Univention Bugzilla – Bug 34281
Test password reset for students/teachers
Last modified: 2023-03-25 06:55:14 CET
A ucs-test script should check the UCS@school password reset module for students and teachers: - create random OU and some test users - connect via python UMCConnection() class to UMC and send UMCP command for resetting the password of a previously created user. - check if the checkbox "user has to change password on next login" is evaluated/handled correctly - check if a login with the new password is possible (e.g. login to UMC or via SSH or smbclient or ...)
Basic recipe and background information for this test: The UMC module for password reset is located within the source package ucs-school-umc-users. Have a look in ucs-school-umc-users/umc/*.xml for the correct UMCP command name for resetting user passwords. There is also mentioned the name of the python function which is implemented in ucs-school-umc-users/umc/python/*/*.py. There you can grab all possible arguments for this function. The test shall use the class UCSTestSchool of the python module univention.testing.ucsschool for creating OUs and users. For this test, at least two student users and two teacher users are required. The following chart shows all possible user combinations. Only one of them is allowed. It should be also tested if the not allowed combinations do fail as indentended. \ Userrole to be resetted UMCP User \ student2 teacher2 ------------+-------------------------- student1 | FAIL FAIL teacher1 | SUCCESS FAIL Testing if the password reset was successful should be done in two steps: - check the return code of the UMCP command - check login via UMCConnection (e.g. UMCConnection.login(DN_student2, password)) The whole test case should be done twice: a) with "change password on next login == False" b) with "change password on next login == True" In case of b) the LDAP attribute "shadowMax" should be set to "1" and the attribute "sambaPwdLastSet" should be set to "0". In case of a) "shadowMax" is unset and "sambaPwdLastSet" contains a numerical value larger than 1.
desc: ucs-school-reset-password-check roles: [domaincontroller_master] packages: - ucs-school-umc-users This test check the following: 1. create two teachers and two students in a new OU. 2. test if teacher is unable to reset teacher password (chgPwdNextLogin=True) 3. test if student is unable to reset teacher password (chgPwdNextLogin=True) 4. test if student is unable to reset student password (chgPwdNextLogin=True) 5. test if teacher is unable to reset teacher password (chgPwdNextLogin=False) 6. test if student is unable to reset teacher password (chgPwdNextLogin=False) 7. test if student is unable to reset student password (chgPwdNextLogin=False) 8. test if teacher is able to reset student password (chgPwdNextLogin=True) 9. test if teacher is able to reset student password (chgPwdNextLogin=False)
BUG: Please set "exposure" in the ucs-test header to "careful". OK: implementation OK: testrun Changelog for UCS@school 3.2R2 has been made.
(In reply to Sönke Schwardt-Krummrich from comment #3) > BUG: Please set "exposure" in the ucs-test header to "careful". I just reread the ucs-test definitions: please set "exposure" to "dangerous". (http://wiki.univention.de/index.php?title=Ucs-test)
Added "domaincontroller_slave" to roles in ucs-test header. Successfully tested on master and slave. → VERIFIED