Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

Lenka Doudova Fri, 01 Jul 2016 02:14:46 -0700

And, of course, a patch file :)


On 07/01/2016 11:09 AM, Lenka Doudova wrote:

Hi all,

here's patch with basic test suite for support of UPN.
Note: it needs to be applied on top of my patch 0025.2 (or later, ifthere's will be more fixes to that patch).
Lenka

From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
From: Lenka Doudova <ldoud...@redhat.com>
Date: Fri, 1 Jul 2016 11:00:57 +0200
Subject: [PATCH] Tests: Support of UPN for trusted domains

Basic set of tests to verify support of UPN functionality.

Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust

https://fedorahosted.org/freeipa/ticket/5354
---
 ipatests/test_integration/test_trust.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
index d662e80727b6eab3df93166d35ddbaea6a0f6f7a..e8fdc6ba68fb6275a0d7920c76ca434ed830ed84 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -388,3 +388,35 @@ class TestExternalTrustWithRootDomain(ADTrustBase):
 
         tasks.remove_trust_with_ad(self.master, self.ad_domain)
         tasks.clear_sssd_cache(self.master)
+
+
+class TestTrustWithUPN(ADTrustBase):
+    """
+    Test support of UPN for trusted domains
+    """
+    def test_upn_in_nonposix_trust(self):
+        """ Check that UPN is listed as trust attribute """
+        result = self.master.run_command(['ipa', 'trust-show', self.ad_domain,
+                                          '--all', '--raw'])
+
+        assert "ipantadditionalsuffixes: UPNsuffix.com" in result.stdout_text
+
+    def test_upn_user_resolution_in_nonposix_trust(self):
+        """ Check that user with UPN can be resolved """
+        upnuser = 'upnu...@upnsuffix.com'
+        result = self.master.run_command(['getent', 'passwd', upnuser])
+
+        # result will contain AD domain, not UPN
+        upnuser_regex = "^upnuser@{0}:\*:(\d+):(\d+):UPN User:/:$".format(
+            self.ad_domain)
+        assert re.search(upnuser_regex, result.stdout_text)
+
+    def test_upn_user_authentication(self):
+        """ Check that AD user with UPN can authenticate in IPA """
+        self.master.run_command(['systemctl', 'restart', 'krb5kdc'])
+        self.master.run_command(['kinit', '-C', '-E', 'upnu...@upnsuffix.com'],
+                                stdin_text='Secret123456')
+
+    def test_remove_nonposix_trust(self):
+        tasks.remove_trust_with_ad(self.master, self.ad_domain)
+        tasks.clear_sssd_cache(self.master)
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

Reply via email to