183,7 +245,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=gfarmer,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=gfarmer,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -195,7 +257,7 @@
            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=gfarmer,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=gfarmer,%s' % basedn ,
                  'dsInstancePswd'   : 'ruling',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,

 opends/tests/functional-tests/testcases/security/pwd_policy/security_min_pwd_age.xml

@@ -32,8 +32,30 @@
  <function name="min_pwd_age">

      <sequence>
        
         <!--- Test Suite information
            #@TestSuiteName       Minimum Password Age
            #@TestSuitePurpose    Test the Password Policy Minimum Password Age
            #@TestSuiteGroup      Minimum Password Age
            #@TestScript          security_min_pwd_age.xml
          -->

        <!--- Test Case : Preamble Check -->
        <!--- Define default value for basedn -->
          <script>
            basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
          </script>

          <!--- Test Case information
            #@TestMarker          Minimum Password Age
            #@TestName            Test Preamble
            #@TestIssue           none
            #@TestPurpose         Checking existence of ds-cfg-min-password-age
            #@TestPreamble        none
            #@TestStep            Checking existence of ds-cfg-min-password-age
            #@TestPostamble       none
            #@TestResult          Success if compareEntry returns 0.
          -->
          
        <testcase name="getTestCaseName('Preamble Check')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -55,7 +77,22 @@
          </sequence>
        </testcase>

        <!--- Test Case : Test -->
                  <!--- Test Case information
            #@TestMarker          Minimum Password Age
            #@TestName            Test Minimum Password Age
            #@TestIssue           none
            #@TestPurpose         Test Minimum Password Age
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Enabling Minimum Pwd Age
                                  set min-password-age to 24 h
            #@TestStep            Step 2. User Changing Password
                                  ldapPasswordModifyWithScript returns 53
            #@TestStep            Step 3. User Searching With Password
                                  SearchObject returns 49
            #@TestPostamble       none
            #@TestResult          Success if the 3 steps are PASS
          -->
          
        <testcase name="getTestCaseName('Test')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -78,15 +115,13 @@
               'Security: Min Pwd Age: Test: Step 2. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=dmiller,%s' % basedn ,
                    'dsInstancePswd'         : 'gosling' ,
                    'DNToModify'             : 'uid=dmiller,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newgosling' ,
                    'changetype'             : 'replace' ,
                    'dsAuthzID'              : 'dn:uid=dmiller,%s' % basedn ,
                    'dsNewPassword'          : 'newgosling' ,
                    'expectedRC'             : 53  }
            </call>
            
@@ -98,7 +133,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=dmiller,%s' % basedn ,
                'dsInstancePswd'   : 'newgosling' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -110,7 +145,23 @@
          </sequence>
        </testcase>

        <!--- Test Case : Postamble Reset -->
        
          <!--- Test Case information
            #@TestMarker          Minimum Password Age
            #@TestName            Postamble Reset
            #@TestIssue           none
            #@TestPurpose         Reseting the password Policy
            #@TestPreamble        none
            #@TestStep            Step 1. Admin Disabling Minimum Pwd Age
                                  set min-password-age to 0 s
            #@TestStep            Step 2. User Changing Password RC 0
            #@TestStep            Step 3. User Searching With Password RC 0
            #@TestStep            Step 4. User Changing Password RC 0
            #@TestStep            Step 5. User Searching With Password RC 0
            #@TestPostamble       none
            #@TestResult          Success if  returns 0.
          -->
          
        <testcase name="getTestCaseName('Postamble Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -132,15 +183,13 @@
               'Security: Min Pwd Age: Postamble Reset: Step 2. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=dmiller,%s' % basedn ,
                    'dsInstancePswd'         : 'gosling' ,
                    'DNToModify'             : 'uid=dmiller,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'newgosling' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=dmiller,%s' % basedn ,
                    'dsNewPassword'          : 'newgosling' }
            </call>
            
            <!--- User Search With Password -->
@@ -151,7 +200,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=dmiller,%s' % basedn ,
                'dsInstancePswd'   : 'newgosling' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -163,15 +212,13 @@
               'Security: Min Pwd Age: Postamble Reset: Step 4. User Changing Password'
            </message>

            <call function="'modifyAnAttribute'">
            <call function="'ldapPasswordModifyWithScript'">
                  { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                    'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                    'dsInstanceDn'           : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'dsInstanceDn'           : 'uid=dmiller,%s' % basedn ,
                    'dsInstancePswd'         : 'newgosling' ,
                    'DNToModify'             : 'uid=dmiller,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                    'attributeName'          : 'userpassword' ,
                    'newAttributeValue'      : 'gosling' ,
                    'changetype'             : 'replace'  }
                    'dsAuthzID'              : 'dn:uid=dmiller,%s' % basedn ,
                    'dsNewPassword'          : 'gosling' }
            </call>
            
            <!--- User Search With Password -->
@@ -182,7 +229,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=dmiller,%s' % basedn ,
                'dsInstancePswd'   : 'gosling' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,

 opends/tests/functional-tests/testcases/security/pwd_policy/security_mult_pwd_policies.xml

@@ -33,12 +33,39 @@

      <sequence>

        <!--- Test Case : Preamble 1 - Add New Passwords Policy-->
         <!--- Test Suite information
            #@TestSuiteName       Multiple Password Policies
            #@TestSuitePurpose    Test Multiple Password Policies
            #@TestSuiteGroup      Multiple Password Policies
            #@TestScript          security_mult_pwd_policies.xml
          -->
          
   <!--- Define default value for basedn, msg1, msg2 -->
   <script>
   basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
   msg1 = 'default-password-storage-scheme:Salted SHA-1'
   msg2 = 'password-attribute:userPassword'
   </script>

          
        <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Add New Password Policy
            #@TestIssue           none
            #@TestPurpose         Preamble - Add Sales Password Policy
            #@TestPreamble        none
            #@TestStep            with dsconfig create-password-policy Sales 
                                  Password Policy and set 
                                  default-password-storage-schemeSalted SHA-1
            #@TestPostamble       none
            #@TestResult          Success if dsconfig returns 0
        -->
        
        <testcase name="getTestCaseName('Preamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Mult Pwd Policies: Preamble - Add Sales Password Policy'
             'Security: Mult Pwd Policies: Preamble - Add Sales Password Policy'
            </message>

            <call function="'dsconfig'">
@@ -46,38 +73,50 @@
              'dsInstancePort'       : DIRECTORY_INSTANCE_PORT ,
              'dsInstanceDn'         : DIRECTORY_INSTANCE_DN ,
              'dsInstancePswd'       : DIRECTORY_INSTANCE_PSWD ,
              'subcommand'           : 'create-password-policy' ,    
              'subcommand'           : 'create-password-policy' ,
              'objectType'           : 'policy-name' ,
              'objectName'           : 'Sales Password Policy',
              'optionsString'        : '--set "default-password-storage-scheme:Salted SHA-1" --set password-attribute:userPassword',
              'expectedRC'           : 0 } 
            </call>          
              'optionsString'        : '--set "%s" --set %s' % (msg1,msg2),
              'expectedRC'           : 0 }
            </call>
            
            <call function="'testCase_Postamble'"/>
            
          </sequence>
        </testcase>

        <!--- Test Case : Add Entry With New Password Policy -->
        <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Adding New Entry With Sales Password Policy
            #@TestIssue           none
            #@TestPurpose         Adding New Entry With Sales Password Policy
            #@TestPreamble        none
            #@TestStep            addEntry add_sales_person.ldif
                                  SearchObject with uid=sguy returns 0
                                  SearchObject with uid=sgal eturns 0
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        <testcase name="getTestCaseName('Add New Entry')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Mult Pwd Policies: Adding New Entry With Sales Password Policy'
      'Security: Mult Pwd Policies: Adding New Entry With Sales Password Policy'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/security/pwd_policy/add_sales_person.ldif' % logsRemoteDataDir }
         { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
           'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
           'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
           'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
           'entryToBeAdded'   : '%s/security/pwd_policy/add_sales_person.ldif' \
                                % logsRemoteDataDir }
            </call>

             <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=sguy,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=sguy,%s' % basedn ,
                'dsInstancePswd'   : 'superguy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -87,7 +126,7 @@
             <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=sgal,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=sgal,%s' % basedn ,
                'dsInstancePswd'   : 'supergal' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -99,7 +138,19 @@
          </sequence>
        </testcase>

        <!--- Test Case : Modify Sales Pwd Policy -->
        <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Modify Sales Pwd Policy
            #@TestIssue           none
            #@TestPurpose         Admin Changing Sales Lockout Count
            #@TestPreamble        none
            #@TestStep            Admin Changing Sales Lockout Count
                                  modifyPwdPolicy for Sales Password Policy
                                  set lockout-failure-count to 3
            #@TestPostamble       none
            #@TestResult          Success if modifyPwdPolicy returns 0
        -->
        
        <testcase name="getTestCaseName('Modify Sales Pwd Policy')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -123,12 +174,24 @@
        </testcase>

            
        <!--- Test Case : Test Sales Password Policy -->
         <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Test Sales Password Policy
            #@TestIssue           none
            #@TestPurpose         Test Sales Password Policy
            #@TestPreamble        none
            #@TestStep            Testing Sales Pwd Policy with Lockout Count
                                  search with bad pwd 3x good pwd 1x
                                  SearchObject returns 49 4x
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Test Sales Pwd Policy')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
      'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
            </message>

            <script>
@@ -139,7 +202,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=sguy,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=sguy,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -152,12 +215,25 @@
          </sequence>
        </testcase>

        <!--- Test Case : Test Default Password Policy -->
        <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Testing Default Pwd Policy with Lockout Count
            #@TestIssue           none
            #@TestPurpose         Testing Default Pwd Policy with Lockout Count
            #@TestPreamble        none
            #@TestStep            Testing Default Pwd Policy with Lockout Count
                                  search with bad pwd 3x good pwd 1x
                                  SearchObject returns 49 3x
                                  SearchObject returns 0 1x
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Test Default Pwd Policy')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Mult Pwd Policies: Testing Default Pwd Policy with Lockout Count'
    'Security: Mult Pwd Policies: Testing Default Pwd Policy with Lockout Count'
            </message>

            <script>
@@ -168,7 +244,7 @@
              <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=tclow,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                  'dsInstanceDn'     : 'uid=tclow,%s' % basedn ,
                  'dsInstancePswd'   : '%s' % pwds ,
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
@@ -180,7 +256,7 @@
            <call function="'SearchObject'">
    { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
      'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
      'dsInstanceDn'     : 'uid=tclow,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
      'dsInstanceDn'     : 'uid=tclow,%s' % basedn ,
      'dsInstancePswd'   : 'cardreader' ,
      'dsBaseDN'         : 'dc=example,dc=com' ,
      'dsFilter'         : 'objectclass=*'  ,
@@ -192,7 +268,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Delete Sales Pwd Policy -->
        <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Delete Sales Pwd Policy
            #@TestIssue           none
            #@TestPurpose         Admin Deleting Sales Lockout Count
            #@TestPreamble        none
            #@TestStep            Admin Deleting Sales Lockout Count
                                  dsconfig delete Sales Password Policy
            #@TestPostamble       none
            #@TestResult          Success if dsconfig returns 0
        -->
        
        <testcase name="getTestCaseName('Delete Sales Pwd Policy')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -216,18 +303,28 @@
          </sequence>
        </testcase>

        <!--- Test Case : Test Sales Password Policy 2-->
        <!--- Test Case information
            #@TestMarker          Multiple Password Policies
            #@TestName            Test Sales Pwd Policy after Remove
            #@TestIssue           none
            #@TestPurpose         Test Sales Pwd Policy after Remove
            #@TestPreamble        none
            #@TestStep            Testing Sales Pwd Policy after removing it
            #@TestPostamble       none
            #@TestResult          Success if SearchObject returns 80 (Other)
        -->
        
        <testcase name="getTestCaseName('Test Sales Pwd Policy 2')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
      'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
            </message>

            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=sgal,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=sgal,%s' % basedn ,
                'dsInstancePswd'   : 'supergal' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,

 opends/tests/functional-tests/testcases/security/pwd_policy/security_preencoded_pwds.xml

@@ -33,12 +33,39 @@

      <sequence>

        <!--- Test Case : Preamble 1 - Check Default-->
         <!--- Test Suite information
           #@TestSuiteName       Preencoded Passwords
           #@TestSuitePurpose    Test Preencoded Passwords in Password Policy
           #@TestSuiteGroup      Preencoded Passwords
           #@TestScript          security_preencoded_pwds.xml
          -->
                 
     <!--- Define default value for basedn -->
     <script>
     basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
     basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
     msg1 = 'Security: Preencoded Pwds: Preamble'
     </script>
     
     
        <!--- Test Case information
            #@TestMarker          Preencoded Passwords
            #@TestName            Preamble Check Default
            #@TestIssue           none
            #@TestPurpose         Preamble Check Default
            #@TestPreamble        none
            #@TestStep            Check for existence of 
                                  ds-cfg-allow-pre-encoded-passwords
                                  and value is set to false
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Preamble')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Preencoded Pwds: Preamble - Check for existence of ds-cfg-allow-pre-encoded-passwords'
'%s - Check for existence of ds-cfg-allow-pre-encoded-passwords' % msg1
            </message>

            <call function="'compareEntry'">
@@ -46,8 +73,8 @@
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'attrToBeCompared'   : 'ds-cfg-allow-pre-encoded-passwords:false',
                'entryToBeCompared'   : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
                'attrToBeCompared' : 'ds-cfg-allow-pre-encoded-passwords:false',
                'entryToBeCompared': basepwp }
            </call>

            <call function="'testCase_Postamble'"/>
@@ -55,29 +82,41 @@
          </sequence>
        </testcase>

        <!--- Test Case : Add Entry With Pre-encoded Password -->
        <!--- Test Case information
            #@TestMarker          Preencoded Passwords
            #@TestName            Add Entry With Pre-encoded Password
            #@TestIssue           none
            #@TestPurpose         Adding New Entry With a Pre-encoded Password
            #@TestPreamble        none
            #@TestStep            addEntry add_entry_preencoded_pwd.ldif RC 53
                                  SearchObject returns 49
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Default - Add New Entry')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Preencoded Pwds: Adding New Entry With a Pre-encoded Password'
      'Security: Preencoded Pwds: Adding New Entry With a Pre-encoded Password'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/security/pwd_policy/add_entry_preencoded_pwd.ldif' % logsRemoteDataDir ,
                'expectedRC'       : 53 }
            </call>
   <call function="'addEntry'">
 { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
   'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
   'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
   'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
   'entryToBeAdded'   : '%s/security/pwd_policy/add_entry_preencoded_pwd.ldif' \
                        % logsRemoteDataDir ,
   'expectedRC'       : 53 }
   </call>

             <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=pguy,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=pguy,%s' % basedn ,
                'dsInstancePswd'   : 'superguy' ,
                'dsBaseDN'   : 'dc=example,dc=com' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
                'extraParams'      : '-s base' ,
                'expectedRC'       : 49 }
@@ -88,7 +127,17 @@
          </sequence>
        </testcase>

        <!--- Test Case : Enable Pre-encoded Passwords -->
        <!--- Test Case information
            #@TestMarker          Preencoded Passwords
            #@TestName            Enable Pre-encoded Passwords in pwd policy
            #@TestIssue           none
            #@TestPurpose         Admin Enabling Preencoded Pwds
            #@TestPreamble        none
            #@TestStep            set allow-pre-encoded-passwords to true
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Enable Preencoded Pwds')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -111,27 +160,38 @@
          </sequence>
        </testcase>

            
        <!--- Test Case : Test Enabled Pre-encoded Passwords -->
         <!--- Test Case information
            #@TestMarker          Preencoded Passwords
            #@TestName            Test Enabled Pre-encoded Passwords
            #@TestIssue           none
            #@TestPurpose         Test Enabled Pre-encoded Passwords
            #@TestPreamble        none
            #@TestStep            addEntry add_entry_preencoded_pwd.ldif RC 0
                                  SearchObject returns 0
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->           

        <testcase name="getTestCaseName('Enabled - Add New Entry')">
          <sequence>
            <call function="'testCase_Preamble'"/>
            <message>
               'Security: Preencoded Pwds: Add New Entry With Pre-encoded Password'
           'Security: Preencoded Pwds: Add New Entry With Pre-encoded Password'
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/security/pwd_policy/add_entry_preencoded_pwd.ldif' % logsRemoteDataDir }
            </call>
   <call function="'addEntry'">
 { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
   'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
   'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
   'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
   'entryToBeAdded'   : '%s/security/pwd_policy/add_entry_preencoded_pwd.ldif' \
                        % logsRemoteDataDir }
   </call>

             <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=pguy,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=pguy,%s' % basedn ,
                'dsInstancePswd'   : 'superguy' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,
@@ -143,7 +203,18 @@
          </sequence>
        </testcase>

        <!--- Test Case : Disable Pre-encoded Passwordds -->
         <!--- Test Case information
            #@TestMarker          Preencoded Passwords
            #@TestName            Disable Pre-encoded Passwords
            #@TestIssue           none
            #@TestPurpose         Admin Disabling Pre-encoded Passwords
            #@TestPreamble        none
            #@TestStep            Disable Pre-encoded Passwordds 0
                                  SearchObject returns 49
            #@TestPostamble       none
            #@TestResult          Success if the test is PASS
        -->
        
        <testcase name="getTestCaseName('Disable Preencoded Pwds')">
          <sequence>
            <call function="'testCase_Preamble'"/>
@@ -164,7 +235,7 @@
            <call function="'SearchObject'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : 'uid=pgal,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
                'dsInstanceDn'     : 'uid=pgal,%s' % basedn ,
                'dsInstancePswd'   : 'supergal' ,
                'dsBaseDN'         : 'dc=example,dc=com' ,
                'dsFilter'         : 'objectclass=*'  ,

 opends/tests/functional-tests/testcases/security/pwd_policy/security_pwd_policy.xml

@@ -39,7 +39,7 @@
  
          <script>
            if not CurrentTestPath.has_key('group'):
              CurrentTestPath['group']='security'                                          
              CurrentTestPath['group']='security'
            CurrentTestPath['suite']=STAXCurrentBlock
          </script>
          
@@ -60,19 +60,23 @@
                                      

          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_setup_pwd_policy.xml' % (TESTS_DIR)"/>
          file="'%s/testcases/security/pwd_policy/security_setup_pwd_policy.xml'
          % (TESTS_DIR)"/>
          <call function="'setup_pwd_policy'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_user_pwd_policy.xml' % (TESTS_DIR)"/>
          file="'%s/testcases/security/pwd_policy/security_user_pwd_policy.xml'
          % (TESTS_DIR)"/>
          <call function="'user_pwd_policy'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_force_pwd_change.xml' % (TESTS_DIR)"/>
          file="'%s/testcases/security/pwd_policy/security_force_pwd_change.xml'
          % (TESTS_DIR)"/>
          <call function="'force_pwd_change'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_force_pwd_change_all_users.xml' % (TESTS_DIR)"/>
file="'%s/testcases/security/pwd_policy/security_force_pwd_change_all_users.xml'
% (TESTS_DIR)"/>
          <call function="'force_pwd_change_all_users'" />
          <!--
          <import machine="STAF_LOCAL_HOSTNAME"
@@ -84,35 +88,43 @@
          <call function="'disable_max_pwd_age'" />
          -->
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_min_pwd_age.xml' % (TESTS_DIR)"/>
            file="'%s/testcases/security/pwd_policy/security_min_pwd_age.xml'
            % (TESTS_DIR)"/>
          <call function="'min_pwd_age'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_lockout_fail_cnt.xml' % (TESTS_DIR)"/>
          file="'%s/testcases/security/pwd_policy/security_lockout_fail_cnt.xml'
          % (TESTS_DIR)"/>
          <call function="'lockout_fail_cnt'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_grace_login.xml' % (TESTS_DIR)"/>
            file="'%s/testcases/security/pwd_policy/security_grace_login.xml'
            % (TESTS_DIR)"/>
          <call function="'grace_login'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_mult_pwd_policies.xml' % (TESTS_DIR)"/>
         file="'%s/testcases/security/pwd_policy/security_mult_pwd_policies.xml'
         % (TESTS_DIR)"/>
          <call function="'mult_pwd_policies'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_preencoded_pwds.xml' % (TESTS_DIR)"/>
          file="'%s/testcases/security/pwd_policy/security_preencoded_pwds.xml'
          % (TESTS_DIR)"/>
          <call function="'preencoded_pwds'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_lockout_duration.xml' % (TESTS_DIR)"/>
          file="'%s/testcases/security/pwd_policy/security_lockout_duration.xml'
          % (TESTS_DIR)"/>
          <call function="'lockout_duration'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_last_login.xml' % (TESTS_DIR)"/>
            file="'%s/testcases/security/pwd_policy/security_last_login.xml'
            % (TESTS_DIR)"/>
          <call function="'last_login'" />
  
          <import machine="STAF_LOCAL_HOSTNAME"
            file="'%s/testcases/security/pwd_policy/security_teardown_pwd_policy.xml' % (TESTS_DIR)"/>
       file="'%s/testcases/security/pwd_policy/security_teardown_pwd_policy.xml'
       % (TESTS_DIR)"/>
          <call function="'teardown_pwd_policy'" />
  


 opends/tests/functional-tests/testcases/security/pwd_policy/security_setup_pwd_policy.xml

@@ -41,7 +41,6 @@
            #@TestScript          security_setup_pwd_policy.xml
          -->
          
             
           <!--- Test Case information
            #@TestMarker          setup Password Policy
            #@TestName            setup: Add Initials Entries
@@ -62,11 +61,12 @@
            </message>

            <call function="'addEntry'">
              { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                'entryToBeAdded'   : '%s/security/pwd_policy/pwd_policy_startup.ldif' % logsRemoteDataDir }
        { 'dsInstanceHost'  : DIRECTORY_INSTANCE_HOST ,
          'dsInstancePort'  : DIRECTORY_INSTANCE_PORT ,
          'dsInstanceDn'    : DIRECTORY_INSTANCE_DN ,
          'dsInstancePswd'  : DIRECTORY_INSTANCE_PSWD ,
          'entryToBeAdded'  : '%s/security/pwd_policy/pwd_policy_startup.ldif'\
                              % logsRemoteDataDir }
            </call>

            <call function="'testCase_Postamble'"/>

 opends/tests/functional-tests/testcases/security/pwd_policy/security_teardown_pwd_policy.xml

@@ -33,8 +33,24 @@

      <sequence>

        <!--- Test Case : Password Policy Teardown -->
        <!--- Delete Branch -->
        <!--- Test Suite information
           #@TestSuiteName       Teardown
           #@TestSuitePurpose    Test Teardown in Password Policy
           #@TestSuiteGroup      Teardown
           #@TestScript          security_lockout_duration.xml
          -->
          
        <!--- Test Case information
           #@TestMarker         Teardown
           #@TestName           Delete Branch
           #@TestIssue          none
           #@TestPurpose        Delete Branch
           #@TestPreamble       none
           #@TestStep           DeleteEntry -x o=Pwd Policy Tests
           #@TestPostamble      none
           #@TestResult         Success if the step is PASS
        -->

        <testcase name="getTestCaseName('Postamble Reset')">
          <sequence>
            <call function="'testCase_Preamble'"/>

			@@ -33,18 +33,45 @@

			<sequence>

			<!--- Test Case : User Search With Password -->
			<!--- Test Suite information
			#@TestSuiteName Force PasswordChange All Users
			#@TestSuitePurpose Force PasswordChange All Users
			#@TestSuiteGroup Force PasswordChange All Users
			#@TestScript security_force_pwd_change_all_users.xml
			-->

			<!--- Define default value for basedn -->
			<script>
			basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
			</script>


			<!--- Test Case information
			#@TestMarker Force PasswordChange All Users
			#@TestName User Search With Password
			#@TestIssue none
			#@TestPurpose Set the Pwd Expiration Time to a past date
			#@TestPreamble none
			#@TestStep Step 1 - User Searching With Password
			#@TestStep Step 2 - Admin Enabling Exp Pwd No Warning
			set expire-passwords-without-warning to true
			#@TestStep Step 3 - Admin Setting Pwd Time Exp
			set require-change-by-time to 20061030183752.848Z
			#@TestPostamble none
			#@TestResult Success if the 3 steps are PASS
			-->

			<testcase name="getTestCaseName('Preamble Setup')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Pwd Change: Preamble Step 1 - User Searching With Password'
			'Security: Pwd Change: Preamble Step 1 - User Searching With Password'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
			'dsInstancePswd' : 'sprain' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -53,21 +80,21 @@


			<message>
			'Security: Pwd Change: Preamble Step 2 - Admin Enabling Exp Pwd No Warning'
			'Security: Pwd Change: Preamble Step 2 - Admin Enabling Exp Pwd No Warning'
			</message>

			<call function="'modifyPwdPolicy'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'propertyName' : 'Default Password Policy' ,
			'attributeName' : 'expire-passwords-without-warning' ,
			'attributeValue' : 'true' }
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'propertyName' : 'Default Password Policy' ,
			'attributeName' : 'expire-passwords-without-warning' ,
			'attributeValue' : 'true' }
			</call>

			<message>
			'Security: Pwd Change: Preamble Step 3 -Admin Setting Pwd Time Exp'
			'Security: Pwd Change: Preamble Step 3 -Admin Setting Pwd Time Exp'
			</message>

			<call function="'modifyPwdPolicy'">
			@@ -84,7 +111,18 @@
			</sequence>
			</testcase>

			<!--- Test Case : User Search With Expired Password -->
			<!--
			- Test Case information
			#@TestMarker Force PasswordChange All Users
			#@TestName User Search With Expired Password
			#@TestIssue none
			#@TestPurpose User Search With Expired Password
			#@TestPreamble none
			#@TestStep User Search With Expired Password RC 49
			#@TestPostamble none
			#@TestResult Success if the step is PASS
			-->

			<testcase name="getTestCaseName('User Search With Exp Password')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -95,19 +133,31 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
			'dsInstancePswd' : 'sprain' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			'extraParams' : '-s base',
			'expectedRC' : 49 }
			'expectedRC' : 49 }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>

			<!--- Test Case : Admin Disable Exp Pwd No Warning -->
			<!--
			- Test Case information
			#@TestMarker Force PasswordChange All Users
			#@TestName Admin Disable Exp Pwd No Warning
			#@TestIssue none
			#@TestPurpose Admin Disable Exp Pwd No Warning
			#@TestPreamble none
			#@TestStep Admin Disabling Exp Pwd No Warning
			set expire-passwords-without-warning to false
			#@TestPostamble none
			#@TestResult Success if the step is PASS
			-->

			<testcase name="getTestCaseName('Admin Disable Exp Pwd No Warning')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -116,20 +166,32 @@
			</message>

			<call function="'modifyPwdPolicy'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'propertyName' : 'Default Password Policy' ,
			'attributeName' : 'expire-passwords-without-warning' ,
			'attributeValue' : 'false' }
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'propertyName' : 'Default Password Policy' ,
			'attributeName' : 'expire-passwords-without-warning' ,
			'attributeValue' : 'false' }
			</call>

			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>

			<!--- Test Case : User Search With Expired Password 2-->
			<!--
			- Test Case information
			#@TestMarker Force PasswordChange All Users
			#@TestName User Search With Expired Password 2
			#@TestIssue none
			#@TestPurpose User Search With Expired Password 2
			#@TestPreamble none
			#@TestStep User Searching With Expired Password 2
			SearchObject grep will expire
			#@TestPostamble none
			#@TestResult Success if the steps is PASS
			-->

			<testcase name="getTestCaseName('User Search With Exp Password 2')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -140,7 +202,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
			'dsInstancePswd' : 'sprain' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -159,7 +221,20 @@
			</sequence>
			</testcase>

			<!--- Test Case : Admin Reset Pwd Time Exp -->
			<!--
			- Test Case information
			#@TestMarker Force PasswordChange All Users
			#@TestName Admin Reset Pwd Time Exp
			#@TestIssue none
			#@TestPurpose Admin Reset Pwd Time Exp
			#@TestPreamble none
			#@TestStep Admin Resetting Pwd Time Exp
			remove require-change-by-time 20061030183752.848Z
			#@TestStep User Searching With Password SearchObject returns 0
			#@TestPostamble none
			#@TestResult Success if the 2 steps are PASS
			-->

			<testcase name="getTestCaseName('Postamble Reset')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -185,9 +260,9 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=scarter,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
			'dsInstancePswd' : 'sprain' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			'extraParams' : '-s base' }
			</call>

			@@ -32,19 +32,48 @@
			<function name="grace_login">

			<sequence>

			<!--- Test Suite information
			#@TestSuiteName Grace Login
			#@TestSuitePurpose Test the Password Policy Grace Login
			#@TestSuiteGroup Grace Login
			#@TestScript security_grace_login.xml
			-->

			<testcase name="getTestCaseName('Preamble, Admin Changing Pwd Policy Settings')">
			<!--- Define default value for basedn -->
			<script>
			basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
			basepwp ='cn=Default Password Policy,cn=Password Policies,cn=config'
			</script>


			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Admin Changing Pwd Policy Settings
			#@TestIssue none
			#@TestPurpose Admin Changing Pwd Policy Settings
			#@TestPreamble none
			#@TestStep set ds-cfg-expire-passwords-without-warning true
			ds-cfg-min-password-age 1 seconds
			ds-cfg-max-password-age 3 seconds
			ds-cfg-password-expiration-warning-interval 1 s
			ds-cfg-grace-login-count 2
			#@TestPostamble none
			#@TestResult Success if modifyAnAttribute returns 0
			-->

			<testcase name="getTestCaseName('Preamble, Admin Change Pwd Policy Settings')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-expire-passwords-without-warning:true")
			listAttrs.append("ds-cfg-min-password-age:1 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
			listAttrs.append("ds-cfg-grace-login-count:2")
			</script>
			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-expire-passwords-without-warning:true")
			listAttrs.append("ds-cfg-min-password-age:1 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
			listAttrs.append("ds-cfg-grace-login-count:2")
			</script>

			<message>
			'Security: Grace Login: Admin modifying password policy settings'
			@@ -55,7 +84,7 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
			'DNToModify' : basepwp ,
			'listAttributes' : listAttrs ,
			'changetype' : 'replace' }
			</call>
			@@ -66,17 +95,31 @@
			</sequence>
			</testcase>

			<!-- Issue 2032 -->
			<testcase name="getTestCaseName('Preamble, Admin Changing min password age beyond limit')">
			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Admin Changing min password age beyond limit
			#@TestIssue 2032
			#@TestPurpose Testing issue 2032
			#@TestPreamble none
			#@TestStep Change Pwd Policy min password age beyond limit
			set ds-cfg-min-password-age 10 seconds
			ds-cfg-max-password-age 3 seconds
			ds-cfg-password-expiration-warning-interval 1 s
			#@TestPostamble none
			#@TestResult Success if modifyAnAttribute returns 53
			-->

			<testcase name="getTestCaseName
			('Preamble, Admin Change min pwd age beyond limit')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-min-password-age:10 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
			</script>
			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-min-password-age:10 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
			</script>

			<message>
			'Security: Grace Login: Admin modifying password policy settings'
			@@ -87,7 +130,7 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
			'DNToModify' : basepwp ,
			'listAttributes' : listAttrs ,
			'changetype' : 'replace' ,
			'expectedRC' : 53 }
			@@ -99,17 +142,30 @@
			</sequence>
			</testcase>

			<!-- Issue 2032 -->
			<testcase name="getTestCaseName('Preamble, Admin Changing min password age to limit')">
			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Admin Changing min password age to limit
			#@TestIssue 2032
			#@TestPurpose Testing issue 2032
			#@TestPreamble none
			#@TestStep Change Pwd Policy min password age to limit
			set ds-cfg-min-password-age 2 seconds
			ds-cfg-max-password-age 3 seconds
			ds-cfg-password-expiration-warning-interval 1 s
			#@TestPostamble none
			#@TestResult Success if modifyAnAttribute returns 53
			-->

			<testcase name="getTestCaseName('Preamble, Admin Change min pwd age to limit')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-min-password-age:2 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
			</script>
			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-min-password-age:2 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:1 seconds")
			</script>

			<message>
			'Security: Grace Login: Admin modifying password policy settings'
			@@ -120,7 +176,7 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
			'DNToModify' : basepwp ,
			'listAttributes' : listAttrs ,
			'changetype' : 'replace' ,
			'expectedRC' : 53 }
			@@ -132,17 +188,31 @@
			</sequence>
			</testcase>

			<!-- Issue 2032 -->
			<testcase name="getTestCaseName('Preamble, Admin Changing expire warning interval beyond limit')">
			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Admin Changing expire warning interval beyond limit
			#@TestIssue 2032
			#@TestPurpose Testing issue 2032
			#@TestPreamble none
			#@TestStep Change Pwd Pol expire warning interval beyond limit
			set ds-cfg-min-password-age 1 seconds
			ds-cfg-max-password-age 3 seconds
			ds-cfg-password-expiration-warning-interval 10 s
			#@TestPostamble none
			#@TestResult Success if modifyAnAttribute returns 53
			-->

			<testcase name="getTestCaseName
			('Preamble, Admin Change expire warning interval beyond limit')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-min-password-age:1 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:10 seconds")
			</script>
			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-min-password-age:1 seconds")
			listAttrs.append("ds-cfg-max-password-age:3 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:10 seconds")
			</script>

			<message>
			'Security: Grace Login: Admin modifying password policy settings'
			@@ -153,7 +223,7 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
			'DNToModify' : basepwp ,
			'listAttributes' : listAttrs ,
			'changetype' : 'replace' ,
			'expectedRC' : 53 }
			@@ -165,6 +235,21 @@
			</sequence>
			</testcase>

			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Search Bad Pwd 4x
			#@TestIssue none
			#@TestPurpose Search Bad Pwd 4x
			#@TestPreamble none
			#@TestStep Pause 2 seconds
			#@TestStep Search Bind 1 SearchObject returns 19
			#@TestStep Search Bind 2 SearchObject returns 19
			#@TestStep Search Bind 3 SearchObject returns 49
			#@TestStep Search Bind 4 SearchObject returns 49
			#@TestPostamble none
			#@TestResult Success if the 4 steps are PASS
			-->

			<testcase name="getTestCaseName('Search Bad Pwd 4x')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -184,7 +269,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=btalbot,%s' % basedn ,
			'dsInstancePswd' : 'trident',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -199,7 +284,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=btalbot,%s' % basedn ,
			'dsInstancePswd' : 'trident',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -214,7 +299,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=btalbot,%s' % basedn ,
			'dsInstancePswd' : 'trident',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -228,7 +313,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=btalbot,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=btalbot,%s' % basedn ,
			'dsInstancePswd' : 'trident',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -241,6 +326,22 @@
			</sequence>
			</testcase>

			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Reset Pwd
			#@TestIssue none
			#@TestPurpose Reset Pwd
			#@TestPreamble none
			#@TestStep Search Bind 1 SearchObject returns 19
			#@TestStep User resetting password
			#@TestStep Admin reset max password age set
			max-password-age to 24 h
			#@TestStep Search Bind 2 SearchObject returns 0
			#@TestStep Search Bind 2 SearchObject returns 0
			#@TestPostamble none
			#@TestResult Success if the 5 steps are PASS
			-->

			<testcase name="getTestCaseName('Reset Pwd')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -252,7 +353,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
			'dsInstancePswd' : 'forsook',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -267,13 +368,13 @@
			<call function="'modifyAnAttribute'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
			'dsInstancePswd' : 'forsook' ,
			'DNToModify' : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'DNToModify' : 'uid=kwinters,%s' % basedn ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'newforsook' ,
			'changetype' : 'replace' }
			</call>
			</call>

			<message>
			'Security: Grace Login: Reset Pwd, Admin reset max password age'
			@@ -296,7 +397,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
			'dsInstancePswd' : 'newforsook',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -310,7 +411,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=kwinters,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=kwinters,%s' % basedn ,
			'dsInstancePswd' : 'newforsook',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -322,17 +423,32 @@
			</sequence>
			</testcase>

			<testcase name="getTestCaseName('Postamble, Admin Resetting Pwd Policy Settings')">
			<!--- Test Case information
			#@TestMarker Grace Login
			#@TestName Admin Resetting Pwd Policy Settings
			#@TestIssue none
			#@TestPurpose Admin Resetting Pwd Policy Settings
			#@TestPreamble none
			#@TestStep set ds-cfg-expire-passwords-without-warning to
			false ds-cfg-max-password-age 0 seconds
			ds-cfg-min-password-age 0 seconds
			ds-cfg-password-expiration-warning-interval 5 d
			ds-cfg-grace-login-count 0
			#@TestPostamble none
			#@TestResult Success if modifyAnAttribute returns 0
			-->

			<testcase name="getTestCaseName('Postamble, Admin Reset Pwd Policy Settings')">
			<sequence>
			<call function="'testCase_Preamble'"/>

			<script>
			listAttrs=[]
			listAttrs.append("ds-cfg-expire-passwords-without-warning:false")
			listAttrs.append("ds-cfg-max-password-age:0 seconds")
			listAttrs.append("ds-cfg-min-password-age:0 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:5 d")
			listAttrs.append("ds-cfg-grace-login-count:0")
			listAttrs=[]
			listAttrs.append("ds-cfg-expire-passwords-without-warning:false")
			listAttrs.append("ds-cfg-max-password-age:0 seconds")
			listAttrs.append("ds-cfg-min-password-age:0 seconds")
			listAttrs.append("ds-cfg-password-expiration-warning-interval:5 d")
			listAttrs.append("ds-cfg-grace-login-count:0")
			</script>

			<message>
			@@ -344,7 +460,7 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
			'DNToModify' : basepwp ,
			'listAttributes' : listAttrs ,
			'changetype' : 'replace' }
			</call>

			@@ -32,7 +32,41 @@
			<function name="lockout_duration">

			<sequence>

			<!--- Test Suite information
			#@TestSuiteName Lockout Duration
			#@TestSuitePurpose Test Lockout Duration in Password Policy
			#@TestSuiteGroup Lockout Duration
			#@TestScript security_lockout_duration.xml
			-->

			<!--- Define default value for basedn -->
			<script>
			basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
			</script>


			<!--- Test Case information
			#@TestMarker Lockout Duration
			#@TestName Preamble
			#@TestIssue none
			#@TestPurpose Preamble
			#@TestPreamble none
			#@TestStep Step 1. Checking existence of
			ds-cfg-lockout-duration compareEntry returns 0
			#@TestStep Step 2. Admin Changing Lockout Count
			set lockout-failure-count to 3
			#@TestStep Step 3. User Lockout With Bad Pwd 3x
			SearchObject returns 49 (3x with bad,
			1x with correct one)
			#@TestStep Step 4. Admin Resetting User Pwd
			#@TestStep Step 5. User Bind With New Password
			SearchObject returns 0
			#@TestPostamble none
			#@TestResult Success if the 5 steps are PASS
			-->


			<testcase name="getTestCaseName('Preamble')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -75,7 +109,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -88,15 +122,13 @@
			'Security: Lockout Duration: Preamble Step 4. Admin Resetting User Pwd'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=mward,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'adminnormal' ,
			'changetype' : 'replace' }
			'dsAuthzID' : 'dn:uid=mward,%s' % basedn ,
			'dsNewPassword' : 'adminnormal' }
			</call>

			<message>
			@@ -106,7 +138,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : 'adminnormal' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -118,7 +150,17 @@
			</sequence>
			</testcase>

			<!--- Test Case : Amin Change Lockout Cnt -->
			<!--- Test Case information
			#@TestMarker Lockout Duration
			#@TestName Admin Change Lockout Duration
			#@TestIssue none
			#@TestPurpose Admin making Lockout Duration Short
			#@TestPreamble none
			#@TestStep set lockout-duration to 5 s
			#@TestPostamble none
			#@TestResult Success if the 5 steps are PASS
			-->

			<testcase name="getTestCaseName('Make Lockout Duration Short')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -141,7 +183,24 @@
			</sequence>
			</testcase>

			<!--- Test Case : Amin Change Lockout Duration -->
			<!--- Test Case information
			#@TestMarker Lockout Duration
			#@TestName Testing Lockout Duration Short
			#@TestIssue none
			#@TestPurpose Testing Lockout Duration Short
			#@TestPreamble none
			#@TestStep Step 1. User Lockout with Bad Pwd 3x
			SearchObject returns 49 (3x with bad,
			1x with correct one)
			Sleeping sleepForMilliSeconds 8000
			#@TestStep Step 2. User Changing Password returns 0
			#@TestStep Step 3. Admin Resetting User Pwd
			#@TestStep Step 4. User Bind With New Password
			SearchObject returns 0
			#@TestPostamble none
			#@TestResult Success if the 4 steps are PASS
			-->

			<testcase name="getTestCaseName('Short Lockout Duration')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -157,7 +216,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -178,15 +237,13 @@
			'Security: lockout Duration: Short Lockout Duration Step 2. User Changing Password'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : 'adminnormal' ,
			'DNToModify' : 'uid=mward,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'newnormal' ,
			'changetype' : 'replace' }
			'dsAuthzID' : 'dn:uid=mward,%s' % basedn ,
			'dsNewPassword' : 'newnormal' }
			</call>

			<message>
			@@ -196,7 +253,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : 'newnormal' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -208,7 +265,17 @@
			</sequence>
			</testcase>

			<!--- Test Case : Amin Change Lockout Cnt -->
			<!--- Test Case information
			#@TestMarker Lockout Duration
			#@TestName Admin Change Lockout Duration
			#@TestIssue none
			#@TestPurpose Admin making Lockout Duration Long
			#@TestPreamble none
			#@TestStep set lockout-duration to 5 days
			#@TestPostamble none
			#@TestResult Success if the step is PASS
			-->

			<testcase name="getTestCaseName('Make Lockout Duration Long')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -231,7 +298,25 @@
			</sequence>
			</testcase>

			<!--- Test Case : Amin Change Lockout Duration -->

			<!--- Test Case information
			#@TestMarker Lockout Duration
			#@TestName Testing Lockout Duration Long
			#@TestIssue none
			#@TestPurpose Testing Lockout Duration Long
			#@TestPreamble none
			#@TestStep Step 1. User Initial Bind returns 0
			#@TestStep Step 2. User Lockout with Bad Pwd 3x
			SearchObject returns 49 (3x with bad,
			1x with correct one)
			Sleeping sleepForMilliSeconds 8000
			#@TestStep Step 3. User Changing Password returns 49
			#@TestStep Step 4. User Bind With New Password
			SearchObject returns 49
			#@TestPostamble none
			#@TestResult Success if the 4 steps are PASS
			-->

			<testcase name="getTestCaseName('Long Lockout Duration')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -242,7 +327,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
			'dsInstancePswd' : 'strawberry' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -261,7 +346,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -282,15 +367,13 @@
			'Security: lockout Duration: Long Lockout Duration Step 3. User Changing Password'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
			'dsInstancePswd' : 'strawberry' ,
			'DNToModify' : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'newberry' ,
			'changetype' : 'replace' ,
			'dsAuthzID' : 'dn:uid=bjablons,%s' % basedn ,
			'dsNewPassword' : 'newberry' ,
			'expectedRC' : 49 }
			</call>

			@@ -301,7 +384,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bjablons,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
			'dsInstancePswd' : 'newberry' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -314,6 +397,25 @@
			</sequence>
			</testcase>


			<!--- Test Case information
			#@TestMarker Lockout Duration
			#@TestName Postamble
			#@TestIssue none
			#@TestPurpose Postamble
			#@TestPreamble none
			#@TestStep Step 1. Admin resetting Lockout Duration to 0
			#@TestStep Step 2. User Lockout with Bad Pwd 3x
			SearchObject returns 49 (3x with bad,
			1x with correct one)
			Sleeping sleepForMilliSeconds 8000
			#@TestStep Step 3. User Changing Password returns 0
			#@TestStep Step 4. User Bind With New Password
			SearchObject returns 0
			#@TestPostamble none
			#@TestResult Success if the 4 steps are PASS
			-->

			<testcase name="getTestCaseName('Postamble')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -343,7 +445,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -356,15 +458,13 @@
			'Security: Lockout Duration: Postamble Step 3. Admin Resetting User Pwd'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToModify' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'normal' ,
			'changetype' : 'replace' }
			'dsAuthzID' : 'dn:uid=mward,%s' % basedn ,
			'dsNewPassword' : 'normal' }
			</call>

			<message>
			@@ -374,7 +474,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=mward,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=mward,%s' % basedn ,
			'dsInstancePswd' : 'normal' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,

			@@ -32,13 +32,40 @@
			<function name="lockout_fail_cnt">

			<sequence>

			<!--- Test Suite information
			#@TestSuiteName Lockout Failure Count
			#@TestSuitePurpose Test the password Policy Lockout Failure Count
			#@TestSuiteGroup Lockout Failure Count
			#@TestScript security_lockout_fail_cnt.xml
			-->

			<!--- Define default value for basedn,basepwp, msg -->
			<script>
			basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
			basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
			msg = 'Security: Lockout Fail Cnt:'
			</script>

			<!--- Test Case : Preamble 1 - Check Default-->
			<!--- Test Case information
			#@TestMarker Lockout Failure Count
			#@TestName Test Preamble
			#@TestIssue none
			#@TestPurpose Check Default value ds-cfg-lockout-failure-count
			#@TestPreamble none
			#@TestStep Step 1. Check for existence of
			ds-cfg-lockout-failure-count and value is 0
			#@TestStep Step 2. Default Bind With Bad Pwd 3x RC 49
			then User search with good password returns 0
			#@TestPostamble none
			#@TestResult Success if the 2 steps are PASS
			-->

			<testcase name="getTestCaseName('Preamble')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Lockout Fail Cnt: Preamble Step 1. Check for existence of ds-cfg-lockout-failure-count'
			'%s Preamble Step 1. Check for existence of ds-cfg-lockout-failure-count' % msg
			</message>

			<call function="'compareEntry'">
			@@ -47,11 +74,11 @@
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'attrToBeCompared' : 'ds-cfg-lockout-failure-count:0',
			'entryToBeCompared' : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
			'entryToBeCompared' : basepwp }
			</call>

			<message>
			'Security: Lockout Fail Cnt: Preamble Step 2. Default Bind With Bad Pwd 3x'
			'%s Preamble Step 2. Default Bind With Bad Pwd 3x' % msg
			</message>

			<script>
			@@ -62,7 +89,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -74,7 +101,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
			'dsInstancePswd' : 'oranges',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -85,7 +112,18 @@
			</sequence>
			</testcase>

			<!--- Test Case : Amin Change Lockout Cnt -->
			<!--- Test Case information
			#@TestMarker Lockout Failure Count
			#@TestName Admin Change Lockout Count
			#@TestIssue none
			#@TestPurpose Admin Change Lockout Count
			#@TestPreamble none
			#@TestStep Admin Changing Lockout Count set
			lockout-failure-count to 3
			#@TestPostamble none
			#@TestResult Success if modifyPwdPolicy returns 0.
			-->

			<testcase name="getTestCaseName('Admin Change Lockout Cnt')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -108,12 +146,22 @@
			</sequence>
			</testcase>

			<!--- Test Case : Lockout With Bad Pwd 3x -->
			<!--- Test Case information
			#@TestMarker Lockout Failure Count
			#@TestName Lockout With Bad Pwd 3x
			#@TestIssue none
			#@TestPurpose Lockout With Bad Pwd 3x
			#@TestPreamble none
			#@TestStep Lockout With Bad Pwd 3x SearchObject RC 49 3x
			#@TestPostamble none
			#@TestResult Success if the test is PASS
			-->

			<testcase name="getTestCaseName('Lockout With Bad Pwd 3x')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Lockout Fail Cnt: Lockout With Bad Pwd 3x'
			'%s Lockout With Bad Pwd 3x' % msg
			</message>

			<script>
			@@ -124,7 +172,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -138,12 +186,26 @@
			</sequence>
			</testcase>

			<!--- Test Case : Postamble Reset -->
			<!--- Test Case information
			#@TestMarker Lockout Failure Count
			#@TestName Postamble Reset
			#@TestIssue none
			#@TestPurpose Reseting the Password policy and verify it
			#@TestPreamble none
			#@TestStep Step 1. Admin Resetting Lockout Fail Count
			set lockout-failure-count to 0
			#@TestStep Step 2. Check Bind With Previous User Lockout RC 0
			#@TestStep Step 3. Check Bind With Bad Pwd 3x RC 49 3x
			then User search with good password returns 0
			#@TestPostamble none
			#@TestResult Success if the 3 steps are PASS
			-->

			<testcase name="getTestCaseName('Postamble Reset')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Lockout Fail Cnt: Postamble Reset: Step 1. Admin Resetting Lockout Fail Count'
			'%s Postamble Reset: Step 1. Admin Resetting Lockout Fail Count' % msg
			</message>

			<call function="'modifyPwdPolicy'">
			@@ -157,14 +219,14 @@
			</call>

			<message>
			'Security: Lockout Fail Cnt: Postamble Step 2. Check Bind With Previous User Lockout'
			'%s Postamble Step 2. Check Bind With Previous User Lockout' % msg
			</message>

			<!--- Check Lockouted User -->
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
			'dsInstancePswd' : 'oranges' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -172,7 +234,7 @@
			</call>

			<message>
			'Security: Lockout Fail Cnt: Postamble Step 3. Check Bind With Bad Pwd 3x'
			'%s Postamble Step 3. Check Bind With Bad Pwd 3x' % msg
			</message>

			<script>
			@@ -183,7 +245,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=gfarmer,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=gfarmer,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -195,7 +257,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=gfarmer,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=gfarmer,%s' % basedn ,
			'dsInstancePswd' : 'ruling',
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,

			@@ -32,8 +32,30 @@
			<function name="min_pwd_age">

			<sequence>

			<!--- Test Suite information
			#@TestSuiteName Minimum Password Age
			#@TestSuitePurpose Test the Password Policy Minimum Password Age
			#@TestSuiteGroup Minimum Password Age
			#@TestScript security_min_pwd_age.xml
			-->

			<!--- Test Case : Preamble Check -->
			<!--- Define default value for basedn -->
			<script>
			basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
			</script>

			<!--- Test Case information
			#@TestMarker Minimum Password Age
			#@TestName Test Preamble
			#@TestIssue none
			#@TestPurpose Checking existence of ds-cfg-min-password-age
			#@TestPreamble none
			#@TestStep Checking existence of ds-cfg-min-password-age
			#@TestPostamble none
			#@TestResult Success if compareEntry returns 0.
			-->

			<testcase name="getTestCaseName('Preamble Check')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -55,7 +77,22 @@
			</sequence>
			</testcase>

			<!--- Test Case : Test -->
			<!--- Test Case information
			#@TestMarker Minimum Password Age
			#@TestName Test Minimum Password Age
			#@TestIssue none
			#@TestPurpose Test Minimum Password Age
			#@TestPreamble none
			#@TestStep Step 1. Admin Enabling Minimum Pwd Age
			set min-password-age to 24 h
			#@TestStep Step 2. User Changing Password
			ldapPasswordModifyWithScript returns 53
			#@TestStep Step 3. User Searching With Password
			SearchObject returns 49
			#@TestPostamble none
			#@TestResult Success if the 3 steps are PASS
			-->

			<testcase name="getTestCaseName('Test')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -78,15 +115,13 @@
			'Security: Min Pwd Age: Test: Step 2. User Changing Password'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
			'dsInstancePswd' : 'gosling' ,
			'DNToModify' : 'uid=dmiller,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'newgosling' ,
			'changetype' : 'replace' ,
			'dsAuthzID' : 'dn:uid=dmiller,%s' % basedn ,
			'dsNewPassword' : 'newgosling' ,
			'expectedRC' : 53 }
			</call>

			@@ -98,7 +133,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
			'dsInstancePswd' : 'newgosling' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -110,7 +145,23 @@
			</sequence>
			</testcase>

			<!--- Test Case : Postamble Reset -->

			<!--- Test Case information
			#@TestMarker Minimum Password Age
			#@TestName Postamble Reset
			#@TestIssue none
			#@TestPurpose Reseting the password Policy
			#@TestPreamble none
			#@TestStep Step 1. Admin Disabling Minimum Pwd Age
			set min-password-age to 0 s
			#@TestStep Step 2. User Changing Password RC 0
			#@TestStep Step 3. User Searching With Password RC 0
			#@TestStep Step 4. User Changing Password RC 0
			#@TestStep Step 5. User Searching With Password RC 0
			#@TestPostamble none
			#@TestResult Success if returns 0.
			-->

			<testcase name="getTestCaseName('Postamble Reset')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -132,15 +183,13 @@
			'Security: Min Pwd Age: Postamble Reset: Step 2. User Changing Password'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
			'dsInstancePswd' : 'gosling' ,
			'DNToModify' : 'uid=dmiller,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'newgosling' ,
			'changetype' : 'replace' }
			'dsAuthzID' : 'dn:uid=dmiller,%s' % basedn ,
			'dsNewPassword' : 'newgosling' }
			</call>

			<!--- User Search With Password -->
			@@ -151,7 +200,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
			'dsInstancePswd' : 'newgosling' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -163,15 +212,13 @@
			'Security: Min Pwd Age: Postamble Reset: Step 4. User Changing Password'
			</message>

			<call function="'modifyAnAttribute'">
			<call function="'ldapPasswordModifyWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
			'dsInstancePswd' : 'newgosling' ,
			'DNToModify' : 'uid=dmiller,ou=People,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'attributeName' : 'userpassword' ,
			'newAttributeValue' : 'gosling' ,
			'changetype' : 'replace' }
			'dsAuthzID' : 'dn:uid=dmiller,%s' % basedn ,
			'dsNewPassword' : 'gosling' }
			</call>

			<!--- User Search With Password -->
			@@ -182,7 +229,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=dmiller,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
			'dsInstancePswd' : 'gosling' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,

			@@ -33,12 +33,39 @@

			<sequence>

			<!--- Test Case : Preamble 1 - Add New Passwords Policy-->
			<!--- Test Suite information
			#@TestSuiteName Multiple Password Policies
			#@TestSuitePurpose Test Multiple Password Policies
			#@TestSuiteGroup Multiple Password Policies
			#@TestScript security_mult_pwd_policies.xml
			-->

			<!--- Define default value for basedn, msg1, msg2 -->
			<script>
			basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
			msg1 = 'default-password-storage-scheme:Salted SHA-1'
			msg2 = 'password-attribute:userPassword'
			</script>


			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Add New Password Policy
			#@TestIssue none
			#@TestPurpose Preamble - Add Sales Password Policy
			#@TestPreamble none
			#@TestStep with dsconfig create-password-policy Sales
			Password Policy and set
			default-password-storage-schemeSalted SHA-1
			#@TestPostamble none
			#@TestResult Success if dsconfig returns 0
			-->

			<testcase name="getTestCaseName('Preamble')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Mult Pwd Policies: Preamble - Add Sales Password Policy'
			'Security: Mult Pwd Policies: Preamble - Add Sales Password Policy'
			</message>

			<call function="'dsconfig'">
			@@ -46,38 +73,50 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'subcommand' : 'create-password-policy' ,
			'subcommand' : 'create-password-policy' ,
			'objectType' : 'policy-name' ,
			'objectName' : 'Sales Password Policy',
			'optionsString' : '--set "default-password-storage-scheme:Salted SHA-1" --set password-attribute:userPassword',
			'expectedRC' : 0 }
			</call>
			'optionsString' : '--set "%s" --set %s' % (msg1,msg2),
			'expectedRC' : 0 }
			</call>

			<call function="'testCase_Postamble'"/>

			</sequence>
			</testcase>

			<!--- Test Case : Add Entry With New Password Policy -->
			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Adding New Entry With Sales Password Policy
			#@TestIssue none
			#@TestPurpose Adding New Entry With Sales Password Policy
			#@TestPreamble none
			#@TestStep addEntry add_sales_person.ldif
			SearchObject with uid=sguy returns 0
			SearchObject with uid=sgal eturns 0
			#@TestPostamble none
			#@TestResult Success if the test is PASS
			-->
			<testcase name="getTestCaseName('Add New Entry')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Mult Pwd Policies: Adding New Entry With Sales Password Policy'
			'Security: Mult Pwd Policies: Adding New Entry With Sales Password Policy'
			</message>

			<call function="'addEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeAdded' : '%s/security/pwd_policy/add_sales_person.ldif' % logsRemoteDataDir }
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeAdded' : '%s/security/pwd_policy/add_sales_person.ldif' \
			% logsRemoteDataDir }
			</call>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=sguy,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=sguy,%s' % basedn ,
			'dsInstancePswd' : 'superguy' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -87,7 +126,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=sgal,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=sgal,%s' % basedn ,
			'dsInstancePswd' : 'supergal' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -99,7 +138,19 @@
			</sequence>
			</testcase>

			<!--- Test Case : Modify Sales Pwd Policy -->
			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Modify Sales Pwd Policy
			#@TestIssue none
			#@TestPurpose Admin Changing Sales Lockout Count
			#@TestPreamble none
			#@TestStep Admin Changing Sales Lockout Count
			modifyPwdPolicy for Sales Password Policy
			set lockout-failure-count to 3
			#@TestPostamble none
			#@TestResult Success if modifyPwdPolicy returns 0
			-->

			<testcase name="getTestCaseName('Modify Sales Pwd Policy')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -123,12 +174,24 @@
			</testcase>


			<!--- Test Case : Test Sales Password Policy -->
			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Test Sales Password Policy
			#@TestIssue none
			#@TestPurpose Test Sales Password Policy
			#@TestPreamble none
			#@TestStep Testing Sales Pwd Policy with Lockout Count
			search with bad pwd 3x good pwd 1x
			SearchObject returns 49 4x
			#@TestPostamble none
			#@TestResult Success if the test is PASS
			-->

			<testcase name="getTestCaseName('Test Sales Pwd Policy')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
			'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
			</message>

			<script>
			@@ -139,7 +202,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=sguy,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=sguy,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -152,12 +215,25 @@
			</sequence>
			</testcase>

			<!--- Test Case : Test Default Password Policy -->
			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Testing Default Pwd Policy with Lockout Count
			#@TestIssue none
			#@TestPurpose Testing Default Pwd Policy with Lockout Count
			#@TestPreamble none
			#@TestStep Testing Default Pwd Policy with Lockout Count
			search with bad pwd 3x good pwd 1x
			SearchObject returns 49 3x
			SearchObject returns 0 1x
			#@TestPostamble none
			#@TestResult Success if the test is PASS
			-->

			<testcase name="getTestCaseName('Test Default Pwd Policy')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Mult Pwd Policies: Testing Default Pwd Policy with Lockout Count'
			'Security: Mult Pwd Policies: Testing Default Pwd Policy with Lockout Count'
			</message>

			<script>
			@@ -168,7 +244,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=tclow,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=tclow,%s' % basedn ,
			'dsInstancePswd' : '%s' % pwds ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -180,7 +256,7 @@
			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=tclow,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=tclow,%s' % basedn ,
			'dsInstancePswd' : 'cardreader' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,
			@@ -192,7 +268,18 @@
			</sequence>
			</testcase>

			<!--- Test Case : Delete Sales Pwd Policy -->
			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Delete Sales Pwd Policy
			#@TestIssue none
			#@TestPurpose Admin Deleting Sales Lockout Count
			#@TestPreamble none
			#@TestStep Admin Deleting Sales Lockout Count
			dsconfig delete Sales Password Policy
			#@TestPostamble none
			#@TestResult Success if dsconfig returns 0
			-->

			<testcase name="getTestCaseName('Delete Sales Pwd Policy')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			@@ -216,18 +303,28 @@
			</sequence>
			</testcase>

			<!--- Test Case : Test Sales Password Policy 2-->
			<!--- Test Case information
			#@TestMarker Multiple Password Policies
			#@TestName Test Sales Pwd Policy after Remove
			#@TestIssue none
			#@TestPurpose Test Sales Pwd Policy after Remove
			#@TestPreamble none
			#@TestStep Testing Sales Pwd Policy after removing it
			#@TestPostamble none
			#@TestResult Success if SearchObject returns 80 (Other)
			-->

			<testcase name="getTestCaseName('Test Sales Pwd Policy 2')">
			<sequence>
			<call function="'testCase_Preamble'"/>
			<message>
			'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
			'Security: Mult Pwd Policies: Testing Sales Pwd Policy with Lockout Count'
			</message>

			<call function="'SearchObject'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : 'uid=sgal,ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com' ,
			'dsInstanceDn' : 'uid=sgal,%s' % basedn ,
			'dsInstancePswd' : 'supergal' ,
			'dsBaseDN' : 'dc=example,dc=com' ,
			'dsFilter' : 'objectclass=*' ,

			@@ -39,7 +39,7 @@

			<script>
			if not CurrentTestPath.has_key('group'):
			CurrentTestPath['group']='security'
			CurrentTestPath['group']='security'
			CurrentTestPath['suite']=STAXCurrentBlock
			</script>

			@@ -60,19 +60,23 @@


			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_setup_pwd_policy.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_setup_pwd_policy.xml'
			% (TESTS_DIR)"/>
			<call function="'setup_pwd_policy'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_user_pwd_policy.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_user_pwd_policy.xml'
			% (TESTS_DIR)"/>
			<call function="'user_pwd_policy'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_force_pwd_change.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_force_pwd_change.xml'
			% (TESTS_DIR)"/>
			<call function="'force_pwd_change'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_force_pwd_change_all_users.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_force_pwd_change_all_users.xml'
			% (TESTS_DIR)"/>
			<call function="'force_pwd_change_all_users'" />
			<!--
			<import machine="STAF_LOCAL_HOSTNAME"
			@@ -84,35 +88,43 @@
			<call function="'disable_max_pwd_age'" />
			-->
			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_min_pwd_age.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_min_pwd_age.xml'
			% (TESTS_DIR)"/>
			<call function="'min_pwd_age'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_lockout_fail_cnt.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_lockout_fail_cnt.xml'
			% (TESTS_DIR)"/>
			<call function="'lockout_fail_cnt'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_grace_login.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_grace_login.xml'
			% (TESTS_DIR)"/>
			<call function="'grace_login'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_mult_pwd_policies.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_mult_pwd_policies.xml'
			% (TESTS_DIR)"/>
			<call function="'mult_pwd_policies'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_preencoded_pwds.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_preencoded_pwds.xml'
			% (TESTS_DIR)"/>
			<call function="'preencoded_pwds'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_lockout_duration.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_lockout_duration.xml'
			% (TESTS_DIR)"/>
			<call function="'lockout_duration'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_last_login.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_last_login.xml'
			% (TESTS_DIR)"/>
			<call function="'last_login'" />

			<import machine="STAF_LOCAL_HOSTNAME"
			file="'%s/testcases/security/pwd_policy/security_teardown_pwd_policy.xml' % (TESTS_DIR)"/>
			file="'%s/testcases/security/pwd_policy/security_teardown_pwd_policy.xml'
			% (TESTS_DIR)"/>
			<call function="'teardown_pwd_policy'" />

			@@ -41,7 +41,6 @@
			#@TestScript security_setup_pwd_policy.xml
			-->


			<!--- Test Case information
			#@TestMarker setup Password Policy
			#@TestName setup: Add Initials Entries
			@@ -62,11 +61,12 @@
			</message>

			<call function="'addEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeAdded' : '%s/security/pwd_policy/pwd_policy_startup.ldif' % logsRemoteDataDir }
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeAdded' : '%s/security/pwd_policy/pwd_policy_startup.ldif'\
			% logsRemoteDataDir }
			</call>

			<call function="'testCase_Postamble'"/>

			@@ -33,8 +33,24 @@

			<sequence>

			<!--- Test Case : Password Policy Teardown -->
			<!--- Delete Branch -->
			<!--- Test Suite information
			#@TestSuiteName Teardown
			#@TestSuitePurpose Test Teardown in Password Policy
			#@TestSuiteGroup Teardown
			#@TestScript security_lockout_duration.xml
			-->

			<!--- Test Case information
			#@TestMarker Teardown
			#@TestName Delete Branch
			#@TestIssue none
			#@TestPurpose Delete Branch
			#@TestPreamble none
			#@TestStep DeleteEntry -x o=Pwd Policy Tests
			#@TestPostamble none
			#@TestResult Success if the step is PASS
			-->

			<testcase name="getTestCaseName('Postamble Reset')">
			<sequence>
			<call function="'testCase_Preamble'"/>