Rob Crittenden f347c3f230 Implement LDAP bind grace period 389-ds plugin ... Add support for bind grace limiting per https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-06 389-ds provides for alternative naming than the draft, using those instead: passwordGraceUserTime for pwdGraceUserTime and passwordGraceLimit for pwdGraceLoginLimit. passwordGraceLimit is a policy variable that an administrator sets to determine the maximum number of LDAP binds allowed when a password is marked as expired. This is suported for both the global and per-group password policies. passwordGraceUserTime is a count per-user of the number of binds. When the passwordGraceUserTime exceeds the passwordGraceLimit then all subsequent binds will be denied and an administrator will need to reset the user password. If passwordGraceLimit is less than 0 then grace limiting is disabled and unlimited binds are allowed. Grace login limitations only apply to entries with the objectclass posixAccount or simplesecurityobject in order to limit this to IPA users and system accounts. Some basic support for the LDAP ppolicy control is enabled such that if the ppolicy control is in the bind request then the number of remaining grace binds will be returned with the request. The passwordGraceUserTime attribute is reset to 0 upon a password reset. user-status has been extended to display the number of grace binds which is stored centrally and not per-server. Note that passwordGraceUserTime is an operational attribute. https://pagure.io/freeipa/issue/1539 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>		2022-05-30 17:24:22 +03:00
..
data	Add SHA384withRSA as a certificate signing algorithm	2021-07-09 13:21:00 -04:00
tracker	external-idp: add XMLRPC tests for External IdP objects and idp indicator	2022-05-10 15:52:41 +03:00
__init__.py	Add marker needs_ipaapi and option to skip tests	2017-12-11 20:40:06 +01:00
mock_trust.py	ipatests: adapt expected output with SID	2021-11-02 10:11:28 +01:00
objectclasses.py	external-idp: add XMLRPC tests for External IdP objects and idp indicator	2022-05-10 15:52:41 +03:00
test_add_remove_cert_cmd.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_attr.py	Convert values using _SYNTAX_MAPPING with --delattr	2022-03-16 12:18:35 +02:00
test_automember_plugin.py	pytest: Migrate unittest/nose to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_automount_plugin.py	pylint: Fix useless-suppression	2022-03-11 13:37:08 -05:00
test_baseldap_plugin.py	pylint: Fix useless-suppression	2022-03-11 13:37:08 -05:00
test_batch_plugin.py	ipatests: adapt expected output with SID	2021-11-02 10:11:28 +01:00
test_ca_plugin.py	tests: fix cleanup for CATracker	2020-07-07 10:07:48 -04:00
test_caacl_plugin.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_caacl_profile_enforcement.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_cert_plugin.py	pylint: Fix use-maxsplit-arg	2022-03-11 13:37:08 -05:00
test_cert_request_ip_address.py	fix iPAddress cert issuance for >1 host/service	2020-06-23 10:22:38 +10:00
test_certmap_plugin.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_certprofile_plugin.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_config_plugin.py	config plugin: add a test ensuring EmptyModlist is returned	2022-01-13 14:20:59 -05:00
test_delegation_plugin.py	ipatests: Add test for ACI attribute and permission uniqueness	2020-09-14 09:15:59 +03:00
test_dns_plugin.py	ipatests: expect SOA serial option deprecation warning	2021-08-04 14:09:45 +02:00
test_dns_realmdomains_integration.py	ipatests: expect SOA serial option deprecation warning	2021-08-04 14:09:45 +02:00
test_env_plugin.py	ipatests: Add tests for env plugin	2021-06-28 14:16:56 +03:00
test_external_members.py	pytest: Migrate unittest/nose to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_group_plugin.py	ipatests: adapt expected output with SID	2021-11-02 10:11:28 +01:00
test_hbac_plugin.py	Replace nose with unittest and pytest	2017-12-12 16:16:58 +01:00
test_hbacsvcgroup_plugin.py	Performance: Find commands: do not process members by default	2016-05-31 14:08:54 +02:00
test_hbactest_plugin.py	Fix E712 comparison to True / False	2020-05-05 10:42:46 +02:00
test_host_plugin.py	Fall back to krbprincipalname when validating host auth indicators	2021-07-13 17:57:28 -04:00
test_hostgroup_plugin.py	Allow rename of a host group	2020-03-31 09:21:37 +03:00
test_idp_plugin.py	external-idp: add XMLRPC tests for External IdP objects and idp indicator	2022-05-10 15:52:41 +03:00
test_idviews_plugin.py	ipatests: update the expected output of user-add cmd	2021-11-02 10:11:28 +01:00
test_kerberos_principal_aliases.py	ipatests: adapt expected output with SID	2021-11-02 10:11:28 +01:00
test_krbtpolicy.py	external-idp: add XMLRPC tests for External IdP objects and idp indicator	2022-05-10 15:52:41 +03:00
test_location_plugin.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_nesting.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_netgroup_plugin.py	ipatests: adapt expected output with SID	2021-11-02 10:11:28 +01:00
test_old_permission_plugin.py	Copy-paste error in permssions plugin, CID 323649	2018-11-08 13:16:26 +01:00
test_otptoken_plugin.py	389-ds OTP lasttoken plugin: Add unit test	2018-02-15 14:10:48 +01:00
test_passwd_plugin.py	Replace nose with unittest and pytest	2017-12-12 16:16:58 +01:00
test_permission_plugin.py	ipatests: test that modifying a permission attrs handles failure	2021-01-13 13:50:45 +01:00
test_ping_plugin.py	ipalib: move server-side plugins to ipaserver	2016-06-03 09:00:34 +02:00
test_plugins_plugin.py	ipatests: Add tests for plugins plugin	2021-06-28 14:16:56 +03:00
test_privilege_plugin.py	Removed objectclass from LDAP*ReverseMember based tests	2016-08-10 13:53:55 +02:00
test_pwpolicy_plugin.py	ipatests: Check maxlife error message where minlife > maxlife specified	2022-03-16 12:17:08 +02:00
test_radiusproxy_plugin.py	Test coverage for multiservers for radius proxy	2018-06-13 16:23:18 -04:00
test_range_plugin.py	ipatests: update the expected output of user-add cmd	2021-11-02 10:11:28 +01:00
test_realmdomains_plugin.py	Prevent installation with single label domains	2017-11-09 11:32:31 +01:00
test_replace.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_role_plugin.py	tests: account for ID overrides as members of groups and roles	2020-06-08 12:39:34 -04:00
test_schema_plugin.py	test_schema_plugin: Add missing tests for command, class and topic commands	2021-09-20 17:53:53 +02:00
test_selfservice_plugin.py	ipalib: move server-side plugins to ipaserver	2016-06-03 09:00:34 +02:00
test_selinuxusermap_plugin.py	pylint: Fix use-maxsplit-arg	2022-03-11 13:37:08 -05:00
test_service_plugin.py	external-idp: add XMLRPC tests for External IdP objects and idp indicator	2022-05-10 15:52:41 +03:00
test_servicedelegation_plugin.py	service delegation: allow to add and remove host principals	2020-05-14 21:47:17 +03:00
test_stageuser_plugin.py	XMLRPC test: add a test for stageuser-add --user-auth-type	2021-07-06 08:14:33 +02:00
test_sudocmd_plugin.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_sudocmdgroup_plugin.py	pytest: Migrate xunit-style setups to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_sudorule_plugin.py	Improve sudooption docs, make the option multi-value	2021-10-08 10:47:58 +02:00
test_trust_plugin.py	ipatests: adapt expected output with SID	2021-11-02 10:11:28 +01:00
test_user_plugin.py	Implement LDAP bind grace period 389-ds plugin	2022-05-30 17:24:22 +03:00
test_vault_plugin.py	pytest: Migrate unittest/nose to Pytest fixtures	2020-02-12 18:08:32 +02:00
test_whoami_plugin.py	Add test: test_xmlrpc/test_whoami_plugin.py	2017-07-12 15:54:55 +02:00
testcert.py	Add absolute_import future imports	2018-04-20 09:43:37 +02:00
xmlrpc_test.py	pylint: Fix deprecated-class	2022-03-11 13:37:08 -05:00