Univention Bugzilla – Bug 35448
Test password reset
Last modified: 2014-12-15 11:40:44 CET
It should be tested if a user is able to reset different users by sending custom DNs to the backend, e.g. a teacher is able to reset the password of uid=Administrator by sending the DN uid=Administrator,cn=users,$ldap_base to the backend. Combinations which should be tested and assumed to be impossible: teacher resets password of other teachers teacher resets password of other schooladmins teacher resets password of other Domain Admins +++ This bug was initially created as a clone of Bug #34281 +++ A ucs-test script should check the UCS@school password reset module for students and teachers: - create random OU and some test users - connect via python UMCConnection() class to UMC and send UMCP command for resetting the password of a previously created user. - check if the checkbox "user has to change password on next login" is evaluated/handled correctly - check if a login with the new password is possible (e.g. login to UMC or via SSH or smbclient or ...)
Please also test that students have no access to the UMC module at all.
A new test script is created with the name "24_password_reset_by_all_types_of_users" which includes: - Users = [school admin, domain admin, global user, teacher, student] - Test if any type of these users has the correct rights to reset any user type (including its own user type). - 'command forbidden' and 'permission denied' are used to recognize if the user has the right to access the umc module. - This script includes some test cases from Bug #35154. This script fails because of Bug #35447. Tested on single server and multi server environment.
The failing cases mentioned in bug #35447 are skipped for now in the test script "24_password_reset_by_all_types_of_users" until that bug is fixed.