Page MenuHomePhabricator
Paste P8321

LDAP ppolicy tests
ActivePublic
Actions

Authored by akosiaris on Apr 1 2019, 1:18 PM.
Tags
None
Referenced Files
F28547966: raw.txt
Apr 1 2019, 3:28 PM
F28547618: raw.txt
Apr 1 2019, 2:03 PM
F28547496: raw.txt
Apr 1 2019, 1:18 PM
Subscribers
None
vagrant@m1:/vagrant$ make all
sudo service slapd stop
sudo -u openldap find /var/lib/slapd -type f -exec rm {} \;
sudo -u openldap slapadd -l init_data.ldif
5ca22d74 /etc/ldap/slapd.conf: line 70: rootdn is always granted unlimited privileges.
5ca22d74 /etc/ldap/acls.conf: line 10: rootdn is always granted unlimited privileges.
5ca22d74 /etc/ldap/acls.conf: line 21: rootdn is always granted unlimited privileges.
5ca22d74 The first database does not allow slapadd; using the first available one (2)
_#################### 100.00% eta none elapsed none fast!
Closing DB...
sudo service slapd start
ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -f user.ldif
adding new entry "uid=user1,ou=people,dc=example,dc=com"
adding new entry "uid=user2,ou=people,dc=example,dc=com"
adding new entry "uid=user3,ou=people,dc=example,dc=com"
adding new entry "uid=user4,ou=people,dc=example,dc=com"
adding new entry "uid=user5,ou=people,dc=example,dc=com"
admin account resets pass. Note we dont reset the pass for user2
Succesful Auth: user1
Succesful Auth: user2
Succesful Auth: user3
Succesful Auth: user4
Succesful Auth: user5
Set maxage for user1, user2
Set pwdAccountLockedTime: 000001010000Z for user3, pwdLockout: TRUE
Set pwdAccountLockedTime: 000001010000Z for user4, pwdLockout: FALSE
Set pwdAccountLockedTime: 000001010000Z for user5, pwdLockout: TRUE, maxage: 1
Failed auth: user1
Succesful Auth: user2
Failed auth: user3
Succesful Auth: user4
Failed auth: user5
admin account resets pass. Note we dont reset the pass for user2
Succesful Auth: user1
Succesful Auth: user2
Succesful Auth: user3
Succesful Auth: user4
Succesful Auth: user5
User accounts resets pass
ldappasswd -x -D "uid=user1,ou=people,dc=example,dc=com" -w user1 -s user1 uid=user1,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user2,ou=people,dc=example,dc=com" -w user2 -s user2 uid=user2,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user3,ou=people,dc=example,dc=com" -w user3 -s user3 uid=user3,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user4,ou=people,dc=example,dc=com" -w user4 -s user4 uid=user4,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user5,ou=people,dc=example,dc=com" -w user5 -s user5 uid=user5,ou=people,dc=example,dc=com
Succesful Auth: user1
Succesful Auth: user2
Succesful Auth: user3
Succesful Auth: user4
Succesful Auth: user5
vagrant@m1:/vagrant$ vi Makefile
vagrant@m1:/vagrant$ make all
sudo service slapd stop
sudo -u openldap find /var/lib/slapd -type f -exec rm {} \;
sudo -u openldap slapadd -l init_data.ldif
5ca22d9c /etc/ldap/slapd.conf: line 70: rootdn is always granted unlimited privileges.
5ca22d9c /etc/ldap/acls.conf: line 10: rootdn is always granted unlimited privileges.
5ca22d9c /etc/ldap/acls.conf: line 21: rootdn is always granted unlimited privileges.
5ca22d9c The first database does not allow slapadd; using the first available one (2)
_#################### 100.00% eta none elapsed none fast!
Closing DB...
sudo service slapd start
ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -f user.ldif
adding new entry "uid=user1,ou=people,dc=example,dc=com"
adding new entry "uid=user2,ou=people,dc=example,dc=com"
adding new entry "uid=user3,ou=people,dc=example,dc=com"
adding new entry "uid=user4,ou=people,dc=example,dc=com"
adding new entry "uid=user5,ou=people,dc=example,dc=com"
admin account resets pass. Note we dont reset the pass for user2
Succesful Auth: user1
Succesful Auth: user2
Succesful Auth: user3
Succesful Auth: user4
Succesful Auth: user5
Set maxage for user1, user2
Set pwdAccountLockedTime: 000001010000Z for user3, pwdLockout: TRUE
Set pwdAccountLockedTime: 000001010000Z for user4, pwdLockout: FALSE
Set pwdAccountLockedTime: 000001010000Z for user5, pwdLockout: TRUE, maxage: 1
Failed auth: user1
Succesful Auth: user2
Failed auth: user3
Succesful Auth: user4
Failed auth: user5
admin account resets pass. Note we dont reset the pass for user2
Failed auth: user1
Succesful Auth: user2
Succesful Auth: user3
Succesful Auth: user4
Failed auth: user5
User accounts resets pass
ldappasswd -x -D "uid=user1,ou=people,dc=example,dc=com" -w user1 -s user1 uid=user1,ou=people,dc=example,dc=com
ldap_bind: Invalid credentials (49)
Makefile:50: recipe for target 'resetpass_by_user' failed
make: [resetpass_by_user] Error 49 (ignored)
ldappasswd -x -D "uid=user2,ou=people,dc=example,dc=com" -w user2 -s user2 uid=user2,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user3,ou=people,dc=example,dc=com" -w user3 -s user3 uid=user3,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user4,ou=people,dc=example,dc=com" -w user4 -s user4 uid=user4,ou=people,dc=example,dc=com
ldappasswd -x -D "uid=user5,ou=people,dc=example,dc=com" -w user5 -s user5 uid=user5,ou=people,dc=example,dc=com
ldap_bind: Invalid credentials (49)
Makefile:50: recipe for target 'resetpass_by_user' failed
make: [resetpass_by_user] Error 49 (ignored)
Failed auth: user1
Succesful Auth: user2
Succesful Auth: user3
Succesful Auth: user4
Failed auth: user5
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL