On Fri, 27 May 2016, Sumit Bose wrote:
On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote:
Hi all,


here [1] is a draft of test plan for V4 RFE Support of UPN for trusted
domains.

Please review this and let me know if there's something missing or wrong.

Hi Lenka,

thank you for the test plan.

About the TBD, Alexander and I agreed to store the alternative domain
suffixes read from AD in a new attribute in the LDAP object of the
forest root of the trusted domain.

About the kinit tests. Please note that it is expected that the -E
option of kinit must be used when alternative suffixes are used.

I'm not sure if SSSD tests are in the scope here as well. If they are I
would suggest to add authentication tests with SSSD where e.g. the name
with an alternative domain suffix is used as login name. This in general
already works with SSSD but is disabled by default for IPA because of
the missing server-side support so far. Since SSSD must be able to work
with old and new IPA server https://fedorahosted.org/sssd/ticket/3018
was created so that SSSD can detect at runtime if the server supports
this or not.
Right, I think we should make sure SSSD is tested against IPA UPN
support because otherwise we might get regressions.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to