#! /bin/sh # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2020 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## . echo "running defines.sh" . $SRCDIR/scripts/defines.sh if test $PPOLICY = ppolicyno; then echo "Password policy overlay not available, test skipped" exit 0 fi mkdir -p $TESTDIR $DBDIR1 $SLAPPASSWD -g -n >$CONFIGPWF echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf echo "Starting slapd on TCP/IP port $PORT1..." . $CONFFILTER $BACKEND < $PPOLICYCONF > $CONF1 $SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID read foo fi KILLPIDS="$PID" USER="uid=nd, ou=People, dc=example, dc=com" PASS=testpassword PWADMIN="uid=ndadmin, ou=People, dc=example, dc=com" ADMINPASSWD=testpw sleep 1 echo "Using ldapsearch to check that slapd is running..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 'objectclass=*' > /dev/null 2>&1 RC=$? if test $RC = 0 ; then break fi echo "Waiting 5 seconds for slapd to start..." sleep 5 done if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo /dev/null > $TESTOUT echo "Testing redundant ppolicy instance..." $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 dn: olcOverlay=ppolicy,olcDatabase={1}$BACKEND,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: ppolicy olcPPolicyDefault: cn=duplicate policy,ou=policies,dc=example,dc=com EOF RC=$? if test $RC = 0 ; then echo "ldapadd should have failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Using ldapadd to populate the database..." # may need "-e relax" for draft 09, but not yet. $LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \ $LDIFPPOLICY >> $TESTOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapadd failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing account lockout..." $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 sleep 2 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1 sleep 2 $LDAPSEARCH -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >>$SEARCHOUT 2>&1 sleep 2 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w wrongpw >> $SEARCHOUT 2>&1 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS >> $SEARCHOUT 2>&1 COUNT=`grep "Account locked" $SEARCHOUT | wc -l` if test $COUNT != 2 ; then echo "Account lockout test failed" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi DELAY=`$LDAPSEARCH -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*seconds_before_unlock=\(\d*\)/\1/p'` echo "Waiting $DELAY seconds for lockout to reset..." sleep $DELAY sleep 1 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi DELAY=`$LDAPSEARCH -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'` echo "Testing password expiration" echo "Waiting $DELAY seconds for password to expire..." sleep $DELAY sleep 1 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 sleep 2 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 sleep 2 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 sleep 2 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 RC=$? if test $RC = 0 ; then echo "Password expiration failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi COUNT=`grep "grace logins" $SEARCHOUT | wc -l` if test $COUNT != 3 ; then echo "Password expiration test failed" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Resetting password to clear expired status" $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ -w secret -s $PASS \ -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldappasswd failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Filling password history..." $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w $PASS >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify delete: userpassword userpassword: $PASS - replace: userpassword userpassword: 20urgle12-1 dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-1 - replace: userpassword userpassword: 20urgle12-2 dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-2 - replace: userpassword userpassword: 20urgle12-3 dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-3 - replace: userpassword userpassword: 20urgle12-4 dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-4 - replace: userpassword userpassword: 20urgle12-5 dn: $USER changetype: modify delete: userpassword userpassword: 20urgle12-5 - replace: userpassword userpassword: 20urgle12-6 EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing password history..." $LDAPMODIFY -v -D "$USER" -h $LOCALHOST -p $PORT1 -w 20urgle12-6 >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify delete: userPassword userPassword: 20urgle12-6 - replace: userPassword userPassword: 20urgle12-2 EOMODS RC=$? if test $RC = 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Testing failed logins when password/policy missing..." $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 \ -D "uid=test, ou=People,$BASEDN" -w hasnopolicy \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 RC=$? if test $RC = 0 ; then echo "Password accepted ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$BASEDN" -w hasnopw \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 RC=$? if test $RC = 0 ; then echo "Password accepted ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi $LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$BASEDN" \* \+ > $SEARCHOUT 2>&1 COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l` if test $COUNT != 0 ; then echo "Failed login stored on an account without policy and or password" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Testing forced reset..." $LDAPMODIFY -v -D "$PWADMIN" -h $LOCALHOST -p $PORT1 -w $ADMINPASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify replace: userPassword userPassword: $PASS EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 RC=$? if test $RC = 0 ; then echo "Forced reset failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi COUNT=`grep "Operations are restricted" $SEARCHOUT | wc -l` if test $COUNT != 1 ; then echo "Forced reset test failed" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Clearing forced reset..." $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify delete: pwdReset EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Clearing forced reset failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing Safe modify..." $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ -w $PASS -s failexpect \ -D "$USER" >> $TESTOUT 2>&1 RC=$? if test $RC = 0 ; then echo "Safe modify test 1 failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi sleep 2 OLDPASS=$PASS PASS=successexpect $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ -w $OLDPASS -s $PASS -a $OLDPASS \ -D "$USER" >> $TESTOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Safe modify test 2 failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing length requirement..." # check control in response (ITS#5711) $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ -w $PASS -a $PASS -s 2shr \ -D "$USER" -e ppolicy > ${TESTOUT}.2 2>&1 RC=$? cat ${TESTOUT}.2 >> $TESTOUT if test $RC = 0 ; then echo "Length requirement test failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi COUNT=`grep "Password fails quality" ${TESTOUT}.2 | wc -l` if test $COUNT != 1 ; then echo "Length requirement test failed" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi COUNT=`grep "Password is too short for policy" ${TESTOUT}.2 | wc -l` if test $COUNT != 1 ; then echo "Control not returned in response" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi $LDAPPASSWD -h $LOCALHOST -p $PORT1 \ -w $PASS -a $PASS -s passwordthatistoolong \ -D "$USER" -e ppolicy > ${TESTOUT}.2 2>&1 RC=$? cat ${TESTOUT}.2 >> $TESTOUT COUNT=`grep "Password is too long for policy" ${TESTOUT}.2 | wc -l` if test $COUNT != 1 ; then echo "Control not returned in response" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Testing hashed length requirement..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS > \ ${TESTOUT}.2 2>&1 << EOMODS dn: $USER changetype: modify delete: userPassword userPassword: $PASS - add: userPassword userPassword: {MD5}xxxxxx EOMODS RC=$? cat ${TESTOUT}.2 >> $TESTOUT if test $RC = 0 ; then echo "Hashed length requirement test failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi COUNT=`grep "Password fails quality" ${TESTOUT}.2 | wc -l` if test $COUNT != 1 ; then echo "Hashed length requirement test failed" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Testing multiple password add/modify checks..." $LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: cn=Add Should Fail, ou=People, dc=example, dc=com changetype: add objectClass: inetOrgPerson cn: Add Should Fail sn: Fail userPassword: firstpw userPassword: secondpw EOMODS RC=$? if test $RC = 0 ; then echo "Multiple password add test failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi $LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify add: userPassword userPassword: firstpw userPassword: secondpw EOMODS RC=$? if test $RC = 0 ; then echo "Multiple password modify add test failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi $LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify replace: userPassword userPassword: firstpw userPassword: secondpw EOMODS RC=$? if test $RC = 0 ; then echo "Multiple password modify replace test failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Testing idle password expiration" echo "Reconfiguring policy to replace expiration with idle expiration..." $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: cn=Standard Policy, ou=Policies, dc=example, dc=com changetype: modify delete: pwdMaxAge - add: pwdMaxIdle pwdMaxIdle: 15 EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 DELAY=`$LDAPSEARCH -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \ -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'` echo "Waiting $DELAY seconds for password to expire..." sleep $DELAY sleep 1 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 RC=$? if test $RC != 49 ; then echo "Password idle expiration failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi echo "Reverting policy changes..." $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: cn=Standard Policy, ou=Policies, dc=example, dc=com changetype: modify delete: pwdMaxIdle - add: pwdMaxAge pwdMaxAge: 30 EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi if test "$BACKLDAP" != "ldapno" && test "$SYNCPROV" != "syncprovno" ; then echo "" echo "Setting up policy state forwarding test..." mkdir $DBDIR2 sed -e "s,$DBDIR1,$DBDIR2," < $CONF1 > $CONF2 echo "Starting slapd consumer on TCP/IP port $PORT2..." $SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID read foo fi KILLPIDS="$KILLPIDS $PID" echo "Configuring syncprov on provider..." if [ "$SYNCPROV" = syncprovmod ]; then $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 dn: cn=module,cn=config objectclass: olcModuleList cn: module olcModulePath: $TESTWD/../servers/slapd/overlays olcModuleLoad: syncprov.la EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for moduleLoad ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi fi $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <> $TESTOUT 2>&1 dn: olcOverlay={1}syncprov,olcDatabase={1}$BACKEND,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for provider database config ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Using ldapsearch to check that slapd is running..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 'objectclass=*' > /dev/null 2>&1 RC=$? if test $RC = 0 ; then break fi echo "Waiting 5 seconds for slapd to start..." sleep 5 done if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Configuring syncrepl on consumer..." if [ "$BACKLDAP" = ldapmod ]; then $LDAPADD -D cn=config -H $URI2 -y $CONFIGPWF <> $TESTOUT 2>&1 dn: cn=module,cn=config objectclass: olcModuleList cn: module olcModulePath: $TESTWD/../servers/slapd/back-ldap olcModuleLoad: back_ldap.la EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for moduleLoad ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi fi $LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <> $TESTOUT 2>&1 dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config changetype: add objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDBURI: $URI1 olcDbIDAssertBind: bindmethod=simple binddn="cn=manager,dc=example,dc=com" credentials=secret mode=self dn: olcDatabase={1}$BACKEND,cn=config changetype: modify add: olcSyncrepl olcSyncrepl: rid=1 provider=$URI1 binddn="cn=manager,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=example,dc=com" type=refreshAndPersist retry="3 5 300 5" - add: olcUpdateref olcUpdateref: $URI1 - dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config changetype: modify replace: olcPPolicyForwardUpdates olcPPolicyForwardUpdates: TRUE - EOF RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Waiting for consumer to sync..." sleep $SLEEP1 echo "Testing policy state forwarding..." $LDAPSEARCH -H $URI2 -D "$USER" -w wrongpw >$SEARCHOUT 2>&1 RC=$? if test $RC != 49 ; then echo "ldapsearch should have failed with 49, got ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi $LDAPSEARCH -H $URI1 -D "$MANAGERDN" -w $PASSWD -b "$USER" \* \+ >> $SEARCHOUT 2>&1 COUNT=`grep "pwdFailureTime" $SEARCHOUT | wc -l` if test $COUNT != 1 ; then echo "Policy state forwarding failed" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi # End of chaining test fi echo "" echo "Testing obsolete Netscape ppolicy controls..." echo "Enabling Netscape controls..." $LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF >> \ $TESTOUT 2>&1 << EOMODS dn: olcOverlay={0}ppolicy,olcDatabase={1}$BACKEND,cn=config changetype: modify replace: olcPPolicySendNetscapeControls olcPPolicySendNetscapeControls: TRUE - EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Reconfiguring policy to remove grace logins..." $LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: cn=Standard Policy, ou=Policies, dc=example, dc=com changetype: modify delete: pwdGraceAuthnLimit - replace: pwdMaxAge pwdMaxAge: 15 - EOMODS RC=$? if test $RC != 0 ; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi OLDPASS=$PASS PASS=newpass $LDAPPASSWD -H $URI1 \ -w secret -s $PASS \ -D "$MANAGERDN" "$USER" >> $TESTOUT 2>&1 RC=$? if test $RC != 0 ; then echo "Setting new password failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Clearing forced reset..." $LDAPMODIFY -v -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ $TESTOUT 2>&1 << EOMODS dn: $USER changetype: modify delete: pwdReset EOMODS DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \ -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=\(\d*\)/\1/p'` DELAY=`expr $DELAY - 10` echo "Testing password expiration" echo "Waiting $DELAY seconds for password to expire..." sleep $DELAY $LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base > $SEARCHOUT 2>&1 sleep 3 $LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 sleep 3 $LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 sleep 3 $LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 sleep 3 $LDAPSEARCH -H $URI1 -D "$USER" -w $PASS \ -b "$BASEDN" -s base >> $SEARCHOUT 2>&1 RC=$? if test $RC = 0 ; then echo "Password expiration failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi COUNT=`grep "PasswordExpiring" $SEARCHOUT | wc -l` if test $COUNT = 0 ; then echo "Password expiring warning test failed!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 1 fi test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" test $KILLSERVERS != no && wait exit 0