On 01.07.2016 13:08, Alexander Bokovoy wrote:
On Fri, 01 Jul 2016, Lukas Slebodnik wrote:
On (01/07/16 11:13), Lenka Doudova wrote:
And, of course, a patch file :)

On 07/01/2016 11:09 AM, Lenka Doudova wrote:
Hi all,

here's patch with basic test suite for support of UPN.

Note: it needs to be applied on top of my patch 0025.2 (or later, if
there's will be more fixes to that patch).


From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
From: Lenka Doudova <ldoud...@redhat.com>
Date: Fri, 1 Jul 2016 11:00:57 +0200
Subject: [PATCH] Tests: Support of UPN for trusted domains

Basic set of tests to verify support of UPN functionality.

Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust

ipatests/test_integration/test_trust.py | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index d662e80727b6eab3df93166d35ddbaea6a0f6f7a..e8fdc6ba68fb6275a0d7920c76ca434ed830ed84 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -388,3 +388,35 @@ class TestExternalTrustWithRootDomain(ADTrustBase):

        tasks.remove_trust_with_ad(self.master, self.ad_domain)
+class TestTrustWithUPN(ADTrustBase):
+    """
+    Test support of UPN for trusted domains
+    """
+    def test_upn_in_nonposix_trust(self):
+        """ Check that UPN is listed as trust attribute """
+ result = self.master.run_command(['ipa', 'trust-show', self.ad_domain,
+                                          '--all', '--raw'])
+ assert "ipantadditionalsuffixes: UPNsuffix.com" in result.stdout_text
+    def test_upn_user_resolution_in_nonposix_trust(self):
+        """ Check that user with UPN can be resolved """
+        upnuser = 'upnu...@upnsuffix.com'
+ result = self.master.run_command(['getent', 'passwd', upnuser])
Is there a special reason for not using pwd.getpwnam() ?
Technically -- yes. In case there was a change in the system
configuration (/etc/nsswitch.conf), then these changes wouldn't be
reflected in the application that is already using NSSWITCH interface.

However, in this particular case no change to config files is expected
so pwd.getpwnam() can be used.

Please note that the commands are executed remotely in CI tests, pwd.getpwnam() provides only local data.

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to