diff --git a/test/ucs-test/tests/51_samba4/62server_password_change_drs_replication b/test/ucs-test/tests/51_samba4/62server_password_change_drs_replication index b1d0985546..7889e2d2a1 100755 --- a/test/ucs-test/tests/51_samba4/62server_password_change_drs_replication +++ b/test/ucs-test/tests/51_samba4/62server_password_change_drs_replication @@ -17,22 +17,25 @@ from univention.testing.udm import UCSTestUDM from univention.testing.umc import Client import time +default_password = 'univention' +new_password = 'Univention.2' + with UCSTestConfigRegistry() as ucr_test: ldap_master = ucr_test.get('ldap/master') - client = Client(ldap_master) + umc_client = Client(ldap_master) role = ucr_test.get('server/role') ##server password change univention.config_registry.handler_set(['server/password/interval=-1']) - print 'executing a server password change' + print 'Executing a server password change' try: cmd = ['/usr/lib/univention-server/server_password_change'] output = subprocess.check_output(cmd) - print 'Output of server_password_change:\n%s' % (output) - except subprocess.CalledProcessError: - fail( 'Error running server_password_change') + print('Output of server_password_change:\n%s' % (output,)) + except subprocess.CalledProcessError as exc: + fail('Error running server_password_change: %s' % (exc,)) else: output = '' timeout = 200 @@ -52,74 +55,76 @@ with UCSTestConfigRegistry() as ucr_test: #create user try: - user_dn, user_name = udm.create_user(password = 'univention') - except Exception: - fail('Creating user failed: %s' % user_name) + user_dn, user_name = udm.create_user() + except Exception as exc: + fail('Creating user "%s" failed: %s' % (user_name, exc)) else: - print 'Creating user succeeded: %s' % user_name + print('Creating user "%s" succeeded' % user_name) #Check if user can be authenticated with current password try: - client.authenticate(user_name,'univention') - except Exception as e: - fail('user cant be authenticated') + umc_client.authenticate(user_name, default_password) + except Exception as exc: + fail('User cannot be authenticated: %s' % (exc,)) else: - print 'user authenticated' + print('User %s could authenticate against UMC of %s' % (user_name, ldap_master)) #Wait for replication samba_found = False - t = t0 = time.time() + t0 = time.time() timeout = 200 - while (not samba_found) and (t < t0 + timeout): - p2 = subprocess.Popen(['samba-tool user list | grep %s' %(user_name)],shell = True) - output,error = p2.communicate() + while (not samba_found) and (time.time() < t0 + timeout): + p2 = subprocess.Popen('samba-tool user list | grep ^%s$' % (user_name,), shell=True) + output, error = p2.communicate() if output == '': time.sleep(5) - t = time.time() elif output != '' and error is None: samba_found = True if not samba_found: - fail ('user %s could not be found in samba-tool user list'%user_name) + fail('User %s could not be found in samba-tool user list after %d seconds' % (user_name, timeout)) #prepare for samba password change + min_pwd_age = None + pwd_complexity = None try: - min_pwd_age = subprocess.check_output('samba-tool domain passwordsettings show | grep "Minimum password age" | sed s/[^0-9]*/""/', shell=True).strip() - pwd_complexity = subprocess.check_output('samba-tool domain passwordsettings show | grep complexity | sed "s/Password complexity: //"', shell=True).strip() - p3 = subprocess.Popen(['samba-tool domain passwordsettings set --complexity=off --min-pwd-age=0'],shell=True) + p2 = subprocess.Popen('samba-tool domain passwordsettings show') + output, error = p2.communicate() + min_pwd_age_key = "Minimum password age (days): " + for line in output.splitlines(): + if line.startswith(min_pwd_age_key): + min_pwd_age = line[len(min_pwd_age_key):] + p3 = subprocess.Popen('samba-tool domain passwordsettings set --min-pwd-age=0') p3.communicate() - except Exception: - fail( 'could not save the samba settings for cleanup') + except Exception as exc: + fail( 'Could not save the samba settings for cleanup %s' % (exc,)) #samba setpassword try: - p4 = subprocess.Popen(['samba-tool user setpassword %s --newpassword=univention2' %(user_name)],shell=True) + p4 = subprocess.Popen('samba-tool user setpassword %s --newpassword=%s' % (user_name, new_password)) stdout,stderr = p4.communicate() - except Exception: + except Exception as exc: #revert samba passwordsetting changes - subprocess.Popen(['samba-tool domain passwordsettings set --complexity=%s --min-pwd-age=%s'%(pwd_complexity,min_pwd_age)],shell=True) - fail('could not set the user password with samba-tool domain passwordsettings') - - #revert samba passwordsetting changes - subprocess.Popen(['samba-tool domain passwordsettings set --complexity=%s --min-pwd-age=%s'%(pwd_complexity,min_pwd_age)],shell=True) + fail('Could not set the user password with samba-tool domain passwordsettings: %s' % (exc,)) + finally: + #revert samba passwordsetting changes + if min_pwd_age: + subprocess.Popen('samba-tool domain passwordsettings set --min-pwd-age=%s' % (min_pwd_age,)) #Wait for replication - print 'Tries to log in with new password' - password_changes = False - t = t0 = time.time() + print 'Try to log in with new password' + new_password_worked = False + t0 = time.time() timeout = 200 - while (not password_changes) and (t < t0 + timeout): + while (not new_password_worked) and (time.time() < t0 + timeout): try: - client.authenticate(user_name,'univention2') + umc_client.authenticate(user_name, new_password) except Exception: time.sleep(5) - t = time.time() - pass else: - password_changes = True + new_password_worked = True - if not password_changes: - fail('drs replication does not seem to be working') - exit(0) + if not new_password_worked: + fail('DRS replication to %s does not seem to be working after server password change' % (ldap_master,))