Skip to content

Commit

Permalink
tests: test_ldap.py, removing references to ldap_use_ppolicy
Browse files Browse the repository at this point in the history
  • Loading branch information
Dan Lavu committed Mar 27, 2024
1 parent deb67be commit 5a5cc5b
Showing 1 changed file with 7 additions and 14 deletions.
21 changes: 7 additions & 14 deletions src/tests/system/tests/test_ldap.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import time

import pytest

from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopology
Expand All @@ -18,14 +19,13 @@
@pytest.mark.importance("critical")
@pytest.mark.authentication
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_ldap__password_change(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str, sssd_service_user: str):
def test_ldap__password_change(client: Client, ldap: LDAP, modify_mode: str, sssd_service_user: str):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode
:setup:
Expand Down Expand Up @@ -54,7 +54,6 @@ def test_ldap__password_change(client: Client, ldap: LDAP, modify_mode: str, use

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert client.auth.ssh.password(user, old_pass), "Authentication with old correct password failed"
Expand All @@ -67,10 +66,9 @@ def test_ldap__password_change(client: Client, ldap: LDAP, modify_mode: str, use

@pytest.mark.ticket(bz=[795044, 1695574])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__password_change_new_passwords_do_not_match(
client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str
client: Client, ldap: LDAP, modify_mode: str
):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode, but retyped password do not match
Expand All @@ -89,7 +87,6 @@ def test_ldap__password_change_new_passwords_do_not_match(
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password(
Expand All @@ -99,10 +96,9 @@ def test_ldap__password_change_new_passwords_do_not_match(

@pytest.mark.ticket(bz=[795044, 1695574, 1795220])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__password_change_new_password_does_not_meet_complexity_requirements(
client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str
client: Client, ldap: LDAP, modify_mode: str
):
"""
:title: Change password to lower-case letters, password check fail
Expand All @@ -125,24 +121,22 @@ def test_ldap__password_change_new_password_does_not_meet_complexity_requirement
ldap.ldap.modify("cn=config", replace={"passwordCheckSyntax": "on"})

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password(
"user1", "Secret123", "red_32"
), "Password changed successfully, which is not expected"

assert (
"pam_sss(passwd:chauthtok): User info message: Password change failed."
in client.host.ssh.run("journalctl").stdout
"pam_sss(passwd:chauthtok): User info message: Password change failed."
in client.host.ssh.run("journalctl").stdout
)


@pytest.mark.ticket(bz=[1695574, 1795220])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__password_change_failed_current_password(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__password_change_failed_current_password(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Password change failed because an incorrect password was used
:setup:
Expand All @@ -160,7 +154,6 @@ def test_ldap__password_change_failed_current_password(client: Client, ldap: LDA
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail"
Expand Down

0 comments on commit 5a5cc5b

Please sign in to comment.