On 05/13/2015 05:54 PM, Martin Basti wrote:
On 13/05/15 17:44, David Kupka wrote:
Hello, following tests are out of scope of API tests, but would be
nice to have:
On 05/13/2015 02:57 PM, Lenka Ryznarova wrote:
I've prepared test plan design for User Lifecycle Plugin - . Please
review and let me know if you have any comments on that.
thanks for sharing the test plan. I've quickly looked at it and have
just 2 notes:
1) please add "Verify that specific GID number of a staged entry is
preserved after activation"
2) In a block of tests "Try activating staged entry with
<every-possible-attribute>" please add a activation tests. It should
be possible to add/modify the attributes in staging are freely all
the check must be applied when the user is activated.
* test to make sure the staged/deleted user is unable to kinit
* opposite case the reactivated user is able to kinit (if this case is
* ACI tests: to make sure only proper roles can manipulate with staged
This is looking as a very good set of tests. If you have time, you may
also add those tests:
* try do a simple bind with a stage/delete user
* option only-delete, also-delete and --deleted are deprecated.. sorry
the design is not up-to-date, now it is --preserved flag
* Run the tests as admin
* Run the tests as a stageadm (member of 'User administrator')
* Try to update a stageuser with invalid uid/gidnumber (<0 , or string)
* Check that activated and undelete users are member of ipausers
* Being authenticated with a newly activated user, check you have
limited access to entries (only modify yourself)
* Try to add (ldapadd) an entry directly in delete container, should
not be allowed even for admin.
* Create a user that is member of a 'system provisioning' role.
'system provisioning' role has the 'Stage user provisioning' priviledge.
This user should only be allow to add 'stage' user (no read, delete,
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code