On Sat, May 01, 2021 at 05:31:44PM +0200, Michael Ströder wrote:
HI!
slapo-ppolicy in OpenLDAP 2.5 shows slightly different behaviour in python-ldap0 tests (see test output below).
Tests: https://gitlab.com/ae-dir/python-ldap0/-/blob/master/tests/test_ppolicy.py
When working with Ondřej for solving ITS#9279 I finally "fixed" ldap0 tests to accomodate the behaviour of OpenLDAP 2.4.x. I did not feel comfortable back then because it was not clear to me whether it was the correct fix.
Do you have any tests you could run against 2.4 and 2.5 to verify whether both have same behaviour?
Ciao, Michael.
====================================================================== FAIL: test003_ppolicy_grace_logins (tests.test_ppolicy.TestPPolicy)
Traceback (most recent call last): File "/home/michael/Proj/ae-dir/python-ldap0/tests/test_ppolicy.py", line 235, in test003_ppolicy_grace_logins self.assertEqual( AssertionError: 'Password expired! 1 grace logins left.' != 'Password expired! 2 grace logins left.'
- Password expired! 1 grace logins left.
? ^
- Password expired! 2 grace logins left.
? ^
Does the count reported match the wording of the draft in section 6.2?
""" The graceAuthNsRemaining warning specifies the remaining number of times a user will be allowed to authenticate with an expired password. """
If not, please reopen ITS#7596 with a test case.
Thanks,