[Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests
Alexander Bokovoy
abokovoy at redhat.com
Tue Oct 15 19:30:23 UTC 2013
On Mon, 14 Oct 2013, Tomas Babej wrote:
>+def estabilish_trust_with_ad(master, ad, extra_args=[]):
>+ """
>+ Estabilishes trust with Active Directory. Trust type is detected depending
>+ on the presence of SfU (Services for Unix) support on the AD.
>+
>+ Use extra arguments to pass extra arguments to the trust-add command, such
>+ as --range-type="ipa-ad-trust" to enfroce a particular range type.
>+ """
>+
>+ # Force KDC to reload MS-PAC info by trying to get TGT for HTTP
>+ master.run_command(['kinit', '-kt', '/etc/httpd/conf/ipa.keytab',
>+ 'HTTP/%s' % master.hostname])
It would be good to actually run 'kdestroy -A' before 'kinit' so that we
don't have any left overs.
>+ master.run_command(['systemctl', 'restart', 'krb5kdc.service'])
>+
>+ kinit_admin(master)
Same here.
>+ master.run_command(['klist'])
>+ master.run_command(['smbcontrol', 'all', 'debug', '100'])
>+ assert util.run_repeatedly(master,
>+ ['ipa', 'trust-add',
>+ '--type', 'ad', ad.domain.name,
>+ '--admin', 'Administrator',
>+ '--password'] + extra_args,
>+ stdin_text=master.config.ad_admin_password)
>+ master.run_command(['smbcontrol', 'all', 'debug', '1'])
>+ clear_sssd_cache(master)
>+
The rest looks fine although it could be nice to have generic
description of what is expected from AD setup -- there is assumption of
POSIX attributes being enabled in one of tests which is definitely not a
default configuration. I'm here after reproducible configurations using
different test lab (like running an Azure or EC2 cloud).
I'm still not able to reproduce the issue with missing MS-PAC in admin's
ticket when running 'ipa trust-add' in the test, though...
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list