-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: converted multihost/basic/test_ldap.py
- Loading branch information
Showing
2 changed files
with
60 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| """ | ||
| SSSD LDAP provider tests | ||
| :requirement: IDM-SSSD-REQ : LDAP Provider | ||
| """ | ||
|
|
||
| from __future__ import annotations | ||
|
|
||
| import pytest | ||
| from sssd_test_framework.roles.client import Client | ||
| from sssd_test_framework.roles.ldap import LDAP | ||
| from sssd_test_framework.topology import KnownTopology | ||
|
|
||
|
|
||
| @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) | ||
| @pytest.mark.topology(KnownTopology.LDAP) | ||
| def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): | ||
| """ | ||
| :title: Change password with "ldap_pwmodify_mode" set to "exop" and then to "ldap_modify" | ||
| :setup: | ||
| 1. Add user to SSSD, set his password | ||
| 2. Allow user to change his password | ||
| 3. Set "ldap_pwmodify_mode" | ||
| 4. Start SSSD | ||
| :steps: | ||
| 1. Check that "ldap_pwmodify_mode" is properly set | ||
| 2. Authenticate user with old password | ||
| 3. Change password of user to new password | ||
| 4. Authenticate user with new password | ||
| 5. Authenticate user with old password | ||
| :expectedresults: | ||
| 1. Config is properly set | ||
| 2. User is authenticated | ||
| 3. Password is changed successfully | ||
| 4. User is authenticated | ||
| 5. User is not authenticated | ||
| :customerscenario: False | ||
| """ | ||
| user = "user1" | ||
| old_pass = "Secret123" | ||
| new_pass = "New_password123" | ||
|
|
||
| ldap.user(user).add(password=old_pass) | ||
| ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') | ||
| client.sssd.dom("test")["ldap_pwmodify_mode"] = modify_mode | ||
|
|
||
| client.sssd.start() | ||
|
|
||
| ldb = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=test,cn=domain,cn=config") | ||
| assert ldb["cn=test,cn=domain,cn=config"]["ldap_pwmodify_mode"] == [modify_mode] | ||
|
|
||
| assert client.auth.ssh.password(user, old_pass) | ||
|
|
||
| with client.ssh(user, old_pass) as ssh: | ||
| assert client.auth.passwd(ssh).password(user, old_pass, new_pass), "Password change was not successful" | ||
|
|
||
| assert client.auth.ssh.password(user, new_pass), "Authentication with new correct password failed" | ||
| assert not client.auth.ssh.password(user, old_pass), "Authentication with old incorrect password did not fail" |