if num == ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS:
raise CommandError("Administrator permissions are needed to create a PSO.")
else:
- raise CommandError("Failed to create PSO '%s': %s" %(pso_dn, msg))
+ raise CommandError("Failed to create PSO '%s': %s" % (pso_dn,
+ msg))
class cmd_domain_pwdsettings_pso_set(Command):
"""Modifies a Password Settings Object (PSO)."""
show_pso_by_dn(self.outf, samdb, pso_dn, show_applies_to=False)
except ldb.LdbError as e:
(num, msg) = e.args
- raise CommandError("Failed to update PSO '%s': %s" %(pso_dn, msg))
+ raise CommandError("Failed to update PSO '%s': %s" % (pso_dn, msg))
class cmd_domain_pwdsettings_pso_delete(Command):
for pso in pso_list:
precedence = pso['msDS-PasswordSettingsPrecedence']
- self.outf.write("%-10s | %s\n" %(precedence, pso['name']))
+ self.outf.write("%-10s | %s\n" % (precedence, pso['name']))
class cmd_domain_pwdsettings_pso_show(Command):
"""Display a Password Settings Object's details."""
raise CommandError("PSO '%s' already applies to '%s'"
% (psoname, user_or_group))
else:
- raise CommandError("Failed to update PSO '%s': %s" %(psoname,
- msg))
+ raise CommandError("Failed to update PSO '%s': %s" % (psoname,
+ msg))
- self.message("PSO '%s' applied to '%s'" %(psoname, user_or_group))
+ self.message("PSO '%s' applied to '%s'" % (psoname, user_or_group))
class cmd_domain_pwdsettings_pso_unapply(Command):
raise CommandError("PSO '%s' doesn't apply to '%s'"
% (psoname, user_or_group))
else:
- raise CommandError("Failed to update PSO '%s': %s" %(psoname,
- msg))
- self.message("PSO '%s' no longer applies to '%s'" %(psoname, user_or_group))
+ raise CommandError("Failed to update PSO '%s': %s" % (psoname,
+ msg))
+ self.message("PSO '%s' no longer applies to '%s'" % (psoname,
+ user_or_group))
class cmd_domain_passwordsettings_pso(SuperCommand):
"""Manage fine-grained Password Settings Objects (PSOs)."""
initial_password = "Initial12#"
self.name = username
self.ldb = samdb
- self.dn = "CN=%s,%s,%s" %(username, (userou or "CN=Users"),
- self.ldb.domain_dn())
+ self.dn = "CN=%s,%s,%s" % (username, (userou or "CN=Users"),
+ self.ldb.domain_dn())
# store all passwords that have ever been used for this user, as well
# as a pwd_history that more closely resembles the history on the DC
Returns a object representing the default password settings that will
take effect (i.e. when no other Fine-Grained Password Policy applies)
"""
- pw_attrs=["minPwdAge", "lockoutDuration", "lockOutObservationWindow",
- "lockoutThreshold", "maxPwdAge", "minPwdAge", "minPwdLength",
- "pwdHistoryLength", "pwdProperties"]
+ pw_attrs = ["minPwdAge", "lockoutDuration", "lockOutObservationWindow",
+ "lockoutThreshold", "maxPwdAge", "minPwdAge",
+ "minPwdLength", "pwdHistoryLength", "pwdProperties"]
res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_BASE,
attrs=pw_attrs)
container = "CN=Password Settings Container,CN=System,%s" % base_dn
self.name = name
- self.dn = "CN=%s,%s" %(name, container)
+ self.dn = "CN=%s,%s" % (name, container)
self.ldb = samdb
self.precedence = precedence
self.complexity = complexity
"""Checks the PSO info in the DB matches what's expected"""
# lookup the PSO in the DB
- dn = "CN=%s,%s" %(pso_name, self.pso_container)
+ dn = "CN=%s,%s" % (pso_name, self.pso_container)
pso_attrs = ['name', 'msDS-PasswordSettingsPrecedence',
'msDS-PasswordReversibleEncryptionEnabled',
'msDS-PasswordHistoryLength', 'msDS-MinimumPasswordLength',
"-H", self.server,
self.user_auth)
# make sure we clean-up after the test completes
- self.obj_cleanup.append("CN=%s,%s" %(pso_name, self.pso_container))
+ self.obj_cleanup.append("CN=%s,%s" % (pso_name, self.pso_container))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
"--max-pwd-age=50",
"-H", self.server,
self.user_auth)
- self.obj_cleanup.append("CN=%s,%s" %(pso_name, self.pso_container))
+ self.obj_cleanup.append("CN=%s,%s" % (pso_name, self.pso_container))
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("successfully created", out)
"-H", self.server,
self.user_auth)
# make sure we clean-up after the test completes
- pso_settings.dn = "CN=%s,%s" %(pso_name, self.pso_container)
+ pso_settings.dn = "CN=%s,%s" % (pso_name, self.pso_container)
self.obj_cleanup.append(pso_settings.dn)
# sanity-check the cmd was successful
self.assertCmdSuccess(result, out, err)
self.assertEquals(err,"","Shouldn't be any error messages")
self.assertIn("Deleted PSO", out)
- dn = "CN=%s,%s" %(pso_name, self.pso_container)
+ dn = "CN=%s,%s" % (pso_name, self.pso_container)
self.obj_cleanup.remove(dn)
# check the object no longer exists in the DB
# add the user to a new group
group_name = "test-PSO-group"
- dn = "CN=%s,%s" %(group_name, self.ldb.domain_dn())
+ dn = "CN=%s,%s" % (group_name, self.ldb.domain_dn())
self.ldb.add({"dn": dn, "objectclass": "group",
"sAMAccountName": group_name})
self.obj_cleanup.append(dn)
self._create_pso(pso_name)
user = TestUser("test-unpriv-user", self.ldb)
self.obj_cleanup.append(user.dn)
- unpriv_auth = "-U%s%%%s" %(user.name, user.get_password())
+ unpriv_auth = "-U%s%%%s" % (user.name, user.get_password())
# check we need admin privileges to be able to do anything to PSOs
(result, out, err) = self.runsublevelcmd("domain", ("passwordsettings",
def add_group(self, group_name):
"""Creates a new group"""
- dn = "CN=%s,%s" %(group_name, self.ou)
+ dn = "CN=%s,%s" % (group_name, self.ou)
self.ldb.add({"dn": dn, "objectclass": "group"})
return dn
except ldb.LdbError as e:
(num, msg) = e.args
# fail the test (rather than throw an error)
- self.fail("Password '%s' unexpectedly rejected: %s" %(password, msg))
+ self.fail("Password '%s' unexpectedly rejected: %s" % (password, msg))
def assert_PSO_applied(self, user, pso):
"""
"""
resultant_pso = user.get_resultant_PSO()
self.assertTrue(resultant_pso == pso.dn,
- "Expected PSO %s, not %s" %(pso.name,
- str(resultant_pso)))
+ "Expected PSO %s, not %s" % (pso.name,
+ str(resultant_pso)))
# we're mirroring the pwd_history for the user, so make sure this is
# up-to-date, before we start making password changes
# we can't wait around long enough for the max-age to expire, so instead
# just check the msDS-UserPasswordExpiryTimeComputed for the user
- attrs=['msDS-UserPasswordExpiryTimeComputed']
+ attrs = ['msDS-UserPasswordExpiryTimeComputed']
res = self.ldb.search(user.dn, attrs=attrs)
domain_expiry = int(res[0]['msDS-UserPasswordExpiryTimeComputed'][0])
# object multiple times, so this might be noteworthy but doesn't
# warrant failing the test
if (len(received_list) != len(expected_list)):
- print("Note: received %d objects but expected %d" %(len(received_list),
- len(expected_list)))
+ print("Note: received %d objects but expected %d" % (len(received_list),
+ len(expected_list)))
# Check that we received every object that we were expecting
for dn in expected_list:
self.assertTrue(len(received_links) == num_expected,
"Received %d links but expected %d"
- %(len(received_links), num_expected))
+ % (len(received_links), num_expected))
for dn in objects_with_links:
self.assert_object_has_link(dn, link_attr, received_links)
# We didn't find the expected link attribute in the DB for the object.
# Something has gone wrong somewhere...
self.assertTrue(link_attr in res[0], "%s in DB doesn't have attribute %s"
- %(dn, link_attr))
+ % (dn, link_attr))
# find the received link in the list and assert that the target and
# source GUIDs match what's in the DB
found = True
if self._debug:
- print("Link %s --> %s" %(dn[:25], link.targetDN[:25]))
+ print("Link %s --> %s" % (dn[:25], link.targetDN[:25]))
break
self.assertTrue(found, "Did not receive expected link for DN %s" % dn)
# create the link target (a server object) in the config NC
rand = random.randint(1, 10000000)
la_target = "CN=getncchanges-%d,CN=Servers,CN=Default-First-Site-Name," \
- "CN=Sites,%s" %(rand, self.config_dn)
+ "CN=Sites,%s" % (rand, self.config_dn)
self.add_object(la_target, objectclass="server")
# add a cross-partition link between the two
# that the 2nd run doesn't hit objects that already exist. Add some
# randomness to the object DN to make it unique
rand = random.randint(1, 10000000)
- return "%s-%d,%s" %(obj_name, rand, self.ou)
+ return "%s-%d,%s" % (obj_name, rand, self.ou)
def assert_attrs_match(self, res1, res2, attr, expected_count):
"""
"""
actual_len = len(res1[0][attr])
self.assertTrue(actual_len == expected_count,
- "Expected %u %s attributes, but got %u" %(expected_count,
- attr, actual_len))
+ "Expected %u %s attributes, but got %u" % (expected_count,
+ attr, actual_len))
actual_len = len(res2[0][attr])
self.assertTrue(actual_len == expected_count,
- "Expected %u %s attributes, but got %u" %(expected_count,
- attr, actual_len))
+ "Expected %u %s attributes, but got %u" % (expected_count,
+ attr, actual_len))
# check DCs both agree on the same linked attributes
for val in res1[0][attr]:
self.assertTrue(val in res2[0][attr],
- "%s '%s' not found on DC2" %(attr, val))
+ "%s '%s' not found on DC2" % (attr, val))
def zero_highwatermark(self):
"""Returns a zeroed highwatermark so that all DRS data gets returned"""