And, of course, a patch file :)
On 07/01/2016 11:09 AM, Lenka Doudova wrote:
Hi all,
here's patch with basic test suite for support of UPN.
Note: it needs to be applied on top of my patch 0025.2 (or later, if
there's will be more fixes to that patch).
Lenka
From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
From: Lenka Doudova <ldoud...@redhat.com>
Date: Fri, 1 Jul 2016 11:00:57 +0200
Subject: [PATCH] Tests: Support of UPN for trusted domains
Basic set of tests to verify support of UPN functionality.
Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust
https://fedorahosted.org/freeipa/ticket/5354
---
ipatests/test_integration/test_trust.py | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
index d662e80727b6eab3df93166d35ddbaea6a0f6f7a..e8fdc6ba68fb6275a0d7920c76ca434ed830ed84 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -388,3 +388,35 @@ class TestExternalTrustWithRootDomain(ADTrustBase):
tasks.remove_trust_with_ad(self.master, self.ad_domain)
tasks.clear_sssd_cache(self.master)
+
+
+class TestTrustWithUPN(ADTrustBase):
+ """
+ Test support of UPN for trusted domains
+ """
+ def test_upn_in_nonposix_trust(self):
+ """ Check that UPN is listed as trust attribute """
+ result = self.master.run_command(['ipa', 'trust-show', self.ad_domain,
+ '--all', '--raw'])
+
+ assert "ipantadditionalsuffixes: UPNsuffix.com" in result.stdout_text
+
+ def test_upn_user_resolution_in_nonposix_trust(self):
+ """ Check that user with UPN can be resolved """
+ upnuser = 'upnu...@upnsuffix.com'
+ result = self.master.run_command(['getent', 'passwd', upnuser])
+
+ # result will contain AD domain, not UPN
+ upnuser_regex = "^upnuser@{0}:\*:(\d+):(\d+):UPN User:/:$".format(
+ self.ad_domain)
+ assert re.search(upnuser_regex, result.stdout_text)
+
+ def test_upn_user_authentication(self):
+ """ Check that AD user with UPN can authenticate in IPA """
+ self.master.run_command(['systemctl', 'restart', 'krb5kdc'])
+ self.master.run_command(['kinit', '-C', '-E', 'upnu...@upnsuffix.com'],
+ stdin_text='Secret123456')
+
+ def test_remove_nonposix_trust(self):
+ tasks.remove_trust_with_ad(self.master, self.ad_domain)
+ tasks.clear_sssd_cache(self.master)
--
2.7.4
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code