On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote: > Hi Sumit, > > I've updated the testplan. (Thank you for the link to Fraser's blogpost, > it was really very useful!). All the operations described were > performed manually and succeed. Could you please review it again in case > I forgot something?
Thank you, the tests are looking good. I have two comments. First, for your information, I#m not sure if WebUI is in the scope of this tests, Pavel already send '0058 WebUI: certificate widget on ID override user page' to the freeipa-devel list, so adding certificates to idoverrides with the WebUI should work soon as well. Second, the LDAP attribute used to store the certificates is a multi-value attribute. Adding a test where a second certificate is added to the override and removed (without deleting the other certificate) might be useful here. bye, Sumit > > > On 06/09/2016 05:06 PM, Sumit Bose wrote: > > On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote: > >> Hi guys, > >> > >> Here is the first somewhat skeletal and pretty short version of the > >> testplan. Could you please review it anyone? > >> > >> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan > > > > Hi Oleg, > > > > 'Make sure the id view is applied to ipa master host' the IPA > > masters/servers will always and only have the 'Default Trust View'. But > > it is ok to use the 'Default Trust View' for testing the certificates in > > the ID override. > > > > The 'openssl req ...' call will only generate a certificate request and > > not the certificate itself. The request must still be signed by e.g. the > > IPA CA. Please see the blog posts of Fraser > > (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/) > > and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details. > > > > Since you want to test certificates in overrides you should use > > idoverrideuser-add-cert and idoverrideuser-remove-cert instead of > > user-add-cert and user-remove-cert. > > > > bye, > > Sumit > > > >> -- > >> Oleg Fayans > >> Quality Engineer > >> FreeIPA team > >> RedHat. > >> > >> -- > >> Manage your subscription for the Freeipa-devel mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-devel > >> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > -- > Oleg Fayans > Quality Engineer > FreeIPA team > RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code