'Not implemented.' 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Enable AD backend on local server.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname(), 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'subcommand' : 'set-backend-prop', 'optionsString' : dsconfigOptions } { 'stepMessage' : 'Configure LDAP PTA Policy as unmapped.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-bind.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy for mapped-search.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Not implemented.' 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind-password-file.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Not implemented.' 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } { 'userNamePswd' : userDNsAndPswds } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policy using mapped-search-bind credentials over ssl.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } { 'userNamePswd' : userDNsAndPswds } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'stepMessage' : 'Configure LDAP PTA Policies using mapped-search-bind.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname(), 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'subcommand' : 'set-backend-prop', 'optionsString' : dsconfigOptions } { 'stepMessage' : 'Configure LDAP PTA Policy to use password caching.' } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } { 'stepMessage' : 'Change password on remote servers.' } 'Server is local: do nothing' 'remote-ldap-server %s:%s' \ % (server.getHostname(),server.getPort()) { 'location' : server.getHostname(), 'dsPath' : '%s/%s' \ % (server.getDir(),OPENDSNAME), 'dsInstanceHost' : server.getHostname() , 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : server.getRootDn(), 'dsInstancePswd' : server.getRootPwd(), 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'replace' } { 'stepMessage' : 'User logs in with old password - should succeed.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*' } { 'stepMessage' : 'User logs in with new password - should succeed and password cache/date refreshed.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : 'secret12' , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*', 'dsAttributes' : '* +' } { 'stepMessage' : 'User logs in with old password - should fail.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*', 'dsAttributes' : '* +', 'expectedRC' : 49 } { 'stepMessage' : 'Change back this users password.' } 'Server is local: do nothing' 'remote-ldap-server %s:%s' \ % (server.getHostname(),server.getPort()) { 'location' : server.getHostname(), 'dsPath' : '%s/%s' \ % (server.getDir(),OPENDSNAME), 'dsInstanceHost' : server.getHostname() , 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : server.getRootDn(), 'dsInstancePswd' : server.getRootPwd(), 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'replace' } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } 'Test Name = %s' % STAXCurrentTestcase { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname(), 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'subcommand' : 'set-backend-prop', 'optionsString' : dsconfigOptions } { 'stepMessage' : 'Configure LDAP PTA Policy to use password caching with short ttl (%ss).' % ttl } { 'userNamePswd' : userDNsAndPswds , 'dsconfigAuthPolicy' : options } { 'stepMessage' : 'Change password on remote servers.' } 'Server is local: do nothing' 'remote-ldap-server %s:%s' \ % (server.getHostname(),server.getPort()) { 'location' : server.getHostname(), 'dsPath' : '%s/%s' \ % (server.getDir(),OPENDSNAME), 'dsInstanceHost' : server.getHostname() , 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : server.getRootDn(), 'dsInstancePswd' : server.getRootPwd(), 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'replace' } { 'stepMessage' : 'User logs in with old password - should succeed.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*' , 'dsAttributes' : '* +' } { 'stepMessage' : 'Waiting %ss for password ttl to expire.' % ttl } { 'sleepForMilliSeconds' : ttl*1000 } { 'stepMessage' : 'User logs in with old password after ttl - should now fail.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*' , 'expectedRC' : 49 } { 'stepMessage' : 'User logs in with new password - should succeed and password cache/date refreshed.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : 'secret12' , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*', 'dsAttributes' : '* +' } { 'stepMessage' : 'User logs in with old password - should fail.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*', 'dsAttributes' : '* +', 'expectedRC' : 49 } { 'stepMessage' : 'Change back this users password.' } 'Server is local: do nothing' 'remote-ldap-server %s:%s' \ % (server.getHostname(),server.getPort()) { 'location' : server.getHostname(), 'dsPath' : '%s/%s' \ % (server.getDir(),OPENDSNAME), 'dsInstanceHost' : server.getHostname() , 'dsInstancePort' : server.getPort(), 'dsInstanceDn' : server.getRootDn(), 'dsInstancePswd' : server.getRootPwd(), 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'replace' } '%s: Test failed. eInfo(%s)' % (eType,eInfo) { 'userNamePswd' : userDNsAndPswds } Dictionary of user names (dn) and passwords. Authentication policy in form of a dsconfig options { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname(), 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'subcommand' : 'create-password-policy', 'optionsString' : dsconfigOptions } { 'stepMessage' : 'Read back the "authentication policy" object.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname(), 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'subcommand' : 'get-password-policy-prop', 'optionsString' : dsconfigOptions } { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entries.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'add' } { 'stepMessage' : 'Search users entries as Directory Manager for ds-pwp-password-policy-dn.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'dsBaseDN' : remotePTAuserName , 'dsScope' : 'base' , 'dsFilter' : 'objectclass=*' , 'dsAttributes' : 'ds-pwp-password-policy-dn' } { 'stepMessage' : 'First search users entries as self.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsScope' : 'base' , 'dsFilter' : 'objectclass=*' } { 'stepMessage' : 'Get all the users operational attributes.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : local_ldap_server.getRootDn(), 'dsInstancePswd' : local_ldap_server.getRootPwd(), 'dsBaseDN' : remotePTAuserName , 'dsScope' : 'base' , 'dsFilter' : 'objectclass=*' , 'dsAttributes' : '+' } { 'stepMessage' : 'Modify the users entries.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'replace' } Dictionary of user names (dn) and passwords. { 'stepMessage' : 'Stop the primary remote ldap server.' } [[primary_remote_ldap_server]] { 'stepMessage' : 'Second search users entries as self.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*' } { 'stepMessage' : 'Modify the users entries.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0], 'DNToModify' : remotePTAuserName , 'listAttributes' : ldapObject , 'changetype' : 'replace' } { 'stepMessage' : 'Restart the primary remote ldap server.' } [[primary_remote_ldap_server]] { 'stepMessage' : 'Wait for monitor heartbeat to primary remote ldap server.' } { 'sleepForMilliSeconds' : '5000' } { 'stepMessage' : 'Third search users entries as self.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*' } { 'stepMessage' : 'Stop the secondary remote ldap server.' } [[secondary_remote_ldap_server]] { 'stepMessage' : 'Fourth search users entries as self.' } { 'location' : local_ldap_server.getHostname(), 'dsPath' : '%s/%s' \ % (local_ldap_server.getDir(),OPENDSNAME), 'dsInstanceHost' : local_ldap_server.getHostname() , 'dsInstancePort' : local_ldap_server.getPort(), 'dsInstanceDn' : remotePTAuserName, 'dsInstancePswd' : userNamePswd[remotePTAuserName][0] , 'dsBaseDN' : remotePTAuserName , 'dsFilter' : 'objectclass=*' } { 'stepMessage' : 'Start the secondary remote ldap server.' } [[secondary_remote_ldap_server]]