HI!
slapo-ppolicy in OpenLDAP 2.5 shows slightly different behaviour in python-ldap0 tests (see test output below).
Tests: https://gitlab.com/ae-dir/python-ldap0/-/blob/master/tests/test_ppolicy.py
When working with Ondřej for solving ITS#9279 I finally "fixed" ldap0 tests to accomodate the behaviour of OpenLDAP 2.4.x. I did not feel comfortable back then because it was not clear to me whether it was the correct fix.
Do you have any tests you could run against 2.4 and 2.5 to verify whether both have same behaviour?
Ciao, Michael.
====================================================================== FAIL: test003_ppolicy_grace_logins (tests.test_ppolicy.TestPPolicy) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/michael/Proj/ae-dir/python-ldap0/tests/test_ppolicy.py", line 235, in test003_ppolicy_grace_logins self.assertEqual( AssertionError: 'Password expired! 1 grace logins left.' != 'Password expired! 2 grace logins left.' - Password expired! 1 grace logins left. ? ^ + Password expired! 2 grace logins left. ? ^
====================================================================== FAIL: test001_pwdpolicy_expiration (tests.test_ppolicy.TestPwdPolicy) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/michael/Proj/ae-dir/python-ldap0/tests/test_ppolicy.py", line 285, in test001_pwdpolicy_expiration self.assertIsInstance(bind_res.ctrls[0], PasswordExpiringControl) AssertionError: <ldap0.controls.pwdpolicy.PasswordExpiredControl object at 0x7efc9d8ca760> is not an instance of <class 'ldap0.controls.pwdpolicy.PasswordExpiringControl'>
====================================================================== FAIL: test002_pwdpolicy_expired (tests.test_ppolicy.TestPwdPolicy) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/michael/Proj/ae-dir/python-ldap0/tests/test_ppolicy.py", line 306, in test002_pwdpolicy_expired l.simple_bind_s(self.user_dn, user_password.encode('utf-8')) AssertionError: INVALID_CREDENTIALS not raised