Skip to content

Commit

Permalink
tests: removing ppolicy because its an invalid configuration value
Browse files Browse the repository at this point in the history
running the tests, contains an error

Attribute 'ldap_use_ppolicy' is not allowed in section 'domain/test'
  • Loading branch information
Dan Lavu committed Mar 27, 2024
1 parent 0d5e8f1 commit 180ffe4
Showing 1 changed file with 7 additions and 14 deletions.
21 changes: 7 additions & 14 deletions src/tests/system/tests/test_ldap.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from __future__ import annotations

import pytest

from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopology
Expand All @@ -16,14 +17,13 @@
@pytest.mark.importance("critical")
@pytest.mark.authentication
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str, sssd_service_user: str):
def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, sssd_service_user: str):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode
:setup:
Expand Down Expand Up @@ -52,7 +52,6 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert client.auth.ssh.password(user, old_pass), "Authentication with old correct password failed"
Expand All @@ -65,9 +64,8 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use

@pytest.mark.ticket(bz=[795044, 1695574])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode, but retyped password do not match
:setup:
Expand All @@ -85,7 +83,6 @@ def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, mo
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password(
Expand All @@ -95,9 +92,8 @@ def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, mo

@pytest.mark.ticket(bz=[795044, 1695574, 1795220])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Change password to lower-case letters, password check fail
:setup:
Expand All @@ -119,24 +115,22 @@ def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode
ldap.ldap.modify("cn=config", replace={"passwordCheckSyntax": "on"})

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password(
"user1", "Secret123", "red_32"
), "Password changed successfully, which is not expected"

assert (
"pam_sss(passwd:chauthtok): User info message: Password change failed."
in client.host.ssh.run("journalctl").stdout
"pam_sss(passwd:chauthtok): User info message: Password change failed."
in client.host.ssh.run("journalctl").stdout
)


@pytest.mark.ticket(bz=[1695574, 1795220])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Password change failed because an incorrect password was used
:setup:
Expand All @@ -154,7 +148,6 @@ def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail"
Expand Down

0 comments on commit 180ffe4

Please sign in to comment.