Hi Sumit, I've updated the testplan. (Thank you for the link to Fraser's blogpost, it was really very useful!). All the operations described were performed manually and succeed. Could you please review it again in case I forgot something?
On 06/09/2016 05:06 PM, Sumit Bose wrote: > On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote: >> Hi guys, >> >> Here is the first somewhat skeletal and pretty short version of the >> testplan. Could you please review it anyone? >> >> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan > > Hi Oleg, > > 'Make sure the id view is applied to ipa master host' the IPA > masters/servers will always and only have the 'Default Trust View'. But > it is ok to use the 'Default Trust View' for testing the certificates in > the ID override. > > The 'openssl req ...' call will only generate a certificate request and > not the certificate itself. The request must still be signed by e.g. the > IPA CA. Please see the blog posts of Fraser > (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/) > and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details. > > Since you want to test certificates in overrides you should use > idoverrideuser-add-cert and idoverrideuser-remove-cert instead of > user-add-cert and user-remove-cert. > > bye, > Sumit > >> -- >> Oleg Fayans >> Quality Engineer >> FreeIPA team >> RedHat. >> >> -- >> Manage your subscription for the Freeipa-devel mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-devel >> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
