IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
f347c3f230
freeipa/ipatests/test_integration
History
Rob Crittenden f347c3f230 Implement LDAP bind grace period 389-ds plugin 
Add support for bind grace limiting per
https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-06

389-ds provides for alternative naming than the draft, using those
instead: passwordGraceUserTime for pwdGraceUserTime and
passwordGraceLimit for pwdGraceLoginLimit.

passwordGraceLimit is a policy variable that an administrator
sets to determine the maximum number of LDAP binds allowed when
a password is marked as expired. This is suported for both the
global and per-group password policies.

passwordGraceUserTime is a count per-user of the number of binds.

When the passwordGraceUserTime exceeds the passwordGraceLimit then
all subsequent binds will be denied and an administrator will need
to reset the user password.

If passwordGraceLimit is less than 0 then grace limiting is disabled
and unlimited binds are allowed.

Grace login limitations only apply to entries with the objectclass
posixAccount or simplesecurityobject in order to limit this to
IPA users and system accounts.

Some basic support for the LDAP ppolicy control is enabled such that
if the ppolicy control is in the bind request then the number of
remaining grace binds will be returned with the request.

The passwordGraceUserTime attribute is reset to 0 upon a password
reset.

user-status has been extended to display the number of grace binds
which is stored centrally and not per-server.

Note that passwordGraceUserTime is an operational attribute.

https://pagure.io/freeipa/issue/1539

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2022-05-30 17:24:22 +03:00
..
__init__.py Add marker needs_ipaapi and option to skip tests 2017-12-11 20:40:06 +01:00
base.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_acme.py ipatests: remove redundant kinit from test 2021-11-03 10:55:49 +01:00
test_adtrust_install.py ipatests: use krb5_trace in TestIpaAdTrustInstall 2021-08-05 15:19:33 +02:00
test_advise.py pylint: Synchronize pylint plugin to ipatests code 2020-02-12 18:08:32 +02:00
test_authselect.py ipatests: add new test with --subid installer option 2022-05-25 08:11:39 +03:00
test_automember.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_backup_and_restore.py ipatests: fix the topologysegment-reinitialize command 2022-04-07 14:19:28 +02:00
test_ca_custom_sdn.py test_integration: add tests for custom CA subject DN 2019-10-17 08:17:46 +02:00
test_caless.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_cert.py ipatests: remove test_rekey_keytype_DSA 2022-05-04 13:45:02 -04:00
test_cli_ipa_not_configured.py ipatests: Test for ipa-backup with ipa not configured 2019-08-27 12:04:45 +02:00
test_commands.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_crlgen_manage.py ipatests: fix test_crlgen_manage 2019-11-29 11:17:13 +01:00
test_custom_plugins.py ipatests: add suite for testing custom plugins 2021-08-05 17:36:46 +02:00
test_customized_ds_config_install.py ipatests: do not configure nameserver when installing client and replica 2021-03-04 18:47:32 +01:00
test_dns_locations.py Add URI system records for KDC 2021-08-31 18:28:27 -04:00
test_dns.py Tests for fake_mname parameter setup 2020-08-06 18:43:53 +02:00
test_dnssec.py ipatests: dnssec: Add alternative approach for checking chain of trust 2021-05-25 10:45:49 +03:00
test_epn.py ipatests: update the expected sha256sum of epn.conf file 2022-05-02 16:11:04 -04:00
test_external_ca.py ipatests: TestMultipleExternalCA: Create tempfiles on remote host 2021-10-28 16:29:01 -04:00
test_fips.py Test installation with (fake) userspace FIPS 2019-11-14 16:01:15 +01:00
test_forced_client_reenrollment.py ipatests: do not manually modify /etc/resolv.conf in tests 2021-03-04 18:47:32 +01:00
test_http_kdc_proxy.py ipatests: add test for kdcproxy handling reply split to several TCP packets 2021-03-18 13:41:49 +01:00
test_idp.py ipatests: Add integration tests for External IdP support 2022-05-23 08:38:40 +03:00
test_idviews.py ipatests: fix the method adding ifp to sssd.conf 2020-06-24 17:22:24 -04:00
test_installation_client.py ipatests: Test unsecure nsupdate. 2021-08-12 16:35:52 -04:00
test_installation.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_ipa_cert_fix.py ipatests: Fix a call to run_command with wildcard 2022-03-19 11:20:50 +01:00
test_ipahealthcheck.py ipatests: --no-dnssec-validation requires --setup-dns 2022-05-08 09:32:02 +02:00
test_kerberos_flags.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_krbtpolicy.py test_krbtpolicy: skip SPAKE-related tests in FIPS mode 2022-03-16 11:14:35 +02:00
test_legacy_clients.py ipatests: Fetch sudo rules without time offset 2021-06-03 09:21:45 +03:00
test_membermanager.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
test_netgroup.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_nfs.py Remove the --no-sssd option from ipa-client-automount 2022-03-18 09:40:37 +01:00
test_ntp_options.py ipatests: interactive install prompts for netbios name 2021-11-02 10:11:28 +01:00
test_otp.py test_otp: do not use paramiko unless it is really needed 2022-03-16 11:14:35 +02:00
test_pki_config_override.py Fix and extend pki config override test 2019-04-24 17:08:24 +02:00
test_pkinit_manage.py Ensure that KDC cert has SAN DNS entry 2021-01-29 13:36:41 -05:00
test_pwpolicy.py Implement LDAP bind grace period 389-ds plugin 2022-05-30 17:24:22 +03:00
test_replica_promotion.py ipatests: Give the subCA more time to be loaded by the CA 2022-03-15 08:36:18 +01:00
test_replication_layouts.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_resolvers_manager.py ipatests: add utility for managing domain name resolvers 2021-03-04 18:47:32 +01:00
test_server_del.py pylint: Fix consider-using-dict-items 2022-03-11 13:37:08 -05:00
test_service_permissions.py Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
test_simple_replication.py Extend test to see if replica is not shown when running ipa-replica-manage list -v <FQDN> 2021-11-29 15:21:11 +01:00
test_smb.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_sssd.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
test_subids.py Test DNA plugin configuration 2021-07-09 09:47:30 -04:00
test_sudo.py ipatests: test addition of invalid sudo command 2021-02-15 09:59:41 +02:00
test_testconfig.py ipatests: mock resolver factory 2021-03-04 18:47:32 +01:00
test_topologies.py Fix comparison-with-callable 2018-11-13 13:37:58 +01:00
test_topology.py ipatests: extend find_segment with suffix param 2022-04-07 14:19:28 +02:00
test_trust.py ipatests: fix wrong condition in xfail_context for auto private grp 2022-04-25 09:04:17 +02:00
test_uninstallation.py ipatests: do not configure nameserver when installing client and replica 2021-03-04 18:47:32 +01:00
test_upgrade.py Ignore dnssec-enable-related named-checkonf errors in test 2022-05-25 20:05:42 +02:00
test_user_permissions.py ipatests: test_user_permissions: test_selinux_user_optimized Paramiko=>OpenSSH 2020-07-29 13:53:52 +02:00
test_vault.py Fix E266 too many leading '#' for block comment 2020-05-05 10:42:46 +02:00
test_winsyncmigrate.py pylint: Fix use-maxsplit-arg 2022-03-11 13:37:08 -05:00