diff options
| author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-08-15 10:02:43 +0200 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-08-15 19:42:39 +0200 |
| commit | 6dc0c07a51ee3d26ffc44e6178b6ae842190bd19 (patch) | |
| tree | facf5c7ed248b8c7f5f38d036451835d7db7ccde /source4/dsdb | |
| parent | 28cfae774edf7bd4e2c4d9285b0d0508bee64284 (diff) | |
| download | samba-6dc0c07a51ee3d26ffc44e6178b6ae842190bd19.tar.gz samba-6dc0c07a51ee3d26ffc44e6178b6ae842190bd19.tar.bz2 samba-6dc0c07a51ee3d26ffc44e6178b6ae842190bd19.zip | |
s4:passwords.py - another special password test
This looks like a password change but it's rather a password set operation.
Diffstat (limited to 'source4/dsdb')
| -rwxr-xr-x | source4/dsdb/tests/python/passwords.py | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py index a8a19e18b4..b675e91f6f 100755 --- a/source4/dsdb/tests/python/passwords.py +++ b/source4/dsdb/tests/python/passwords.py @@ -86,7 +86,8 @@ class PasswordTests(samba.tests.TestCase): "objectclass": ["user", "person"], "sAMAccountName": "testuser"}) - # Tests a password change when we don't have a password yet + # Tests a password change when we don't have any password yet with a + # wrong old password try: self.ldb.modify_ldif(""" dn: cn=testuser,cn=users,""" + self.base_dn + """ @@ -100,13 +101,32 @@ userPassword: thatsAcomplPASS2 except LdbError, (num, _): self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) - # Sets the initial user password and enables the account + # Sets the initial user password with a "special" password change + # I think that this internally is a password set operation and it can + # only be performed by someone which has password set privileges on the + # account (at least in s4 we do handle it like that). self.ldb.modify_ldif(""" dn: cn=testuser,cn=users,""" + self.base_dn + """ changetype: modify -replace: userPassword +delete: userPassword +add: userPassword +userPassword: thatsAcomplPASS1 +""") + + # But in the other way around this special syntax doesn't work + try: + self.ldb.modify_ldif(""" +dn: cn=testuser,cn=users,""" + self.base_dn + """ +changetype: modify +delete: userPassword userPassword: thatsAcomplPASS1 +add: userPassword """) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_CONSTRAINT_VIOLATION) + + # Enables the user account self.ldb.enable_account("(sAMAccountName=testuser)") # Open a second LDB connection with the user credentials. Use the |