diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py index bfef3d055f3..7c4b79a1dc7 100644 --- a/src/tests/system/tests/test_ldap.py +++ b/src/tests/system/tests/test_ldap.py @@ -7,6 +7,7 @@ from __future__ import annotations import pytest + from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.ldap import LDAP from sssd_test_framework.topology import KnownTopology @@ -16,14 +17,13 @@ @pytest.mark.importance("critical") @pytest.mark.authentication @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) -@pytest.mark.parametrize("use_ppolicy", ["true", "false"]) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.parametrize("sssd_service_user", ("root", "sssd")) @pytest.mark.require( lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]), "SSSD was built without support for running under non-root", ) -def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str, sssd_service_user: str): +def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, sssd_service_user: str): """ :title: Change password with "ldap_pwmodify_mode" set to @modify_mode :setup: @@ -52,7 +52,6 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use client.sssd.set_service_user(sssd_service_user) client.sssd.domain["ldap_pwmodify_mode"] = modify_mode - client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy client.sssd.start() assert client.auth.ssh.password(user, old_pass), "Authentication with old correct password failed" @@ -65,9 +64,8 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use @pytest.mark.ticket(bz=[795044, 1695574]) @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) -@pytest.mark.parametrize("use_ppolicy", ["true", "false"]) @pytest.mark.topology(KnownTopology.LDAP) -def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str): +def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str): """ :title: Change password with "ldap_pwmodify_mode" set to @modify_mode, but retyped password do not match :setup: @@ -85,7 +83,6 @@ def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, mo ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') client.sssd.domain["ldap_pwmodify_mode"] = modify_mode - client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy client.sssd.start() assert not client.auth.passwd.password( @@ -95,9 +92,8 @@ def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, mo @pytest.mark.ticket(bz=[795044, 1695574, 1795220]) @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) -@pytest.mark.parametrize("use_ppolicy", ["true", "false"]) @pytest.mark.topology(KnownTopology.LDAP) -def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str): +def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str): """ :title: Change password to lower-case letters, password check fail :setup: @@ -119,7 +115,6 @@ def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode ldap.ldap.modify("cn=config", replace={"passwordCheckSyntax": "on"}) client.sssd.domain["ldap_pwmodify_mode"] = modify_mode - client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy client.sssd.start() assert not client.auth.passwd.password( @@ -127,16 +122,15 @@ def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode ), "Password changed successfully, which is not expected" assert ( - "pam_sss(passwd:chauthtok): User info message: Password change failed." - in client.host.ssh.run("journalctl").stdout + "pam_sss(passwd:chauthtok): User info message: Password change failed." + in client.host.ssh.run("journalctl").stdout ) @pytest.mark.ticket(bz=[1695574, 1795220]) @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) -@pytest.mark.parametrize("use_ppolicy", ["true", "false"]) @pytest.mark.topology(KnownTopology.LDAP) -def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str): +def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str): """ :title: Password change failed because an incorrect password was used :setup: @@ -154,7 +148,6 @@ def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_ ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') client.sssd.domain["ldap_pwmodify_mode"] = modify_mode - client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy client.sssd.start() assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail"