Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

2016-06-28 Thread Sumit Bose
On Tue, Jun 28, 2016 at 10:43:00AM +0200, Oleg Fayans wrote:
> Hi Sumit,
> 
> The testplan is updated according to your second note. The WebUI part
> I'll test once Pavel's patch is merged.

Thank you.

bye,
Sumit

> 
> On 06/27/2016 10:28 AM, Sumit Bose wrote:
> > On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote:
> >> Hi Sumit,
> >>
> >> I've updated the testplan. (Thank you for the link to Fraser's blogpost,
> >> it was really very useful!). All the operations described  were
> >> performed manually and succeed. Could you please review it again in case
> >> I forgot something?
> > 
> > Thank you, the tests are looking good.
> > 
> > I have two comments. First, for your information, I#m not sure if WebUI
> > is in the scope of this tests, Pavel already send '0058 WebUI:
> > certificate widget on ID override user page' to the freeipa-devel list,
> > so adding certificates to idoverrides with the WebUI should work soon as
> > well.
> > 
> > Second, the LDAP attribute used to store the certificates is a
> > multi-value attribute. Adding a test where a second certificate is added
> > to the override and removed (without deleting the other certificate)
> > might be useful here.
> > 
> > bye,
> > Sumit
> > 
> >>
> >>
> >> On 06/09/2016 05:06 PM, Sumit Bose wrote:
> >>> On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
>  Hi guys,
> 
>  Here is the first somewhat skeletal and pretty short version of the
>  testplan. Could you please review it anyone?
> 
>  http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
> >>>
> >>> Hi Oleg,
> >>>
> >>> 'Make sure the id view is applied to ipa master host' the IPA
> >>> masters/servers will always and only have the 'Default Trust View'. But
> >>> it is ok to use the 'Default Trust View' for testing the certificates in
> >>> the ID override.
> >>>
> >>> The 'openssl req ...' call will only generate a certificate request and
> >>> not the certificate itself. The request must still be signed by e.g. the
> >>> IPA CA. Please see the blog posts of Fraser
> >>> (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
> >>> and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.
> >>>
> >>> Since you want to test certificates in overrides you should use
> >>> idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
> >>> user-add-cert and user-remove-cert.
> >>>
> >>> bye,
> >>> Sumit
> >>>
>  -- 
>  Oleg Fayans
>  Quality Engineer
>  FreeIPA team
>  RedHat.
> 
>  -- 
>  Manage your subscription for the Freeipa-devel mailing list:
>  https://www.redhat.com/mailman/listinfo/freeipa-devel
>  Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
> >>
> >> -- 
> >> Oleg Fayans
> >> Quality Engineer
> >> FreeIPA team
> >> RedHat.
> 
> -- 
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

2016-06-28 Thread Oleg Fayans
Hi Sumit,

The testplan is updated according to your second note. The WebUI part
I'll test once Pavel's patch is merged.

On 06/27/2016 10:28 AM, Sumit Bose wrote:
> On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote:
>> Hi Sumit,
>>
>> I've updated the testplan. (Thank you for the link to Fraser's blogpost,
>> it was really very useful!). All the operations described  were
>> performed manually and succeed. Could you please review it again in case
>> I forgot something?
> 
> Thank you, the tests are looking good.
> 
> I have two comments. First, for your information, I#m not sure if WebUI
> is in the scope of this tests, Pavel already send '0058 WebUI:
> certificate widget on ID override user page' to the freeipa-devel list,
> so adding certificates to idoverrides with the WebUI should work soon as
> well.
> 
> Second, the LDAP attribute used to store the certificates is a
> multi-value attribute. Adding a test where a second certificate is added
> to the override and removed (without deleting the other certificate)
> might be useful here.
> 
> bye,
> Sumit
> 
>>
>>
>> On 06/09/2016 05:06 PM, Sumit Bose wrote:
>>> On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
 Hi guys,

 Here is the first somewhat skeletal and pretty short version of the
 testplan. Could you please review it anyone?

 http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
>>>
>>> Hi Oleg,
>>>
>>> 'Make sure the id view is applied to ipa master host' the IPA
>>> masters/servers will always and only have the 'Default Trust View'. But
>>> it is ok to use the 'Default Trust View' for testing the certificates in
>>> the ID override.
>>>
>>> The 'openssl req ...' call will only generate a certificate request and
>>> not the certificate itself. The request must still be signed by e.g. the
>>> IPA CA. Please see the blog posts of Fraser
>>> (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
>>> and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.
>>>
>>> Since you want to test certificates in overrides you should use
>>> idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
>>> user-add-cert and user-remove-cert.
>>>
>>> bye,
>>> Sumit
>>>
 -- 
 Oleg Fayans
 Quality Engineer
 FreeIPA team
 RedHat.

 -- 
 Manage your subscription for the Freeipa-devel mailing list:
 https://www.redhat.com/mailman/listinfo/freeipa-devel
 Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>>
>> -- 
>> Oleg Fayans
>> Quality Engineer
>> FreeIPA team
>> RedHat.

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

2016-06-27 Thread Sumit Bose
On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote:
> Hi Sumit,
> 
> I've updated the testplan. (Thank you for the link to Fraser's blogpost,
> it was really very useful!). All the operations described  were
> performed manually and succeed. Could you please review it again in case
> I forgot something?

Thank you, the tests are looking good.

I have two comments. First, for your information, I#m not sure if WebUI
is in the scope of this tests, Pavel already send '0058 WebUI:
certificate widget on ID override user page' to the freeipa-devel list,
so adding certificates to idoverrides with the WebUI should work soon as
well.

Second, the LDAP attribute used to store the certificates is a
multi-value attribute. Adding a test where a second certificate is added
to the override and removed (without deleting the other certificate)
might be useful here.

bye,
Sumit

> 
> 
> On 06/09/2016 05:06 PM, Sumit Bose wrote:
> > On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
> >> Hi guys,
> >>
> >> Here is the first somewhat skeletal and pretty short version of the
> >> testplan. Could you please review it anyone?
> >>
> >> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
> > 
> > Hi Oleg,
> > 
> > 'Make sure the id view is applied to ipa master host' the IPA
> > masters/servers will always and only have the 'Default Trust View'. But
> > it is ok to use the 'Default Trust View' for testing the certificates in
> > the ID override.
> > 
> > The 'openssl req ...' call will only generate a certificate request and
> > not the certificate itself. The request must still be signed by e.g. the
> > IPA CA. Please see the blog posts of Fraser
> > (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
> > and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.
> > 
> > Since you want to test certificates in overrides you should use
> > idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
> > user-add-cert and user-remove-cert.
> > 
> > bye,
> > Sumit
> > 
> >> -- 
> >> Oleg Fayans
> >> Quality Engineer
> >> FreeIPA team
> >> RedHat.
> >>
> >> -- 
> >> Manage your subscription for the Freeipa-devel mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-devel
> >> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
> 
> -- 
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

2016-06-27 Thread Oleg Fayans
Hi Sumit,

I've updated the testplan. (Thank you for the link to Fraser's blogpost,
it was really very useful!). All the operations described  were
performed manually and succeed. Could you please review it again in case
I forgot something?


On 06/09/2016 05:06 PM, Sumit Bose wrote:
> On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
>> Hi guys,
>>
>> Here is the first somewhat skeletal and pretty short version of the
>> testplan. Could you please review it anyone?
>>
>> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
> 
> Hi Oleg,
> 
> 'Make sure the id view is applied to ipa master host' the IPA
> masters/servers will always and only have the 'Default Trust View'. But
> it is ok to use the 'Default Trust View' for testing the certificates in
> the ID override.
> 
> The 'openssl req ...' call will only generate a certificate request and
> not the certificate itself. The request must still be signed by e.g. the
> IPA CA. Please see the blog posts of Fraser
> (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
> and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.
> 
> Since you want to test certificates in overrides you should use
> idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
> user-add-cert and user-remove-cert.
> 
> bye,
> Sumit
> 
>> -- 
>> Oleg Fayans
>> Quality Engineer
>> FreeIPA team
>> RedHat.
>>
>> -- 
>> Manage your subscription for the Freeipa-devel mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

2016-06-09 Thread Sumit Bose
On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
> Hi guys,
> 
> Here is the first somewhat skeletal and pretty short version of the
> testplan. Could you please review it anyone?
> 
> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan

Hi Oleg,

'Make sure the id view is applied to ipa master host' the IPA
masters/servers will always and only have the 'Default Trust View'. But
it is ok to use the 'Default Trust View' for testing the certificates in
the ID override.

The 'openssl req ...' call will only generate a certificate request and
not the certificate itself. The request must still be signed by e.g. the
IPA CA. Please see the blog posts of Fraser
(https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.

Since you want to test certificates in overrides you should use
idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
user-add-cert and user-remove-cert.

bye,
Sumit

> -- 
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
> 
> -- 
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code