You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/04/12 11:13:17 UTC
svn commit: r1467219 -
/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
Author: elecharny
Date: Fri Apr 12 09:13:17 2013
New Revision: 1467219
URL: http://svn.apache.org/r1467219
Log:
o Added a test to check that when we have reach a number of failed attempt, the password is locked, and that it get unlocked after a delay.
Modified:
directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java?rev=1467219&r1=1467218&r2=1467219&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java (original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java Fri Apr 12 09:13:17 2013
@@ -768,6 +768,7 @@ public class PasswordPolicyIT extends Ab
addUser( adminConnection, userDn, "12345" );
LdapConnection userConnection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ userConnection.setTimeOut( 0L );
checkBind( userConnection, userDn, "badPassword", 3,
"INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout,ou=system" );
@@ -784,15 +785,72 @@ public class PasswordPolicyIT extends Ab
/**
+ * Check that we can't try more than N times to login with a wrong password before
+ * being locked. Also check that we have a delay before we can log again.
+ */
+ @Test
+ public void testPwdLockoutWithNAttemptsAndLockoutDelay() throws Exception
+ {
+ policyConfig.setPwdLockout( true );
+ policyConfig.setPwdMaxFailure( 3 );
+ policyConfig.setPwdLockoutDuration( 5 );
+
+ Dn userDn = new Dn( "cn=userLockout,ou=system" );
+ LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() );
+
+ addUser( adminConnection, userDn, "12345" );
+
+ LdapConnection userConnection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ userConnection.setTimeOut( 0L );
+
+ checkBind( userConnection, userDn, "badPassword", 3,
+ "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout,ou=system" );
+
+ // Now, try to login until the delay is elapsed
+ boolean success = false;
+ int t = 0;
+
+ for ( t = 0; t < 10; t++ )
+ {
+ try
+ {
+ userConnection.bind( userDn, "12345" );
+ //System.out.println( "Attempt success " + ( t + 1 ) + " at " + new Date( System.currentTimeMillis() ) );
+ success = true;
+ break;
+ }
+ catch ( LdapException le )
+ {
+ //System.out.println( "Attempt failure " + ( t + 1 ) + " at " + new Date( System.currentTimeMillis() ) );
+ Entry userEntry = adminConnection.lookup( userDn, "+" );
+ Attribute pwdAccountLockedTime = userEntry
+ .get( PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT );
+ assertNotNull( pwdAccountLockedTime );
+
+ // Expected : wait 1 second before retrying
+ Thread.sleep( 1000 );
+ }
+ }
+
+ assertTrue( success );
+ assertTrue( t >= 5 );
+ userConnection.close();
+
+ Entry userEntry = adminConnection.lookup( userDn, "+" );
+ Attribute pwdAccountLockedTime = userEntry.get( PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT );
+ assertNull( pwdAccountLockedTime );
+ }
+
+
+ /**
* Check that we are delayed between each attempt
* @throws Exception
*/
@Test
public void testPwdAttempsDelayed() throws Exception
{
- policyConfig.setPwdMaxFailure( 5 );
- policyConfig.setPwdMinDelay( 2 );
- policyConfig.setPwdMaxDelay( 4 );
+ policyConfig.setPwdMinDelay( 200 );
+ policyConfig.setPwdMaxDelay( 400 );
policyConfig.setPwdLockout( true );
Dn userDn = new Dn( "cn=userLockout,ou=system" );