Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tests: test_ldap.py, removing references to ldap_use_ppolicy #7260

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 7 additions & 14 deletions src/tests/system/tests/test_ldap.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from __future__ import annotations

import pytest

from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopology
Expand All @@ -16,14 +17,13 @@
@pytest.mark.importance("critical")
@pytest.mark.authentication
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str, sssd_service_user: str):
def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, sssd_service_user: str):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode
:setup:
Expand Down Expand Up @@ -52,7 +52,6 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert client.auth.ssh.password(user, old_pass), "Authentication with old correct password failed"
Expand All @@ -65,9 +64,8 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use

@pytest.mark.ticket(bz=[795044, 1695574])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode, but retyped password do not match
:setup:
Expand All @@ -85,7 +83,6 @@ def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, mo
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password(
Expand All @@ -95,9 +92,8 @@ def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, mo

@pytest.mark.ticket(bz=[795044, 1695574, 1795220])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Change password to lower-case letters, password check fail
:setup:
Expand All @@ -119,24 +115,22 @@ def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode
ldap.ldap.modify("cn=config", replace={"passwordCheckSyntax": "on"})

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password(
"user1", "Secret123", "red_32"
), "Password changed successfully, which is not expected"

assert (
"pam_sss(passwd:chauthtok): User info message: Password change failed."
in client.host.ssh.run("journalctl").stdout
"pam_sss(passwd:chauthtok): User info message: Password change failed."
in client.host.ssh.run("journalctl").stdout
)


@pytest.mark.ticket(bz=[1695574, 1795220])
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str):
"""
:title: Password change failed because an incorrect password was used
:setup:
Expand All @@ -154,7 +148,6 @@ def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()

assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail"
Expand Down
Loading