LDAP ppolicy tests
ActivePublic
Actions

Authored by akosiaris on Apr 1 2019, 1:18 PM.

Tags

None

Subscribers

None

	vagrant@m1:/vagrant$ make all
	sudo service slapd stop
	sudo -u openldap find /var/lib/slapd -type f -exec rm {} \;
	sudo -u openldap slapadd -l init_data.ldif
	5ca22d74 /etc/ldap/slapd.conf: line 70: rootdn is always granted unlimited privileges.
	5ca22d74 /etc/ldap/acls.conf: line 10: rootdn is always granted unlimited privileges.
	5ca22d74 /etc/ldap/acls.conf: line 21: rootdn is always granted unlimited privileges.
	5ca22d74 The first database does not allow slapadd; using the first available one (2)
	_#################### 100.00% eta none elapsed none fast!
	Closing DB...
	sudo service slapd start
	ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -f user.ldif
	adding new entry "uid=user1,ou=people,dc=example,dc=com"

	adding new entry "uid=user2,ou=people,dc=example,dc=com"

	adding new entry "uid=user3,ou=people,dc=example,dc=com"

	adding new entry "uid=user4,ou=people,dc=example,dc=com"

	adding new entry "uid=user5,ou=people,dc=example,dc=com"

	admin account resets pass. Note we dont reset the pass for user2
	Succesful Auth: user1
	Succesful Auth: user2
	Succesful Auth: user3
	Succesful Auth: user4
	Succesful Auth: user5
	Set maxage for user1, user2
	Set pwdAccountLockedTime: 000001010000Z for user3, pwdLockout: TRUE
	Set pwdAccountLockedTime: 000001010000Z for user4, pwdLockout: FALSE
	Set pwdAccountLockedTime: 000001010000Z for user5, pwdLockout: TRUE, maxage: 1
	Failed auth: user1
	Succesful Auth: user2
	Failed auth: user3
	Succesful Auth: user4
	Failed auth: user5
	admin account resets pass. Note we dont reset the pass for user2
	Succesful Auth: user1
	Succesful Auth: user2
	Succesful Auth: user3
	Succesful Auth: user4
	Succesful Auth: user5
	User accounts resets pass
	ldappasswd -x -D "uid=user1,ou=people,dc=example,dc=com" -w user1 -s user1 uid=user1,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user2,ou=people,dc=example,dc=com" -w user2 -s user2 uid=user2,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user3,ou=people,dc=example,dc=com" -w user3 -s user3 uid=user3,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user4,ou=people,dc=example,dc=com" -w user4 -s user4 uid=user4,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user5,ou=people,dc=example,dc=com" -w user5 -s user5 uid=user5,ou=people,dc=example,dc=com
	Succesful Auth: user1
	Succesful Auth: user2
	Succesful Auth: user3
	Succesful Auth: user4
	Succesful Auth: user5
	vagrant@m1:/vagrant$ vi Makefile
	vagrant@m1:/vagrant$ make all
	sudo service slapd stop
	sudo -u openldap find /var/lib/slapd -type f -exec rm {} \;
	sudo -u openldap slapadd -l init_data.ldif
	5ca22d9c /etc/ldap/slapd.conf: line 70: rootdn is always granted unlimited privileges.
	5ca22d9c /etc/ldap/acls.conf: line 10: rootdn is always granted unlimited privileges.
	5ca22d9c /etc/ldap/acls.conf: line 21: rootdn is always granted unlimited privileges.
	5ca22d9c The first database does not allow slapadd; using the first available one (2)
	_#################### 100.00% eta none elapsed none fast!
	Closing DB...
	sudo service slapd start
	ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -f user.ldif
	adding new entry "uid=user1,ou=people,dc=example,dc=com"

	adding new entry "uid=user2,ou=people,dc=example,dc=com"

	adding new entry "uid=user3,ou=people,dc=example,dc=com"

	adding new entry "uid=user4,ou=people,dc=example,dc=com"

	adding new entry "uid=user5,ou=people,dc=example,dc=com"

	admin account resets pass. Note we dont reset the pass for user2
	Succesful Auth: user1
	Succesful Auth: user2
	Succesful Auth: user3
	Succesful Auth: user4
	Succesful Auth: user5
	Set maxage for user1, user2
	Set pwdAccountLockedTime: 000001010000Z for user3, pwdLockout: TRUE
	Set pwdAccountLockedTime: 000001010000Z for user4, pwdLockout: FALSE
	Set pwdAccountLockedTime: 000001010000Z for user5, pwdLockout: TRUE, maxage: 1
	Failed auth: user1
	Succesful Auth: user2
	Failed auth: user3
	Succesful Auth: user4
	Failed auth: user5
	admin account resets pass. Note we dont reset the pass for user2
	Failed auth: user1
	Succesful Auth: user2
	Succesful Auth: user3
	Succesful Auth: user4
	Failed auth: user5
	User accounts resets pass
	ldappasswd -x -D "uid=user1,ou=people,dc=example,dc=com" -w user1 -s user1 uid=user1,ou=people,dc=example,dc=com
	ldap_bind: Invalid credentials (49)
	Makefile:50: recipe for target 'resetpass_by_user' failed
	make: [resetpass_by_user] Error 49 (ignored)
	ldappasswd -x -D "uid=user2,ou=people,dc=example,dc=com" -w user2 -s user2 uid=user2,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user3,ou=people,dc=example,dc=com" -w user3 -s user3 uid=user3,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user4,ou=people,dc=example,dc=com" -w user4 -s user4 uid=user4,ou=people,dc=example,dc=com
	ldappasswd -x -D "uid=user5,ou=people,dc=example,dc=com" -w user5 -s user5 uid=user5,ou=people,dc=example,dc=com
	ldap_bind: Invalid credentials (49)
	Makefile:50: recipe for target 'resetpass_by_user' failed
	make: [resetpass_by_user] Error 49 (ignored)
	Failed auth: user1
	Succesful Auth: user2
	Succesful Auth: user3
	Succesful Auth: user4
	Failed auth: user5

Event Timeline

akosiaris created this paste.Apr 1 2019, 1:18 PM

akosiaris edited the content of this paste. (Show Details)Apr 1 2019, 2:03 PM

akosiaris mentioned this in T168692: Blocking an account on wikitech should disable LDAP logins.Apr 1 2019, 3:18 PM

akosiaris edited the content of this paste. (Show Details)Apr 1 2019, 3:28 PM

LDAP ppolicy testsActivePublicActions

Event Timeline

LDAP ppolicy tests
ActivePublic
Actions