On Fri, 01 Jul 2016, Lukas Slebodnik wrote:
On (01/07/16 11:13), Lenka Doudova wrote:
And, of course, a patch file :)
On 07/01/2016 11:09 AM, Lenka Doudova wrote:
here's patch with basic test suite for support of UPN.
Note: it needs to be applied on top of my patch 0025.2 (or later, if
there's will be more fixes to that patch).
From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
From: Lenka Doudova <ldoud...@redhat.com>
Date: Fri, 1 Jul 2016 11:00:57 +0200
Subject: [PATCH] Tests: Support of UPN for trusted domains
Basic set of tests to verify support of UPN functionality.
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust
ipatests/test_integration/test_trust.py | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/ipatests/test_integration/test_trust.py
@@ -388,3 +388,35 @@ class TestExternalTrustWithRootDomain(ADTrustBase):
+ Test support of UPN for trusted domains
+ def test_upn_in_nonposix_trust(self):
+ """ Check that UPN is listed as trust attribute """
+ result = self.master.run_command(['ipa', 'trust-show', self.ad_domain,
+ '--all', '--raw'])
+ assert "ipantadditionalsuffixes: UPNsuffix.com" in result.stdout_text
+ def test_upn_user_resolution_in_nonposix_trust(self):
+ """ Check that user with UPN can be resolved """
+ upnuser = 'upnu...@upnsuffix.com'
+ result = self.master.run_command(['getent', 'passwd', upnuser])
Is there a special reason for not using pwd.getpwnam() ?
Technically -- yes. In case there was a change in the system
configuration (/etc/nsswitch.conf), then these changes wouldn't be
reflected in the application that is already using NSSWITCH interface.
However, in this particular case no change to config files is expected
so pwd.getpwnam() can be used.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code