I have looked at the testplan and have the following comments:
In general LGTM, but I miss the following test scenarios:
1.) Test principal alias removal, more specifically test that the
removal of the alias equivalent to the canonical name triggers an error
2.) Test that you cannot create an enterprise principal alias whose
suffix overlaps with trusted domains UPN. You do not need trust for
this, just a domain entry in LDAP, see
`test_xmlrpc/test_range_plugin.py` and MockLDAP class for hints.
Basically you should get an error when adding principal alias such as
'user\@trusted.domain.upn@REALM' regardless of the case of
3.) test that when adding alias to an entry lacking 'krbcanonicalname'
(e.g. old entry from upgrade), the existing value of 'krbprincipalname'
is copied to the attribute
That is all I can currently think of off the top of my head.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code