From 50954766056e974f0ca4eb244e8c76e8c731a223 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Mar 2022 21:53:06 +0100
Subject: [PATCH] dsdb/tests: prepare BasePasswordTestCase for simple bind
 tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6)
---
 .../tests/python/password_lockout_base.py     | 20 ++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/source4/dsdb/tests/python/password_lockout_base.py b/source4/dsdb/tests/python/password_lockout_base.py
index 0951ed8594f..f311502da3c 100644
--- a/source4/dsdb/tests/python/password_lockout_base.py
+++ b/source4/dsdb/tests/python/password_lockout_base.py
@@ -6,6 +6,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
 from ldb import SCOPE_BASE, LdbError
 from ldb import ERR_CONSTRAINT_VIOLATION
 from ldb import ERR_INVALID_CREDENTIALS
+from ldb import SUCCESS as LDB_SUCCESS
 from ldb import Message, MessageElement, Dn
 from ldb import FLAG_MOD_REPLACE
 from samba import gensec, dsdb
@@ -213,11 +214,17 @@ class BasePasswordTestCase(PasswordTestCase):
                                                        FLAG_MOD_REPLACE, "lockOutObservationWindow")
         self.ldb.modify(m)
 
-    def _readd_user(self, creds, lockOutObservationWindow=0):
+    def _readd_user(self, creds, lockOutObservationWindow=0, simple=False):
         username = creds.get_username()
         userpass = creds.get_password()
         userdn = "cn=%s,cn=users,%s" % (username, self.base_dn)
 
+        if simple:
+            creds.set_bind_dn(userdn)
+            ldap_url = self.host_url_ldaps
+        else:
+            ldap_url = self.host_url
+
         delete_force(self.ldb, userdn)
         self.ldb.add({
              "dn": userdn,
@@ -248,10 +255,10 @@ userPassword: """ + userpass + """
         self._check_account_initial(userdn)
 
         # Fail once to get a badPasswordTime
-        self.assertLoginFailure(self.host_url, fail_creds, self.lp)
+        self.assertLoginFailure(ldap_url, fail_creds, self.lp)
 
         # Succeed to reset everything to 0
-        ldb = self.assertLoginSuccess(self.host_url, creds, self.lp)
+        ldb = self.assertLoginSuccess(ldap_url, creds, self.lp)
 
         return ldb
 
@@ -362,10 +369,17 @@ lockoutThreshold: """ + str(lockoutThreshold) + """
                                                    userpass="thatsAcomplPASS0",
                                                    kerberos_state=DONT_USE_KERBEROS)
         self.lockout1ntlm_ldb = self._readd_user(self.lockout1ntlm_creds)
+        self.lockout1simple_creds = self.insta_creds(self.template_creds,
+                                                   username="lockout1simple",
+                                                   userpass="thatsAcomplPASS0",
+                                                   kerberos_state=DONT_USE_KERBEROS)
+        self.lockout1simple_ldb = self._readd_user(self.lockout1simple_creds,
+                                                   simple=True)
 
     def delete_ldb_connections(self):
         del self.lockout1krb5_ldb
         del self.lockout1ntlm_ldb
+        del self.lockout1simple_ldb
         del self.ldb
 
     def tearDown(self):