From 6edd12a189c0c6036980818d895c8e8cc6fd2e6b Mon Sep 17 00:00:00 2001
From: Gary Williams <gary.williams@forgerock.com>
Date: Mon, 12 Mar 2012 12:12:18 +0000
Subject: [PATCH] Re-write of password policy functional tests part 2
---
opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default.xml | 148 +
opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default_tests.xml | 479 ++++++
opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds.xml | 147 +
opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_policy.xml | 154 +
opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes_tests.xml | 605 +++++++
opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age_tests.xml | 323 ++++
opends/tests/staf-tests/functional-tests/testcases/password_policy/last_login/pwp_last_login_tests.xml | 8
opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_user_tests.xml | 214 ++
opends/tests/staf-tests/shared/functions/ldap.xml | 11
opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_failure_count_tests.xml | 438 +++++
opends/tests/staf-tests/functional-tests/testcases/password_policy/force_pwd_change/pwp_force_pwd_change_all_users_tests.xml | 6
opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age.xml | 144 +
opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout.xml | 157 ++
opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_duration_tests.xml | 602 +++++++
opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml | 13
opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes.xml | 149 +
opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds_tests.xml | 368 ++++
opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml | 10
opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_auth_tests.xml | 674 ++++++++
19 files changed, 4,632 insertions(+), 18 deletions(-)
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes.xml
new file mode 100644
index 0000000..257a9d0
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes.xml
@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+ <defaultcall function="main_pwp_allow_user_password_changes"/>
+ <function name="main_pwp_allow_user_password_changes" scope="local">
+ <sequence>
+ <block name="'main_pwp_allow_user_password_changes'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'password_policy'
+ CurrentTestPath['suite'] = 'allow_user_password_changes'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'PWP Allow User Pswd Changes'
+ </script>
+
+ <!--- Test Suite information
+ #@TestSuiteName Password policy allow_user_password_changes test suite
+ #@TestSuitePurpose Verify password policy allow_user_password_changes operations
+ #@TestSuiteID allow_user_password_changes
+ #@TestSuiteGroup password_policy
+ #@TestGroup password_policy
+ #@TestScript password_policy.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+ <call function="'testSuite_Preamble'"/>
+
+ <try>
+ <sequence>
+
+ <call function="'common_setup'">
+ {
+ 'quickStart' : False ,
+ 'startServer' : True ,
+ 'loadData' : True ,
+ 'ldifFile' : '%s/password_policy/pwp_startup.ldif' % remote.data ,
+ 'stopServer' : False ,
+ 'friendlyName' : _label
+ }
+ </call>
+
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('allow_user_password_changes/pwp_allow_user_password_changes_tests')
+ </script>
+
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
+
+ <!-- Specific to allow_user_password_changes password policy tests -->
+ <script>
+ basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
+ basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
+ msg1 = 'Password Policy: Allow User Pswd Changes:'
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('pwp_allow_user_pswd_changes_001')
+ testsList.append('pwp_allow_user_pswd_changes_002')
+ testsList.append('pwp_allow_user_pswd_changes_003')
+ testsList.append('pwp_allow_user_pswd_changes_004')
+ testsList.append('pwp_allow_user_pswd_changes_005')
+ testsList.append('pwp_allow_user_pswd_changes_006')
+ testsList.append('pwp_allow_user_pswd_changes_007')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+ <catch exception="'STAFException.TestSuite.SetupException'">
+ <sequence>
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
+ </message>
+ <rethrow/>
+ </sequence>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
+
+ </try>
+
+ </sequence>
+
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Password Policy Cleanup.'</message>
+ <try>
+ <call function="'common_cleanup'">
+ { 'friendlyName' :_label }
+ </call>
+ <catch exception="'STAFException'">
+ <sequence>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
+ </sequence>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </finally>
+
+ </try>
+ </block>
+ </sequence>
+ </function>
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes_tests.xml
new file mode 100644
index 0000000..74f69d5
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/allow_user_password_changes/pwp_allow_user_password_changes_tests.xml
@@ -0,0 +1,605 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2006-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName Get Allow User Password Changes
+ #@TestIssue None
+ #@TestPurpose Get ds-cfg-allow-user-password-changes
+ #@TestPreamble None
+ #@TestStep Check ds-cfg-allow-user-password-changes
+ #@TestStep Check the output of the command.
+ #@TestPostamble None
+ #@TestResult Success if compareEntry returns 0 and the
+ output is correct.
+ -->
+ <function name="pwp_allow_user_pswd_changes_001" scope="local">
+ <testcase name="getTestCaseName('PWP Get Allow User Password Changes')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Allow User Password Changes Property.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--property "allow-user-password-changes"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions,
+ 'expectedString' : 'allow-user-password-changes : true'
+
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Allow User Password Changes Attribute.' % msg1 }
+ </call>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'attrToBeCompared' : 'ds-cfg-allow-user-password-changes:true',
+ 'entryToBeCompared' : basepwp }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName Check User Search With Password
+ #@TestIssue None
+ #@TestPurpose Check User Search With Password
+ #@TestPreamble None
+ #@TestStep Check User Search With Password
+ #@TestStep Check the output of the command.
+ #@TestPostamble None
+ #@TestResult Success if SearchObject returns 0
+ -->
+ <function name="pwp_allow_user_pswd_changes_002" scope="local">
+ <testcase name="getTestCaseName('PWP User Search')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'sprain' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName Check User Search With Bad Password
+ #@TestIssue None
+ #@TestPurpose Check User Search With Bad Password
+ #@TestPreamble None
+ #@TestStep Check User Search With Bad Password
+ #@TestPostamble None
+ #@TestResult Success if SearchObject returns 49
+ -->
+ <function name="pwp_allow_user_pswd_changes_003" scope="local">
+ <testcase name="getTestCaseName('PWP User Search With Bad Password')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Bad Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'newsprain' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName User With Bad Credentials Change Password
+ #@TestIssue None
+ #@TestPurpose Check User Search With Bad Credentials
+ #@TestPreamble None
+ #@TestStep Check User Search With Bad Credentials
+ #@TestPostamble None
+ #@TestResult Success if ldapPasswordModifyWithScript returns 49
+ -->
+ <function name="pwp_allow_user_pswd_changes_004" scope="local">
+ <testcase name="getTestCaseName('PWP User With Bad Credentials Change Password')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User with Bad Credentials Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'BadPwd' ,
+ 'dsAuthzID' : 'dn:uid=scarter,%s' % basedn ,
+ 'dsNewPassword' : 'newsprain' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName User Change Password
+ #@TestIssue None
+ #@TestPurpose User Change Password
+ #@TestPreamble None
+ #@TestStep Step 1 User Change Password
+ #@TestStep Step 2 User Searching With Old Password
+ #@TestStep Step 3 User Searching With New Password
+ #@TestPostamble None
+ #@TestResult Success if SearchObject returns 0
+ -->
+ <function name="pwp_allow_user_pswd_changes_005" scope="local">
+ <testcase name="getTestCaseName('PWP User Changing Own Password')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'sprain' ,
+ 'dsAuthzID' : 'dn:uid=scarter,%s' % basedn ,
+ 'dsNewPassword' : 'newsprain' ,
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Old Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'sprain' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With New Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'newsprain' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName Admin Change Password Policy
+ #@TestIssue None
+ #@TestPurpose Admin Change Password Policy
+ #@TestPreamble None
+ #@TestStep Step 1 Modify the Password Policy by setting
+ allow-user-password-changes to false
+ #@TestStep Step 2 User resetting password should fail (49)
+ #@TestStep Step 3 Check manage-account get-password-is-reset
+ #@TestPostamble None
+ #@TestResult Success if ldapPasswordModifyWithScript returns 49
+ -->
+ <function name="pwp_allow_user_pswd_changes_006" scope="local">
+ <testcase name="getTestCaseName('PWP Allow User Password Changes False')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Allow User Password Changes to false.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "allow-user-password-changes:false"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Resetting Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'sprain' ,
+ 'dsAuthzID' : 'dn:uid=scarter,%s' % basedn ,
+ 'dsNewPassword' : 'sprain' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Check manage-account get-password-is-reset.' % msg1 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-password-is-reset' ,
+ 'targetDn' : 'uid=scarter,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Password Is Reset: false' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker User Password Policy
+ #@TestName Allow User Password Changes
+ #@TestIssue None
+ #@TestPurpose Allow User Password Changes
+ #@TestPreamble None
+ #@TestStep Step 1 - Admin Resetting Password Policy
+ set allow-user-password-changes to true
+ #@TestStep Step 2 - User Resetting Password
+ #@TestStep Step 3 - Check manage-account
+ get-password-is-reset
+ #@TestStep Step 4 - check manage-account
+ get-password-changed-time
+ #@TestStep Step 5 - User Searching With Old Password
+ #@TestStep Step 6 - User Searching With New Password
+ #@TestPostamble None
+ #@TestResult Success if SearchObject returns 0.
+ -->
+ <function name="pwp_allow_user_pswd_changes_007" scope="local">
+ <testcase name="getTestCaseName('PWP Reset Allow User Password Changes')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Reset Allow User Password Changes.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--reset allow-user-password-changes')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Resetting Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'newsprain' ,
+ 'dsAuthzID' : 'dn:uid=scarter,%s' % basedn ,
+ 'dsNewPassword' : 'sprain' ,
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Check manage-account get-password-is-reset.' % msg1 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-password-is-reset' ,
+ 'targetDn' : 'uid=scarter,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Password Is Reset: false' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Check manage-account get-password-changed-time.' % msg1 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-password-changed-time' ,
+ 'targetDn' : 'uid=scarter,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Password Changed Time: 2' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Old Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'newsprain' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With New Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=scarter,%s' % basedn ,
+ 'dsInstancePswd' : 'sprain' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/force_pwd_change/pwp_force_pwd_change_all_users_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/force_pwd_change/pwp_force_pwd_change_all_users_tests.xml
index 957efd6..6317c81 100755
--- a/opends/tests/staf-tests/functional-tests/testcases/password_policy/force_pwd_change/pwp_force_pwd_change_all_users_tests.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/force_pwd_change/pwp_force_pwd_change_all_users_tests.xml
@@ -285,7 +285,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'will expire' }
</call>
@@ -410,7 +410,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Password Changed by Required Time:' }
</call>
@@ -431,7 +431,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Seconds Until Required Change Time:' }
</call>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml
index 778f255..1fc4275 100644
--- a/opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/grace_login/pwp_grace_login_tests.xml
@@ -407,7 +407,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Grace Login Use Times:' }
</call>
@@ -451,7 +451,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Remaining Grace Login Count: %s' % remaining_grace_login_count }
</call>
@@ -473,7 +473,7 @@
</script>
<!-- TODO: WTF -->
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Grace Login Use Times: 20' }
</call>
@@ -518,7 +518,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Remaining Grace Login Count: 0' }
</call>
@@ -539,7 +539,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : msg1 ,
'expectedString' : msg2 ,
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/last_login/pwp_last_login_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/last_login/pwp_last_login_tests.xml
index a0a7813..a907f3a 100644
--- a/opends/tests/staf-tests/functional-tests/testcases/password_policy/last_login/pwp_last_login_tests.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/last_login/pwp_last_login_tests.xml
@@ -345,7 +345,7 @@
#@TestStep Check manage-account get-last-login-time
#@TestStep Checking for Absence of Last Login Time
#@TestStep SearchObject ds-pwp-last-login-time returns 0
- #@TestStep checktestString ds-pwp-last-login-time
+ #@TestStep searchString ds-pwp-last-login-time
#@TestPostamble none
#@TestResult Success if the 3 steps are PASS
-->
@@ -435,7 +435,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Last Login Time: 2' }
</call>
@@ -458,7 +458,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'ds-pwp-last-login-time' }
</call>
@@ -794,7 +794,7 @@
returnString = STAXResult[0][1]
</script>
- <call function="'checktestString'">
+ <call function="'searchString'">
{ 'returnString' : returnString ,
'expectedString' : 'Seconds Until Idle Account Lockout: ' }
</call>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout.xml
new file mode 100644
index 0000000..487dea9
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+ <defaultcall function="main_pwp_lockout"/>
+ <function name="main_pwp_lockout" scope="local">
+ <sequence>
+ <block name="'main_pwp_lockout'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'password_policy'
+ CurrentTestPath['suite'] = 'lockout'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'PWP Account Lockout'
+ </script>
+
+ <!--- Test Suite information
+ #@TestSuiteName Password policy lockout test suite
+ #@TestSuitePurpose Verify password policy lockout operations
+ #@TestSuiteID lockout
+ #@TestSuiteGroup password_policy
+ #@TestGroup password_policy
+ #@TestScript password_policy.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+ <call function="'testSuite_Preamble'"/>
+
+ <try>
+ <sequence>
+
+ <call function="'common_setup'">
+ {
+ 'quickStart' : False ,
+ 'startServer' : True ,
+ 'loadData' : True ,
+ 'ldifFile' : '%s/password_policy/pwp_startup.ldif' % remote.data ,
+ 'stopServer' : False ,
+ 'friendlyName' : _label
+ }
+ </call>
+
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('lockout/pwp_lockout_duration_tests')
+ importList.append('lockout/pwp_lockout_failure_count_tests')
+ </script>
+
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
+
+ <!-- Specific to lockout password policy tests -->
+ <script>
+ # Common
+ basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
+ basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
+
+ # Lockout Duration
+ msg1 = 'Security: Lockout Duration:'
+
+ # Lockout Failure
+ msg2 = 'Security: Lockout Failure Count:'
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('pwp_lockout_duration_001')
+ testsList.append('pwp_lockout_duration_002')
+ testsList.append('pwp_lockout_duration_003')
+ testsList.append('pwp_lockout_duration_004')
+ testsList.append('pwp_lockout_failure_count_001')
+ testsList.append('pwp_lockout_failure_count_002')
+ testsList.append('pwp_lockout_failure_count_003')
+ testsList.append('pwp_lockout_failure_count_004')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+ <catch exception="'STAFException.TestSuite.SetupException'">
+ <sequence>
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
+ </message>
+ <rethrow/>
+ </sequence>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
+
+ </try>
+
+ </sequence>
+
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Password Policy Cleanup.'</message>
+ <try>
+ <call function="'common_cleanup'">
+ { 'friendlyName' :_label }
+ </call>
+ <catch exception="'STAFException'">
+ <sequence>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
+ </sequence>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </finally>
+
+ </try>
+ </block>
+ </sequence>
+ </function>
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_duration_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_duration_tests.xml
new file mode 100644
index 0000000..4080243
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_duration_tests.xml
@@ -0,0 +1,602 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2006-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock AS
+ ! -->
+<stax>
+
+ <!--- Test Case information
+ #@TestMarker Lockout Duration
+ #@TestName Default Lockout Duration
+ #@TestIssue None
+ #@TestPurpose Verify that the default lockout duration is working
+ #@TestPreamble None
+ #@TestStep Step 1. Get Lockout Duration
+ #@TestStep Step 2. Set Lockout Failure Count to 3
+ #@TestStep Step 3. User Lockout With Bad Password 3x
+ #@TestStep Step 4. Admin Resets User Password
+ #@TestStep Step 5. User Bind With New Password
+ #@TestPostamble None
+ #@TestResult Success if the 5 steps are PASS
+ -->
+ <function name="pwp_lockout_duration_001" scope="local">
+ <testcase name="getTestCaseName('PWP Default Lockout Duration')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Lockout Duration.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--property "lockout-duration"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions,
+ 'expectedString' : 'lockout-duration : 0 s'
+
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Compare Lockout Duration Attribute.' % msg1 }
+ </call>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'attrToBeCompared' : 'ds-cfg-lockout-duration:0 seconds',
+ 'entryToBeCompared' : basepwp }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Lockout Failure Count.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "lockout-failure-count:3"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad', 'normal']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Admin Resetting User Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsAuthzID' : 'dn:uid=mward,%s' % basedn ,
+ 'dsNewPassword' : 'adminnormal' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : 'adminnormal' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+
+ <!--- Test Case information
+ #@TestMarker Lockout Duration
+ #@TestName Lockout Duration Short
+ #@TestIssue None
+ #@TestPurpose Lockout Duration Short
+ #@TestPreamble None
+ #@TestStep Step 1. User Lockout with Bad Password 3x
+ SearchObject returns 49 (3x with bad,
+ 1x with correct one)
+ Sleeping sleepForMilliSeconds 8000
+ #@TestStep Step 2. User Changing Password returns 0
+ #@TestStep Step 3. Admin Resetting User Password
+ #@TestStep Step 4. User Bind With New Password
+ SearchObject returns 0
+ #@TestPostamble None
+ #@TestResult Success if the 4 steps are PASS
+ -->
+ <function name="pwp_lockout_duration_002" scope="local">
+ <testcase name="getTestCaseName('PWP Short Lockout Duration')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Lockout Duration to 10s.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "lockout-duration:10s"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad', 'adminnormal']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Sleeping 8s.' % msg1 }
+ </call>
+
+ <call function="'Sleep'">
+ { 'sleepForMilliSeconds' : '8000' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : 'adminnormal' ,
+ 'dsAuthzID' : 'dn:uid=mward,%s' % basedn ,
+ 'dsNewPassword' : 'newnormal' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : 'newnormal' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Lockout Duration
+ #@TestName Testing Lockout Duration Long
+ #@TestIssue None
+ #@TestPurpose Testing Lockout Duration Long
+ #@TestPreamble None
+ #@TestStep Step 1. User Initial Bind returns 0
+ #@TestStep Step 2. User Lockout with Bad Password 3x
+ SearchObject returns 49 (3x with bad,
+ 1x with correct one)
+ Sleeping sleepForMilliSeconds 8000
+ #@TestStep Step 3. User Changing Password returns 49
+ #@TestStep Step 4. User Bind With New Password
+ SearchObject returns 49
+ #@TestPostamble None
+ #@TestResult Success if the 4 steps are PASS
+ -->
+ <function name="pwp_lockout_duration_003" scope="local">
+ <testcase name="getTestCaseName('PWP Long Lockout Duration')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Lockout Duration to 5d.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "lockout-duration:5d"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get get-seconds-until-password-reset-lockout.' % msg1 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-seconds-until-password-reset-lockout' ,
+ 'targetDn' : 'uid=scarter,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Seconds Until Password Reset Lockout:' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Initial Bind.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
+ 'dsInstancePswd' : 'strawberry' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad', 'strawberry']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Sleeping 8s.' % msg1 }
+ </call>
+
+ <call function="'Sleep'">
+ { 'sleepForMilliSeconds' : '8000' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
+ 'dsInstancePswd' : 'strawberry' ,
+ 'dsAuthzID' : 'dn:uid=bjablons,%s' % basedn ,
+ 'dsNewPassword' : 'newberry' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bjablons,%s' % basedn ,
+ 'dsInstancePswd' : 'newberry' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base',
+ 'expectedRC' : 49 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+
+ <!--- Test Case information
+ #@TestMarker Lockout Duration
+ #@TestName Reset Lockout Properties
+ #@TestIssue None
+ #@TestPurpose Verify that lockout properties can be reset
+ #@TestPreamble None
+ #@TestStep Step 1. Reset Lockout Duration to 0
+ #@TestStep Step 2. User Lockout with Bad Password 3x
+ #@TestStep Stpe 4. Sleeping sleepForMilliSeconds 8000
+ #@TestStep Step 5. User Changing Password returns 0
+ #@TestStep Step 6. User Bind With New Password
+ SearchObject returns 0
+ #@TestPostamble None
+ #@TestResult Success if the 4 steps are PASS
+ -->
+ <function name="pwp_lockout_duration_004" scope="local">
+ <testcase name="getTestCaseName('PWP Reset Lockout Duration Properties ')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Reset Lockout Duration.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--reset "lockout-duration"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Lockout With Bad Password 3x.' % msg1 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad', 'newnormal']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Admin Resetting User Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsAuthzID' : 'dn:uid=mward,%s' % basedn ,
+ 'dsNewPassword' : 'normal' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Bind With New Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=mward,%s' % basedn ,
+ 'dsInstancePswd' : 'normal' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <message>
+ '%s Postamble Step 5. Admin Resetting Lockout Count' % msg1
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Reset Lockout Failure Count.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--reset "lockout-failure-count"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_failure_count_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_failure_count_tests.xml
new file mode 100644
index 0000000..01a7146
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/lockout/pwp_lockout_failure_count_tests.xml
@@ -0,0 +1,438 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2006-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock AS
+ ! -->
+<stax>
+
+ <!--- Test Case information
+ #@TestMarker Lockout Failure Count
+ #@TestName Default Lockout Failure Count
+ #@TestIssue None
+ #@TestPurpose Verify that by default the lockout failure count is not active
+ #@TestPreamble None
+ #@TestStep Step 1. Get lockout-failure-count and value is 0
+ #@TestStep Step 2. Default Bind With Bad Pwd 3x RC 49
+ #@TestStep Step 3 User search with good password returns 0
+ #@TestStep Step 4. Get manage-account get-remaining-authentication-failure-count
+ #@TestPostamble None
+ #@TestResult Success if the 3 steps are PASS
+ -->
+ <function name="pwp_lockout_failure_count_001" scope="local">
+ <testcase name="getTestCaseName('PWP Default Lockout Failure Count')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Lockout Failure Count.' % msg2 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--property "lockout-failure-count"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions,
+ 'expectedString' : 'lockout-failure-count : 0'
+
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Compare Lockout Failure Count Attribute.' % msg2 }
+ </call>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'attrToBeCompared' : 'ds-cfg-lockout-failure-count:0',
+ 'entryToBeCompared' : basepwp }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Default Bind With Bad Pwd 3x.' % msg2 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
+ 'dsInstancePswd' : 'oranges',
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get manage-account get-remaining-authentication-failure-count.' % msg2 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-remaining-authentication-failure-count' ,
+ 'targetDn' : 'uid=bhall,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Remaining Authentication Failure Count' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Lockout Failure Count
+ #@TestName Set Lockout Failure Count
+ #@TestIssue None
+ #@TestPurpose Verify that lockout failure count can be activated
+ #@TestPreamble None
+ #@TestStep Setlockout-failure-count to 3
+ #@TestStep get-remaining-authentication-failure-count
+ #@TestPostamble None
+ #@TestResult Success if all tests are PASS
+ -->
+ <function name="pwp_lockout_failure_count_002" scope="local">
+ <testcase name="getTestCaseName('PWP Set Lockout Failure Count')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Lockout Failure Count.' % msg2 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "lockout-failure-count:3"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get manage-account get-remaining-authentication-failure-count.' % msg2 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-remaining-authentication-failure-count' ,
+ 'targetDn' : 'uid=bhall,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Remaining Authentication Failure Count: 3' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Lockout Failure Count
+ #@TestName Lockout With Bad Pwd 3x
+ #@TestIssue None
+ #@TestPurpose Lockout With Bad Pwd 3x
+ #@TestPreamble None
+ #@TestStep Lockout With Bad Pwd 3x SearchObject RC 49 3x
+ #@TestStep get-remaining-authentication-failure-count
+ #@TestPostamble None
+ #@TestResult Success if all tests are PASS
+ -->
+ <function name="pwp_lockout_failure_count_003" scope="local">
+ <testcase name="getTestCaseName('PWP Lockout With Bad Pwd 3x')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Lockout With Bad Pwd 3x.' % msg2 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad', 'oranges']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get manage-account get-remaining-authentication-failure-count.' % msg2 }
+ </call>
+
+ <call function="'manageAccountWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'subcommand' : 'get-remaining-authentication-failure-count' ,
+ 'targetDn' : 'uid=bhall,%s' % basedn }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'Remaining Authentication Failure Count: 0' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Lockout Failure Count
+ #@TestName Reset Lockout Failure Count Properties
+ #@TestIssue None
+ #@TestPurpose Reseting the Password policy and verify it
+ #@TestPreamble None
+ #@TestStep Step 1. Set lockout-failure-count to 0
+ #@TestStep Step 2. Check Bind With Previous User Lockout RC 0
+ #@TestStep Step 3. Check Bind With Bad Pwd 3x RC 49 3x
+ #@TestStep Step 4: User search with good password returns 0
+ #@TestPostamble None
+ #@TestResult Success if the 3 steps are PASS
+ -->
+ <function name="pwp_lockout_failure_count_004" scope="local">
+ <testcase name="getTestCaseName('PWP Reset Lockout Failure Count Properties')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Reset Lockout Failure Count.' % msg2 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--reset "lockout-failure-count"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Check Bind With Previous User Lockout.' % msg2 }
+ </call>
+
+ <!--- Check Locked Out User -->
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=bhall,%s' % basedn ,
+ 'dsInstancePswd' : 'oranges' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Check Bind With Bad Pwd 3x.' % msg2 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=gfarmer,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base',
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Check Bind With Valid Password.' % msg2 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=gfarmer,%s' % basedn ,
+ 'dsInstancePswd' : 'ruling',
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base'}
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age.xml
new file mode 100644
index 0000000..450ba71
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age.xml
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+ <defaultcall function="main_pwp_min_pwd_age"/>
+ <function name="main_pwp_min_pwd_age" scope="local">
+ <sequence>
+ <block name="'main_pwp_min_pwd_age'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'password_policy'
+ CurrentTestPath['suite'] = 'min_pwd_age'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'PWP Min Password Age'
+ </script>
+
+ <!--- Test Suite information
+ #@TestSuiteName Password policy min_pwd_age test suite
+ #@TestSuitePurpose Verify password policy min_pwd_age operations
+ #@TestSuiteID min_pwd_age
+ #@TestSuiteGroup password_policy
+ #@TestGroup password_policy
+ #@TestScript password_policy.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+ <call function="'testSuite_Preamble'"/>
+
+ <try>
+ <sequence>
+
+ <call function="'common_setup'">
+ {
+ 'quickStart' : False ,
+ 'startServer' : True ,
+ 'loadData' : True ,
+ 'ldifFile' : '%s/password_policy/pwp_startup.ldif' % remote.data ,
+ 'stopServer' : False ,
+ 'friendlyName' : _label
+ }
+ </call>
+
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('min_pwd_age/pwp_min_pwd_age_tests')
+ </script>
+
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
+
+ <!-- Specific to min_pwd_age password policy tests -->
+ <script>
+ basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
+ msg1 = 'Password Policy: Min Age:'
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('pwp_min_pwd_age_001')
+ testsList.append('pwp_min_pwd_age_002')
+ testsList.append('pwp_min_pwd_age_003')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+ <catch exception="'STAFException.TestSuite.SetupException'">
+ <sequence>
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
+ </message>
+ <rethrow/>
+ </sequence>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
+
+ </try>
+
+ </sequence>
+
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Password Policy Cleanup.'</message>
+ <try>
+ <call function="'common_cleanup'">
+ { 'friendlyName' :_label }
+ </call>
+ <catch exception="'STAFException'">
+ <sequence>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
+ </sequence>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </finally>
+
+ </try>
+ </block>
+ </sequence>
+ </function>
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age_tests.xml
new file mode 100644
index 0000000..70be4de
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/min_pwd_age/pwp_min_pwd_age_tests.xml
@@ -0,0 +1,323 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2006-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock AS
+ ! -->
+<stax>
+
+ <!--- Test Case information
+ #@TestMarker Minimum Password Age
+ #@TestName Default Minimum Password Age
+ #@TestIssue none
+ #@TestPurpose Checking Minimum Password Age
+ #@TestPreamble none
+ #@TestStep Checking existence of ds-cfg-min-password-age
+ #@TestPostamble none
+ #@TestResult Success if compareEntry returns 0.
+ -->
+ <function name="pwp_min_pwd_age_001" scope="local">
+ <testcase name="getTestCaseName('PWP Default Minimum Password Age')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Min Password Age.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--property "min-password-age"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions,
+ 'expectedString' : 'min-password-age : 0 s'
+
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Compare Min Password Age Attribute.' % msg1 }
+ </call>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'attrToBeCompared' : 'ds-cfg-min-password-age:0 seconds',
+ 'entryToBeCompared' : 'cn=Default Password Policy,cn=Password Policies,cn=config' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Minimum Password Age
+ #@TestName Minimum Password Age
+ #@TestIssue none
+ #@TestPurpose Test Minimum Password Age
+ #@TestPreamble none
+ #@TestStep Step 1. Admin Enabling Minimum Pwd Age
+ set min-password-age to 24 h
+ #@TestStep Step 2. User Changing Password
+ ldapPasswordModifyWithScript returns 53
+ #@TestStep Step 3. User Searching With Password
+ SearchObject returns 49
+ #@TestPostamble none
+ #@TestResult Success if the 3 steps are PASS
+ -->
+ <function name="pwp_min_pwd_age_002" scope="local">
+ <testcase name="getTestCaseName('PWP Minimum Password Age')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Lockout Duration to 24h.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "min-password-age:24h"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
+ 'dsInstancePswd' : 'gosling' ,
+ 'dsAuthzID' : 'dn:uid=dmiller,%s' % basedn ,
+ 'dsNewPassword' : 'newgosling' ,
+ 'expectedRC' : 53 }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
+ 'dsInstancePswd' : 'newgosling' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+
+ <!--- Test Case information
+ #@TestMarker Minimum Password Age
+ #@TestName Reset Minimum Password Age Properties
+ #@TestIssue none
+ #@TestPurpose Reseting the password Policy
+ #@TestPreamble none
+ #@TestStep Step 1. Admin Disabling Minimum Pwd Age
+ set min-password-age to 0 s
+ #@TestStep Step 2. User Changing Password RC 0
+ #@TestStep Step 3. User Searching With Password RC 0
+ #@TestStep Step 4. User Changing Password RC 0
+ #@TestStep Step 5. User Searching With Password RC 0
+ #@TestPostamble none
+ #@TestResult Success if returns 0.
+ -->
+ <function name="pwp_min_pwd_age_003" scope="local">
+ <testcase name="getTestCaseName('PWP Reset Minimum Password Age Properties')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Admin Disabling Minimum Pwd Age.' % msg1 }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Reset Lockout Duration.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--reset "min-password-age"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
+ 'dsInstancePswd' : 'gosling' ,
+ 'dsAuthzID' : 'dn:uid=dmiller,%s' % basedn ,
+ 'dsNewPassword' : 'newgosling' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
+ 'dsInstancePswd' : 'newgosling' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Changing Password.' % msg1 }
+ </call>
+
+ <call function="'ldapPasswordModifyWithScript'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
+ 'dsInstancePswd' : 'newgosling' ,
+ 'dsAuthzID' : 'dn:uid=dmiller,%s' % basedn ,
+ 'dsNewPassword' : 'gosling' }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s User Searching With Password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=dmiller,%s' % basedn ,
+ 'dsInstancePswd' : 'gosling' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default.xml
new file mode 100644
index 0000000..61131c3
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+ <defaultcall function="main_pwp_non_default"/>
+ <function name="main_pwp_non_default" scope="local">
+ <sequence>
+ <block name="'main_pwp_non_default'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'password_policy'
+ CurrentTestPath['suite'] = 'non_default'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'PWP Non Default Polices'
+ </script>
+
+ <!--- Test Suite information
+ #@TestSuiteName Password policy non_default test suite
+ #@TestSuitePurpose Verify password policy non_default operations
+ #@TestSuiteID non_default
+ #@TestSuiteGroup password_policy
+ #@TestGroup password_policy
+ #@TestScript password_policy.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+ <call function="'testSuite_Preamble'"/>
+
+ <try>
+ <sequence>
+
+ <call function="'common_setup'">
+ {
+ 'quickStart' : False ,
+ 'startServer' : True ,
+ 'loadData' : True ,
+ 'ldifFile' : '%s/password_policy/pwp_startup.ldif' % remote.data ,
+ 'stopServer' : False ,
+ 'friendlyName' : _label
+ }
+ </call>
+
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('non_default/pwp_non_default_tests')
+ </script>
+
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
+
+ <!-- Specific to non_default password policy tests -->
+ <script>
+ basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
+ msg1 = 'Password Policy: Non Default:'
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('pwp_non_default_001')
+ testsList.append('pwp_non_default_002')
+ testsList.append('pwp_non_default_003')
+ testsList.append('pwp_non_default_004')
+ testsList.append('pwp_non_default_005')
+ testsList.append('pwp_non_default_006')
+ testsList.append('pwp_non_default_007')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+ <catch exception="'STAFException.TestSuite.SetupException'">
+ <sequence>
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
+ </message>
+ <rethrow/>
+ </sequence>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
+
+ </try>
+
+ </sequence>
+
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Password Policy Cleanup.'</message>
+ <try>
+ <call function="'common_cleanup'">
+ { 'friendlyName' :_label }
+ </call>
+ <catch exception="'STAFException'">
+ <sequence>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
+ </sequence>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </finally>
+
+ </try>
+ </block>
+ </sequence>
+ </function>
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default_tests.xml
new file mode 100644
index 0000000..872a18a
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/non_default/pwp_non_default_tests.xml
@@ -0,0 +1,479 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2006-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Create New Password Policy
+ #@TestIssue None
+ #@TestPurpose Create a Non Default Password Policy
+ #@TestPreamble None
+ #@TestStep Create a new Password Policy called Sales
+ #@TestStep Set default-password-storage-schemeSalted SHA-1
+ #@TestPostamble None
+ #@TestResult Success if dsconfig returns 0
+ -->
+ <function name="pwp_non_default_001" scope="local">
+ <testcase name="getTestCaseName('PWP Create New Password Policy')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Add Sales Password Policy.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Sales Password Policy"')
+ options.append('--type "password-policy"')
+ options.append('--set "default-password-storage-scheme:Salted SHA-1"')
+ options.append('--set "password-attribute:userPassword"')
+
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'create-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Adding New Entry With Sales Password Policy
+ #@TestIssue None
+ #@TestPurpose Adding New Entry With Sales Password Policy
+ #@TestPreamble None
+ #@TestStep addEntry add_sales_person.ldif
+ SearchObject with uid=sguy returns 0
+ SearchObject with uid=sgal eturns 0
+ #@TestPostamble None
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_non_default_002" scope="local">
+ <testcase name="getTestCaseName('PWP Add New Entry Using Sales Password Policy')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Add New Entry Using Sales Password Policy.' % msg1 }
+ </call>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/password_policy/add_sales_person.ldif' \
+ % remote.data }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=sguy,%s' % basedn ,
+ 'dsInstancePswd' : 'superguy' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=sgal,%s' % basedn ,
+ 'dsInstancePswd' : 'supergal' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Modify Sales Password Policy
+ #@TestIssue None
+ #@TestPurpose Admin Changing Sales Lockout Count
+ #@TestPreamble None
+ #@TestStep Set lockout-failure-count to 3
+ #@TestPostamble None
+ #@TestResult Success if dsconfig returns 0
+ -->
+ <function name="pwp_non_default_003" scope="local">
+ <testcase name="getTestCaseName('PWP Modify Sales Password Policy')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Lockout Failure Count to 3.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Sales Password Policy"')
+ options.append('--set "lockout-failure-count:3"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Test Sales Password Policy
+ #@TestIssue None
+ #@TestPurpose Test Sales Password Policy
+ #@TestPreamble None
+ #@TestStep Testing Sales Password Policy with Lockout Count
+ search with bad pwd 3x good pwd 1x
+ SearchObject returns 49 4x
+ #@TestPostamble None
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_non_default_004" scope="local">
+ <testcase name="getTestCaseName('PWP Test Sales Password Policy')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Test New Sales Password Policy Lockout Count.' % msg1 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad', 'superguy']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=sguy,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Testing Default Password Policy with Lockout Count
+ #@TestIssue None
+ #@TestPurpose Testing Default Password Policy with Lockout Count
+ #@TestPreamble None
+ #@TestStep Testing Default Password Policy with Lockout Count
+ search with bad pwd 3x good pwd 1x
+ SearchObject returns 49 3x
+ SearchObject returns 0 1x
+ #@TestPostamble None
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_non_default_005" scope="local">
+ <testcase name="getTestCaseName('PWP Test Default Password Policy')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Testing Default Password Policy with Lockout Count.' % msg1 }
+ </call>
+
+ <script>
+ search_pwds = ['bad', 'bad', 'bad']
+ </script>
+
+ <iterate var="pwds" in="search_pwds" indexvar="index">
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=tclow,%s' % basedn ,
+ 'dsInstancePswd' : '%s' % pwds ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+ </iterate>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=tclow,%s' % basedn ,
+ 'dsInstancePswd' : 'cardreader' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Delete Sales Password Policy
+ #@TestIssue None
+ #@TestPurpose Admin Deleting Sales Lockout Count
+ #@TestPreamble None
+ #@TestStep Admin Deleting Sales Lockout Count
+ dsconfig delete Sales Password Policy
+ #@TestPostamble None
+ #@TestResult Success if dsconfig returns 0
+ -->
+ <function name="pwp_non_default_006" scope="local">
+ <testcase name="getTestCaseName('PWP Delete Sales Password Policy')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Admin Deleting Sales Lockout Count' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Sales Password Policy"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Non Default Password Policy
+ #@TestName Test Sales Password Policy after Remove
+ #@TestIssue None
+ #@TestPurpose Test Sales Password Policy after Remove
+ #@TestPreamble None
+ #@TestStep Testing Sales Password Policy after removing it
+ #@TestPostamble None
+ #@TestResult Success if SearchObject returns 80 (Other)
+ -->
+ <function name="pwp_non_default_007" scope="local">
+ <testcase name="getTestCaseName('PWP Test Sales Password Policy after Remove')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Test Sales Password Policy after Remove.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=sgal,%s' % basedn ,
+ 'dsInstancePswd' : 'supergal' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 80 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml
index 7fbb6e2..e7bfdae 100644
--- a/opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/password_policy.xml
@@ -51,9 +51,16 @@
<script>
suiteList = []
- suiteList.append('max_pwd_age')
- suiteList.append('force_pwd_change')
- suiteList.append('grace_login')
+ #suiteList.append('max_pwd_age')
+ #suiteList.append('force_pwd_change')
+ #suiteList.append('grace_login')
+ #suiteList.append('last_login')
+ #suiteList.append('lockout')
+ #suiteList.append('min_pwd_age')
+ #suiteList.append('non_default')
+ #suiteList.append('preencoded_pwds')
+ #suiteList.append('allow_user_password_changes')
+ suiteList.append('root_policy')
</script>
<!-- Run the test suites -->
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds.xml
new file mode 100644
index 0000000..7cf3264
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds.xml
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+ <defaultcall function="main_pwp_preencoded_pwds"/>
+ <function name="main_pwp_preencoded_pwds" scope="local">
+ <sequence>
+ <block name="'main_pwp_preencoded_pwds'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'password_policy'
+ CurrentTestPath['suite'] = 'preencoded_pwds'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'PWP Pre-encoded Passwords'
+ </script>
+
+ <!--- Test Suite information
+ #@TestSuiteName Password policy preencoded_pwds test suite
+ #@TestSuitePurpose Verify password policy preencoded_pwds operations
+ #@TestSuiteID preencoded_pwds
+ #@TestSuiteGroup password_policy
+ #@TestGroup password_policy
+ #@TestScript password_policy.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+ <call function="'testSuite_Preamble'"/>
+
+ <try>
+ <sequence>
+
+ <call function="'common_setup'">
+ {
+ 'quickStart' : False ,
+ 'startServer' : True ,
+ 'loadData' : True ,
+ 'ldifFile' : '%s/password_policy/pwp_startup.ldif' % remote.data ,
+ 'stopServer' : False ,
+ 'friendlyName' : _label
+ }
+ </call>
+
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('preencoded_pwds/pwp_preencoded_pwds_tests')
+ </script>
+
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
+
+ <!-- Specific to preencoded_pwds password policy tests -->
+ <script>
+ basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
+ basepwp = 'cn=Default Password Policy,cn=Password Policies,cn=config'
+ msg1 = 'Password Policy: Pre-encoded Passwords:'
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('pwp_preemcoded_pwds_001')
+ testsList.append('pwp_preemcoded_pwds_002')
+ testsList.append('pwp_preemcoded_pwds_003')
+ testsList.append('pwp_preemcoded_pwds_004')
+ testsList.append('pwp_preemcoded_pwds_005')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+ <catch exception="'STAFException.TestSuite.SetupException'">
+ <sequence>
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
+ </message>
+ <rethrow/>
+ </sequence>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
+
+ </try>
+
+ </sequence>
+
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Password Policy Cleanup.'</message>
+ <try>
+ <call function="'common_cleanup'">
+ { 'friendlyName' :_label }
+ </call>
+ <catch exception="'STAFException'">
+ <sequence>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
+ </sequence>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </finally>
+
+ </try>
+ </block>
+ </sequence>
+ </function>
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds_tests.xml
new file mode 100644
index 0000000..81c8980
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/preencoded_pwds/pwp_preencoded_pwds_tests.xml
@@ -0,0 +1,368 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2006-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+
+ <!--- Test Case information
+ #@TestMarker Preencoded Passwords
+ #@TestName Get Preencoded Password
+ #@TestIssue none
+ #@TestPurpose Get Preencoded Password
+ #@TestPreamble none
+ #@TestStep Check for existence of
+ ds-cfg-allow-pre-encoded-passwords
+ and value is set to false
+ #@TestPostamble none
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_preemcoded_pwds_001" scope="local">
+ <testcase name="getTestCaseName('PWP Get Preencoded Password')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Allow Pre-encoded Password Property.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--property "allow-pre-encoded-passwords"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions,
+ 'expectedString' : 'allow-pre-encoded-passwords : false'
+
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Allow Pre-encoded Password Attribute.' % msg1 }
+ </call>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'attrToBeCompared' : 'ds-cfg-allow-pre-encoded-passwords:false',
+ 'entryToBeCompared': basepwp }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Preencoded Passwords
+ #@TestName Add Entry With Pre-encoded Password
+ #@TestIssue none
+ #@TestPurpose Adding New Entry With a Pre-encoded Password
+ #@TestPreamble none
+ #@TestStep addEntry add_entry_preencoded_pwd.ldif RC 19
+ SearchObject returns 49
+ #@TestPostamble none
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_preemcoded_pwds_002" scope="local">
+ <testcase name="getTestCaseName('PWP Default - Add New Entry')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Adding New Entry With a Pre-encoded Password.' % msg1 }
+ </call>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/password_policy/add_entry_preencoded_pwd.ldif' \
+ % remote.data ,
+ 'expectedRC' : 19 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=pguy,%s' % basedn ,
+ 'dsInstancePswd' : 'superguy' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Preencoded Passwords
+ #@TestName Enable Pre-encoded Passwords in pwd policy
+ #@TestIssue none
+ #@TestPurpose Admin Enabling Preencoded Passwords
+ #@TestPreamble none
+ #@TestStep set allow-pre-encoded-passwords to true
+ #@TestPostamble none
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_preemcoded_pwds_003" scope="local">
+ <testcase name="getTestCaseName('PWP Enable Preencoded Passwords')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Allow Pre-encoded Password to true.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--set "allow-pre-encoded-passwords:true"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Preencoded Passwords
+ #@TestName Test Enabled Pre-encoded Passwords
+ #@TestIssue none
+ #@TestPurpose Test Enabled Pre-encoded Passwords
+ #@TestPreamble none
+ #@TestStep addEntry add_entry_preencoded_pwd.ldif RC 0
+ SearchObject returns 0
+ #@TestPostamble none
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_preemcoded_pwds_004" scope="local">
+ <testcase name="getTestCaseName('PWP Enabled - Add New Entry')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Add New Entry With Pre-encoded Password.' % msg1 }
+ </call>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/password_policy/add_entry_preencoded_pwd.ldif' \
+ % remote.data }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=pguy,%s' % basedn ,
+ 'dsInstancePswd' : 'superguy' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Preencoded Passwords
+ #@TestName Reset Pre-encoded Passwords
+ #@TestIssue none
+ #@TestPurpose Admin Reset Pre-encoded Passwords
+ #@TestPreamble none
+ #@TestStep Disable Pre-encoded Passwords 0
+ SearchObject returns 49
+ #@TestPostamble none
+ #@TestResult Success if the test is PASS
+ -->
+ <function name="pwp_preemcoded_pwds_005" scope="local">
+ <testcase name="getTestCaseName('PWP Disable Preencoded Passwords')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Reset Allow Pre-encoded Password.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Default Password Policy"')
+ options.append('--reset "allow-pre-encoded-passwords"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=pgal,%s' % basedn ,
+ 'dsInstancePswd' : 'supergal' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 49 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_auth_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_auth_tests.xml
new file mode 100644
index 0000000..41da3d2
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_auth_tests.xml
@@ -0,0 +1,674 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2008-2009 Sun Microsystems, Inc.
+ ! Portions copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - Preamble
+ #@TestIssue None
+ #@TestPurpose Configure for Root Auth tests
+ #@TestPreamble None
+ #@TestStep Admin change pwd storage to CLEAR
+ #@TestStep Admin add new root user.
+ #@TestStep Admin change Exact Match identity mapper match attribute.
+ #@TestStep Admin change Exact Match identity mapper match base dn.
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0,for all steps.
+ -->
+ <function name="pwp_root_auth_001" scope="local">
+ <testcase name="getTestCaseName('PWP Preamble')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Default Password Storage Scheme to Clear.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Root Password Policy"')
+ options.append('--set "default-password-storage-scheme:Clear"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <message>
+ 'Security: Pwd Policy Root: Root Auth, Preamble Step 2 - Admin adding new root user'
+ </message>
+
+ <call function="'addEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'entryToBeAdded' : '%s/password_policy/add_new_root_user.ldif' % remote.data }
+ </call>
+
+ <message>
+ 'Security: Pwd Policy Root: Root Auth, Preamble Step 3 - Admin changing authid attribute to givenName'
+ </message>
+
+ <call function="'modifyIdentityMapper'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'mapperName' : 'Exact Match' ,
+ 'attributeName' : 'match-attribute' ,
+ 'attributeValue' : 'givenName' }
+ </call>
+
+ <message>
+ 'Security: Pwd Policy Root: Root Auth, Preamble Step 4 - Admin changing authid dn to root users'
+ </message>
+
+ <call function="'modifyIdentityMapper'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'mapperName' : 'Exact Match' ,
+ 'attributeName' : 'match-base-dn' ,
+ 'attributeValue' : 'cn=Root DNs,cn=config' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) DIGEST-MD5 Bind
+ #@TestIssue None
+ #@TestPurpose DIGEST-MD5 Bind
+ #@TestPreamble None
+ #@TestStep New root user binds using DIGEST-MD5
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_002" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (dn:) DIGEST-MD5 Bind')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (dn:) DIGEST-MD5 Binding.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) DIGEST-MD5 Bind, short form
+ #@TestIssue None
+ #@TestPurpose DIGEST-MD5 Bind, short form
+ #@TestPreamble None
+ #@TestStep New root user binds using DIGEST-MD5, short form
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_003" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (dn:) DIGEST-MD5 Bind, short form')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (dn:) DIGEST-MD5 Binding, short form.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:cn=Zroot" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) DIGEST-MD5 Bind, u: form
+ #@TestIssue None
+ #@TestPurpose DIGEST-MD5 Bind, u: form
+ #@TestPreamble None
+ #@TestStep New root user binds using DIGEST-MD5, u: form
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_004" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (u:) DIGEST-MD5 Bind')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (u:) DIGEST-MD5 Binding.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=u:Zroot" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) CRAM-MD5 Bind
+ #@TestIssue None
+ #@TestPurpose CRAM-MD5 Bind
+ #@TestPreamble None
+ #@TestStep New root user binds using CRAM-MD5
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_005" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (dn:) CRAM-MD5 Bind')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (dn:) CRAM-MD5 Binding.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=CRAM-MD5 -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) CRAM-MD5 Bind, short form
+ #@TestIssue None
+ #@TestPurpose CRAM-MD5 Bind, short form
+ #@TestPreamble None
+ #@TestStep New root user binds using CRAM-MD5, short form
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_006" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (dn:) CRAM-MD5 Bind, short form')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (dn:) CRAM-MD5 Binding, short form.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=CRAM-MD5 -o "authid=dn:cn=Zroot" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) CRAM-MD5 Bind, u: form
+ #@TestIssue None
+ #@TestPurpose CRAM-MD5 Bind, u: form
+ #@TestPreamble None
+ #@TestStep New root user binds using CRAM-MD5, u: form
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_007" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (u:) CRAM-MD5 Bind')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (u:) CRAM-MD5 Binding.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=CRAM-MD5 -o "authid=u:Zroot" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) PLAIN Bind
+ #@TestIssue None
+ #@TestPurpose PLAIN Bind
+ #@TestPreamble None
+ #@TestStep New root user binds using PLAIN
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_008" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (dn:) PLAIN Bind')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (dn:) PLAIN Binding.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=PLAIN -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) PLAIN Bind, short form
+ #@TestIssue None
+ #@TestPurpose PLAIN Bind, short form
+ #@TestPreamble None
+ #@TestStep New root user binds using PLAIN, short form
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_009" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (dn:) PLAIN Bind, short form')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (dn:) PLAIN Binding, short form.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=PLAIN -o "authid=dn:cn=Zroot" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - New Root User (dn:) PLAIN Bind, u: form
+ #@TestIssue None
+ #@TestPurpose PLAIN Bind, u: form
+ #@TestPreamble None
+ #@TestStep New root user binds using PLAIN, u: form
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <function name="pwp_root_auth_010" scope="local">
+ <testcase name="getTestCaseName('PWP New Root User (u:) PLAIN Bind')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Root User (u:) PLAIN Binding.' % msg1 }
+ </call>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=PLAIN -o "authid=u:Zroot" -w froglegs' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root Authentication Tests
+ #@TestName Root Auth - Postamble
+ #@TestIssue None
+ #@TestPurpose Reset configuration.
+ #@TestPreamble None
+ #@TestStep Admin change password storage scheme to SSHA.
+ #@TestPostamble None
+ #@TestResult Success if OpenDS returns 0
+ for all ldap operations.
+-->
+ <function name="pwp_root_auth_011" scope="local">
+ <testcase name="getTestCaseName('PWP Postamble')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Set Default Password Storage Scheme to Salted SHA-512.' % msg1 }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "Root Password Policy"')
+ options.append('--set "default-password-storage-scheme:Salted SHA-512"')
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceAdminPort' : DIRECTORY_INSTANCE_ADMIN_PORT,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'subcommand' : 'set-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_policy.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_policy.xml
new file mode 100644
index 0000000..5a4f89f
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_policy.xml
@@ -0,0 +1,154 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+ <defaultcall function="main_pwp_root_policy"/>
+ <function name="main_pwp_root_policy" scope="local">
+ <sequence>
+ <block name="'main_pwp_root_policy'">
+ <try>
+ <sequence>
+ <script>
+ CurrentTestPath['group'] = 'password_policy'
+ CurrentTestPath['suite'] = 'root_policy'
+
+ _group=CurrentTestPath['group']
+ _groupdir='%s/testcases/%s' % (TESTS_DIR,_group)
+ _label = 'PWP Root Policy'
+ </script>
+
+ <!--- Test Suite information
+ #@TestSuiteName Password policy root_policy test suite
+ #@TestSuitePurpose Verify password policy root_policy operations
+ #@TestSuiteID root_policy
+ #@TestSuiteGroup password_policy
+ #@TestGroup password_policy
+ #@TestScript password_policy.xml
+ #@TestHTMLLink http://www.forgerock.org/
+ -->
+ <call function="'testSuite_Preamble'"/>
+
+ <try>
+ <sequence>
+
+ <call function="'common_setup'">
+ {
+ 'quickStart' : True ,
+ 'startServer' : True ,
+ 'stopServer' : False ,
+ 'friendlyName' : _label
+ }
+ </call>
+
+ <!-- List of Import of Test Functions -->
+ <script>
+ importList=[]
+ importList.append('root_policy/pwp_root_auth_tests')
+ importList.append('root_policy/pwp_root_user_tests')
+ </script>
+
+ <!-- Import the files for this test suite -->
+ <iterate var="_import" in="importList">
+ <import machine="STAF_LOCAL_HOSTNAME"
+ file="'%s/%s.xml' % (_groupdir,_import)"/>
+ </iterate>
+
+ <!-- Specific to root_policy password policy tests -->
+ <script>
+ basedn = 'ou=people,ou=password tests,o=Pwd Policy Tests,dc=example,dc=com'
+ msg1 = 'Password Policy: Root Policy:'
+ </script>
+
+ <!-- List of Test Cases -->
+ <script>
+ testsList=[]
+ testsList.append('pwp_root_auth_001')
+ testsList.append('pwp_root_auth_002')
+ testsList.append('pwp_root_auth_003')
+ testsList.append('pwp_root_auth_004')
+ testsList.append('pwp_root_auth_005')
+ testsList.append('pwp_root_auth_006')
+ testsList.append('pwp_root_auth_007')
+ testsList.append('pwp_root_auth_008')
+ testsList.append('pwp_root_auth_009')
+ testsList.append('pwp_root_auth_010')
+ testsList.append('pwp_root_auth_011')
+ testsList.append('pwp_root_user_001')
+ testsList.append('pwp_root_user_002')
+ testsList.append('pwp_root_user_003')
+ </script>
+
+ <!-- Execute the Tests -->
+ <iterate var="__test" in="testsList">
+ <sequence>
+ <call function="'%s' % (__test)" />
+ </sequence>
+ </iterate>
+
+ </sequence>
+ <catch exception="'STAFException.TestSuite.SetupException'">
+ <sequence>
+ <message log="1" level="'fatal'">
+ 'Setup of test suite failed.'
+ </message>
+ <rethrow/>
+ </sequence>
+ </catch>
+
+ <finally>
+ <message>'Test Cases Completed.'</message>
+ </finally>
+
+ </try>
+
+ </sequence>
+
+ <finally>
+ <sequence>
+ <!-- Test Suite Cleanup -->
+ <message>'Finally: Password Policy Cleanup.'</message>
+ <try>
+ <call function="'common_cleanup'">
+ { 'friendlyName' :_label }
+ </call>
+ <catch exception="'STAFException'">
+ <sequence>
+ <message log="1" level="'fatal'">'Cleanup of test suite failed.'</message>
+ </sequence>
+ </catch>
+ <finally>
+ <call function="'testSuite_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </finally>
+
+ </try>
+ </block>
+ </sequence>
+ </function>
+</stax>
diff --git a/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_user_tests.xml b/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_user_tests.xml
new file mode 100644
index 0000000..7d8c84a
--- /dev/null
+++ b/opends/tests/staf-tests/functional-tests/testcases/password_policy/root_policy/pwp_root_user_tests.xml
@@ -0,0 +1,214 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE stax SYSTEM "../../../../shared/stax.dtd">
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ ! Copyright 2008-2009 Sun Microsystems, Inc.
+ ! Portions copyright 2012 ForgeRock AS.
+ ! -->
+<stax>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root User Tests
+ #@TestName None
+ #@TestIssue None
+ #@TestPurpose None
+ #@TestPreamble None
+ #@TestStep None
+ #@TestPostamble None
+ #@TestResult None
+ -->
+ <function name="pwp_root_user_001" scope="local">
+ <testcase name="getTestCaseName('PWP Default Pwd Scheme')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Get Default Password Storage Scheme Property.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'cn=Root Password Policy,cn=Password Policies,cn=config' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'ds-cfg-default-password-storage-scheme' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'cn=Salted SHA-512' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root User Tests
+ #@TestName None
+ #@TestIssue None
+ #@TestPurpose None
+ #@TestPreamble None
+ #@TestStep None
+ #@TestPostamble None
+ #@TestResult None
+ -->
+ <function name="pwp_root_user_002" scope="local">
+ <testcase name="getTestCaseName('PWP No Default Pwd Generator')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Checking for ds-cfg-password-generator.' % msg1 }
+ </call>
+
+ <call function="'compareEntry'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'attrToBeCompared' : 'ds-cfg-password-generator:cn=anything',
+ 'entryToBeCompared' : 'cn=Root Password Policy,cn=Password Policies,cn=config',
+ 'expectedRC' : 16 }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Root User Tests
+ #@TestName None
+ #@TestIssue None
+ #@TestPurpose None
+ #@TestPreamble None
+ #@TestStep None
+ #@TestPostamble None
+ #@TestResult None
+ -->
+ <function name="pwp_root_user_003" scope="local">
+ <testcase name="getTestCaseName('PWP Default Pwd Change Setting')">
+ <sequence>
+ <try>
+ <sequence>
+
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : '%s Checking default value ds-cfg-password-change-requires-current-password.' % msg1 }
+ </call>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'dsBaseDN' : 'cn=Root Password Policy,cn=Password Policies,cn=config' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'ds-cfg-password-change-requires-current-password' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchString'">
+ { 'returnString' : returnString ,
+ 'expectedString' : 'true' }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <sequence>
+ <call function="'testCase_Postamble'"/>
+ </sequence>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+</stax>
diff --git a/opends/tests/staf-tests/shared/functions/ldap.xml b/opends/tests/staf-tests/shared/functions/ldap.xml
index 2c1ebc6..0be0f76 100755
--- a/opends/tests/staf-tests/shared/functions/ldap.xml
+++ b/opends/tests/staf-tests/shared/functions/ldap.xml
@@ -24,7 +24,7 @@
! CDDL HEADER END
!
! Copyright 2007-2010 Sun Microsystems, Inc.
- ! Portions Copyright 2011 ForgeRock AS.
+ ! Portions Copyright 2012 ForgeRock AS.
! -->
<stax>
<function name="addEntry">
@@ -1387,7 +1387,7 @@
</sequence>
</function>
-
+<!-- TO BE DEPRECATED -->
<function name="AnonSearchObject">
<function-prolog>
This function searches the Directory Server anonymously with optional arguments possible
@@ -1449,10 +1449,15 @@
</function-arg-def>
</function-map-args>
<sequence>
+ <script>
+ if dsPath:
+ dsBinPath='%s/%s' % (dsPath,fileFolder)
+ STAFCmd='%s/ldapsearch%s' % (dsBinPath,fileExt)
+ </script>
<call function="'runCommand'" >
{ 'name' : 'Anonymous Search Base Object',
'location' : location,
- 'command' : '%s/ldapsearch%s' % (dsBinPath,fileExt),
+ 'command' : STAFCmd,
'arguments' : '-h %s -p %s %s -b "%s" "%s"' % (dsInstanceHost,dsInstancePort,extraParams,dsBaseDN,dsFilter),
'expectedRC': expectedRC,
'knownIssue': knownIssue
--
Gitblit v1.10.0