X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6e08460da8e0d19c8152863eda05b868fa1a8d55..edc70abe9c05ff9a4ce90ce4c6c271223142c5e5:/lib/controller/localdb/login_ldap_docker_test.sh diff --git a/lib/controller/localdb/login_ldap_docker_test.sh b/lib/controller/localdb/login_ldap_docker_test.sh index 43f2ec0d77..6fc6dd9444 100755 --- a/lib/controller/localdb/login_ldap_docker_test.sh +++ b/lib/controller/localdb/login_ldap_docker_test.sh @@ -160,7 +160,7 @@ objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount -shadowMax: 180 +shadowMax: -1 shadowMin: 1 shadowWarning: 7 shadowLastChange: 10701 @@ -169,6 +169,26 @@ uidNumber: 11111 gidNumber: 11111 homeDirectory: /home/foo-bar userPassword: ${passwordhash} + +dn: uid=expired,dc=example,dc=org +uid: expired +cn: "Exp Ired" +givenName: Exp +sn: Ired +mail: expired@example.com +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: top +objectClass: shadowAccount +shadowMax: 180 +shadowMin: 1 +shadowWarning: 7 +shadowLastChange: 10701 +loginShell: /bin/bash +uidNumber: 11112 +gidNumber: 11111 +homeDirectory: /home/expired +userPassword: ${passwordhash} EOF echo >&2 "Adding example user entry user=foo-bar pass=secret (retrying until server comes up)" @@ -227,6 +247,13 @@ else check_contains "${resp}" '{"errors":["PAM: Authentication failure (with username \"foo-bar\" and password)"]}' fi +if [[ "${config_method}" = pam ]]; then + echo >&2 "Testing expired credentials" + resp="$(set -x; curl -s --include -d username=expired -d password=secret "http://0.0.0.0:${ctrlport}/arvados/v1/users/authenticate" | tee $debug)" + check_contains "${resp}" "HTTP/1.1 401" + check_contains "${resp}" '{"errors":["PAM: Authentication failure; \"You are required to change your LDAP password immediately.\""]}' +fi + echo >&2 "Testing authentication success" resp="$(set -x; curl -s --include -d username=foo-bar -d password=secret "http://0.0.0.0:${ctrlport}/arvados/v1/users/authenticate" | tee $debug)" check_contains "${resp}" "HTTP/1.1 200"