Add Password Policy Grace Login functional tests

Gary Williams

09.01.2012 e53d4a8c06e02955add776517d15433266becf9a

Add Password Policy Grace Login functional tests

 opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login.xml

New file
@@ -0,0 +1,155 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 ! 
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
 ! or http://forgerock.org/license/CDDLv1.0.html.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 ! 
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/CDDLv1_0.txt.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2012 ForgeRock AS.
 ! -->
<stax>
  <defaultcall function="main_pwp_grace_login"/>
  <function name="main_pwp_grace_login" scope="local">
    <sequence>
      <block name="'main_pwp_grace_login'">
        <try>
          <sequence>
            <script>
              CurrentTestPath['group'] = 'password_policy'        
              CurrentTestPath['suite'] = 'grace_login'
              
              _group=CurrentTestPath['group']
              _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
              _label = 'PWP Grace Login'
            </script>

            <!--- Test Suite information
            #@TestSuiteName       Password policy grace_login test suite
            #@TestSuitePurpose    Verify password policy grace_login operations
            #@TestSuiteID         grace_login
            #@TestSuiteGroup      password_policy
            #@TestGroup           password_policy
            #@TestScript          password_policy.xml
            #@TestHTMLLink        http://www.forgerock.org/
            -->          
            <call function="'testSuite_Preamble'"/>

            <try>
              <sequence> 

                <call function="'common_setup'">
                  {
                    'quickStart'    : False ,
                    'startServer'   : True  ,
                    'loadData'      : True  ,
                    'ldifFile'      : '%s/password_policy/pwp_startup.ldif' % remote.data ,
                    'stopServer'    : False ,
                    'friendlyName'  : _label
                  }
                </call>

                <!-- List of Import of Test Functions -->
                <script>
                  importList=[]
                  importList.append('grace_login/pwp_grace_login_tests')
                </script>

                <!-- Import the files for this test suite -->
                <iterate var="_import" in="importList">
                  <import machine="STAF_LOCAL_HOSTNAME"
                    file="'%s/%s.xml' % (_groupdir,_import)"/>
                </iterate>                                                                       

                <!-- Specific to grace_login password policy tests -->
                  <script>
                    basedn1 = 'ou=people,ou=password tests,'
                    basedn = '%s o=Pwd Policy Tests,dc=example,dc=com' % basedn1
                    basepwp ='cn=Default Password Policy,cn=Password Policies,cn=config'
                    msg = 'Security: Grace Login:'
                    msg1 = 'Password Policy DN:  %s' % basepwp
                    msg2 = 'Account Is Disabled:  false'
                    msg3 = 'Password History:'
                  
                    grace_login_count = 3
                  </script>
                                                    
                <!-- List of Test Cases -->
                <script>
                  testsList=[]
                  testsList.append('pwp_grace_login_001')
                  testsList.append('pwp_grace_login_002')
                  testsList.append('pwp_grace_login_003')
                  testsList.append('pwp_grace_login_004')
                  testsList.append('pwp_grace_login_005')
                  testsList.append('pwp_grace_login_006')
                  testsList.append('pwp_grace_login_007')
                </script>

                <!-- Execute the Tests -->
                <iterate var="__test" in="testsList">
                  <sequence>
                    <call function="'%s' % (__test)" />
                  </sequence>
                </iterate>                
                                
              </sequence>
            <catch exception="'STAFException.TestSuite.SetupException'">
              <sequence>
                <message log="1" level="'fatal'">
                  'Setup of test suite failed.'
                </message>
                <rethrow/>
              </sequence>
            </catch>

            <finally>
              <message>'Test Cases Completed.'</message>
            </finally>

            </try>

          </sequence>
          
          <finally>
            <sequence>
              <!-- Test Suite Cleanup -->
              <message>'Finally: Password Policy Cleanup.'</message>
              <try>
                <call function="'common_cleanup'">
                  { 'friendlyName' :_label }
                </call>
              <catch exception="'STAFException'">
                <sequence>
                  <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
                </sequence>
              </catch>
              <finally>
                <call function="'testSuite_Postamble'"/>
              </finally>
              </try>
            </sequence>
          </finally>
 
        </try>
      </block>
    </sequence>
  </function>
</stax>

 opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml

New file
@@ -0,0 +1,777 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !      Copyright 2007-2008 Sun Microsystems, Inc.
 !      Portions Copyright 2012 ForgeRock AS
 ! -->
<stax>

  <!--- Test Case information
    #@TestMarker          Grace Login
    #@TestName            Admin Changing Password Policy Settings
    #@TestIssue           None
    #@TestPurpose         Admin Changing Password Policy Settings
    #@TestPreamble        None
    #@TestStep            Set expire-passwords-without-warning true
    #@TestStep            Set min-password-age 1s
    #@TestStep            Set max-password-age 3s
    #@TestStep            Set password-expiration-warning-interval 1s
    #@TestStep            Set grace-login-count 3
    #@TestPostamble       None
    #@TestResult          Success if dsconfig returns 0
  -->
  <function name="pwp_grace_login_001" scope="local">
    <testcase name="getTestCaseName('PWP Set Password Policy Settings')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Modifying password policy setting.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "expire-passwords-without-warning:true"')
              options.append('--set "allow-expired-password-changes:true"')
              options.append('--set "min-password-age:1s"')
              options.append('--set "max-password-age:3s"')
              options.append('--set "password-expiration-warning-interval:1s"')
              options.append('--set "grace-login-count:%s"' % grace_login_count)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Default Password Policy.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
               
              }
            </call>     
  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Grace Login
    #@TestName            Min Password Age More than Max Password Age
    #@TestIssue           None
    #@TestPurpose         Verify that min-password-age is not more than max-password-age
    #@TestPreamble        None
    #@TestStep            Change Password Policy min password age beyond limit
    #@TestStep            Set min-password-age 10s
    #@TestStep            Set max-password-age 3s
    #@TestStep            Set password-expiration-warning-interval 1s
    #@TestPostamble       None
    #@TestResult          Success if dsconfig returns 1
  -->
  <function name="pwp_grace_login_002" scope="local">
    <testcase name="getTestCaseName('PWP Min Password Age Greater than Max Password Age')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin modifying password policy settings.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "min-password-age:10s"')
              options.append('--set "max-password-age:3s"')
              options.append('--set "password-expiration-warning-interval:1s"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedRC'          : 1
              }
            </call>          
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Grace Login
    #@TestName            Min Password Age More than Expiration Warning Interval
    #@TestIssue           None
    #@TestPurpose         Verify that min-password-age is not more than password-expiration-warning-interval
    #@TestPreamble        None
    #@TestStep            Change Password Policy min password age to limit
    #@TestStep            Set min-password-age 2s
    #@TestStep            Set max-password-age 3s
    #@TestStep            Set password-expiration-warning-interval 1s
    #@TestPostamble       None
    #@TestResult          Success if dsconfig returns 1
  -->
  <function name="pwp_grace_login_003" scope="local">
    <testcase name="getTestCaseName('PWP Min Password Age More than Expiration Warning Interval')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>        

            <call function="'testStep'">
              { 'stepMessage' : '%s Modifying password policy settings.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "min-password-age:2s"')
              options.append('--set "max-password-age:3s"')
              options.append('--set "password-expiration-warning-interval:1s"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedRC'          : 1
              }
            </call>

          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker       Grace Login
    #@TestName         Password Expiration Warning Interval Too Big
    #@TestIssue        None
    #@TestPurpose      Verify that password-expiration-warning-interval can not be
                       greater than max-password-age
    #@TestPreamble     None
    #@TestStep         Change Password Policy expire warning interval beyond limit
    #@TestStep         Set min-password-age 1s
    #@TestStep         Set max-password-age 3s
    #@TestStep         Set password-expiration-warning-interval 10 s
    #@TestPostamble    None
    #@TestResult       Success if dsconfig returns 1
  -->
  <function name="pwp_grace_login_004" scope="local">
    <testcase name="getTestCaseName('PWP Password Expiration Warning Interval Too Big')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin modifying password policy settings.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "min-password-age:1s"')
              options.append('--set "max-password-age:3s"')
              options.append('--set "password-expiration-warning-interval:10s"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions,
                'expectedRC'          : 1
              }
            </call>
  
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Grace Login
    #@TestName            Grace Login Count Expired
    #@TestIssue           None
    #@TestPurpose         Grace Login Count Expired
    #@TestPreamble        None
    #@TestStep            Pause 2 seconds
    #@TestStep            Verify grace login use times with manage-account
    #@TestStep            Search Bind 1 SearchObject returns 19
    #@TestStep            Verify remaining grace login with manage-account
    #@TestStep            Verify grace login use times with manage-account
    #@TestStep            Search Bind 2 SearchObject returns 19
    #@TestStep            Verify remaining grace login with manage-account
    #@TestStep            Search Bind 3 SearchObject returns 49
    #@TestStep            Verify remaining grace login with manage-account
    #@TestStep            Search Bind 4 SearchObject returns 49
    #@TestStep            Verify remaining grace login with manage-account
    #@TestStep            Verify manage-account get-all
    #@TestPostamble       None
    #@TestResult          Success if all the steps are PASS
  -->
  <function name="pwp_grace_login_005" scope="local">
    <testcase name="getTestCaseName('PWP Grace Login Count Expired')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>        

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Default Password Policy.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
               
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Pause 2 seconds.' % msg }
            </call>

            <call function="'Sleep'">
              { 'sleepForMilliSeconds' : '2000' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Verify remaining grace login count with manage-account ' % msg }
            </call>

            <call function="'manageAccountWithScript'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'subcommand'       : 'get-remaining-grace-login-count' ,
                  'targetDn'         : 'uid=btalbot,%s' % basedn }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Verify grace login use times with manage-account ' % msg }
            </call>

            <call function="'manageAccountWithScript'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'subcommand'       : 'get-grace-login-use-times' ,
                  'targetDn'         : 'uid=btalbot,%s' % basedn }
            </call>
            
            <script> 
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'Grace Login Use Times:' }
            </call>

            <!-- The password has expired, entering grace login period -->
            <script>
              remaining_grace_login_count = 2
            </script>
            <loop from="1" to="grace_login_count" var="loop">

              <sequence>

                <call function="'testStep'">
                  { 'stepMessage' : '%s Search Bind %s' % (msg,loop) }
                </call>
    
                <call function="'SearchObject'">
                    { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                      'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                      'dsInstanceDn'     : 'uid=btalbot,%s' % basedn ,
                      'dsInstancePswd'   : 'trident',
                      'dsBaseDN'         : 'dc=example,dc=com' ,
                      'dsFilter'         : 'objectclass=*'  ,
                      'extraParams'      : '-s base' ,
                      'expectedRC'       : 19 }
                </call>
                
                <call function="'testStep'">
                  { 'stepMessage' : '%s Verify remaining grace login count.' % msg }
                </call>
    
                <call function="'manageAccountWithScript'">
                    { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                      'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                      'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                      'subcommand'       : 'get-remaining-grace-login-count' ,
                      'targetDn'         : 'uid=btalbot,%s' % basedn }
                </call>
                
                <script> 
                 returnString = STAXResult[0][1]
                </script>
                
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'Remaining Grace Login Count:  %s' % remaining_grace_login_count }
                </call>
    
                <call function="'testStep'">
                  { 'stepMessage' : '%s Verify grace login use times.' % msg }
                </call>
    
                <call function="'manageAccountWithScript'">
                    { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                      'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                      'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                      'subcommand'       : 'get-grace-login-use-times' ,
                      'targetDn'         : 'uid=btalbot,%s' % basedn }
                </call>
                
                <script> 
                 returnString = STAXResult[0][1]
                </script>
    
                <!-- TODO: WTF -->            
                <call function="'checktestString'">
                    { 'returnString'       : returnString ,
                      'expectedString'     : 'Grace Login Use Times:  20' }
                </call>
  
                <script>
                  remaining_grace_login_count -= 1
                </script>
              
              </sequence>
            </loop>


            <!-- The password has expired, no grace logins remaining -->
            <call function="'testStep'">
              { 'stepMessage' : '%s Search Bind 4' % msg }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=btalbot,%s' % basedn ,
                  'dsInstancePswd'   : 'trident',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 49 }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s Verify remaining grace login with manage-account' % msg }
            </call>

            <call function="'manageAccountWithScript'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'subcommand'       : 'get-remaining-grace-login-count' ,
                  'targetDn'         : 'uid=btalbot,%s' % basedn }
            </call>
            
            <script> 
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : 'Remaining Grace Login Count:  0' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Verify manage-account get-all' % msg }
            </call>

            <call function="'manageAccountWithScript'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstanceDn'     : DIRECTORY_INSTANCE_DN ,
                  'dsInstancePswd'   : DIRECTORY_INSTANCE_PSWD ,
                  'subcommand'       : 'get-all' ,
                  'targetDn'         : 'uid=btalbot,%s' % basedn }
            </call>
            
            <script> 
             returnString = STAXResult[0][1]
            </script>
            
            <call function="'checktestString'">
                { 'returnString'       : returnString ,
                  'expectedString'     : msg1 ,
                  'expectedString'     : msg2 ,
                  'expectedString'     : msg3 }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Grace Login
    #@TestName            User Reset Password During Grace Login
    #@TestIssue           None
    #@TestPurpose         User Reset Password During Grace Login
    #@TestPreamble        None
    #@TestStep            Search Bind 1 SearchObject returns 19
    #@TestStep            User resetting password
    #@TestStep            Admin reset max password age set 
    #@TestStep            Set max-password-age to 24h
    #@TestStep            Search Bind 2 SearchObject returns 0
    #@TestStep            Search Bind 2 SearchObject returns 0
    #@TestPostamble       None
    #@TestResult          Success if the 5 steps are PASS
  -->
  <function name="pwp_grace_login_006" scope="local">
    <testcase name="getTestCaseName('PWP User Reset Password During Grace Login')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message> 

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Password, Search Bind 1' % msg }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'   : 'forsook',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' ,
                  'expectedRC'       : 19 }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Password, User resetting password' % msg }
            </call>

            <call function="'ldapPasswordModifyWithScript'">
                { 'dsInstanceHost'         : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'         : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'           : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'         : 'forsook' ,
                  'dsAuthzID'              : 'dn:uid=kwinters,%s' % basedn ,
                  'dsNewPassword'          : 'newforsook' }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Password, Admin reset max password age' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--set "max-password-age:24h"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Password, Search Bind 2' % msg }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'   : 'newforsook',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>
            
            <call function="'testStep'">
              { 'stepMessage' : '%s Reset Password, Search Bind 3' % msg }
            </call>

            <call function="'SearchObject'">
                { 'dsInstanceHost'   : DIRECTORY_INSTANCE_HOST ,
                  'dsInstancePort'   : DIRECTORY_INSTANCE_PORT ,
                  'dsInstanceDn'     : 'uid=kwinters,%s' % basedn ,
                  'dsInstancePswd'   : 'newforsook',
                  'dsBaseDN'         : 'dc=example,dc=com' ,
                  'dsFilter'         : 'objectclass=*'  ,
                  'extraParams'      : '-s base' }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
    #@TestMarker          Grace Login
    #@TestName            Admin Resetting Password Policy Settings
    #@TestIssue           None
    #@TestPurpose         Admin Resetting Password Policy Settings
    #@TestPreamble        None
    #@TestStep            Reset expire-passwords-without-warning to false
    #@TestStep            Reset max-password-age 0s
    #@TestStep            Reset min-password-age 0s
    #@TestStep            Reset password-expiration-warning-interval 5d
    #@TestStep            Reset grace-login-count 0
    #@TestPostamble       None
    #@TestResult          Success if dsconfig returns 0
  -->
  <function name="pwp_grace_login_007" scope="local">
    <testcase name="getTestCaseName('PWP Admin Reset Password Policy Settings')">                     
      <sequence> 
        <try>
          <sequence>
       
            <call function="'testCase_Preamble'"/>

            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>      

            <call function="'testStep'">
              { 'stepMessage' : '%s Admin resetting password policy settings.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              options.append('--reset expire-passwords-without-warning')
              options.append('--reset allow-expired-password-changes')
              options.append('--reset max-password-age')
              options.append('--reset min-password-age')
              options.append('--reset password-expiration-warning-interval')
              options.append('--reset grace-login-count')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'set-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : '%s Get Default Password Policy.' % msg }
            </call>

            <script>
              options=[]
              options.append('--policy-name "Default Password Policy"')
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'dsInstanceHost'      : DIRECTORY_INSTANCE_HOST,
                'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
                'dsInstanceDn'        : DIRECTORY_INSTANCE_DN,
                'dsInstancePswd'      : DIRECTORY_INSTANCE_PSWD,
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
               
              }
            </call>
            
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <sequence>
              <call function="'testCase_Postamble'"/>
            </sequence>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

</stax>

 opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml

@@ -51,8 +51,9 @@

            <script>
              suiteList = []
              #suiteList.append('max_pwd_age')
              suiteList.append('max_pwd_age')
              suiteList.append('force_pwd_change')
              suiteList.append('grace_login')
            </script>
    
            <!-- Run the test suites -->