[Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

Alexander Bokovoy abokovoy at redhat.com
Fri Jul 1 11:08:43 UTC 2016 

On Fri, 01 Jul 2016, Lukas Slebodnik wrote:
>On (01/07/16 11:13), Lenka Doudova wrote:
>>And, of course, a patch file :)
>>
>>
>>On 07/01/2016 11:09 AM, Lenka Doudova wrote:
>>> Hi all,
>>>
>>> here's patch with basic test suite for support of UPN.
>>>
>>> Note: it needs to be applied on top of my patch 0025.2 (or later, if
>>> there's will be more fixes to that patch).
>>>
>>>
>>> Lenka
>>>
>>
>
>>From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
>>From: Lenka Doudova <ldoudova at redhat.com>
>>Date: Fri, 1 Jul 2016 11:00:57 +0200
>>Subject: [PATCH] Tests: Support of UPN for trusted domains
>>
>>Basic set of tests to verify support of UPN functionality.
>>
>>Test cases:
>>- establish trust
>>- verify the trust recognizes UPN
>>- verify AD user with UPN can be resolved
>>- verify AD user with UPN can authenticate
>>- remove trust
>>
>>https://fedorahosted.org/freeipa/ticket/5354
>>---
>> ipatests/test_integration/test_trust.py | 32 ++++++++++++++++++++++++++++++++
>> 1 file changed, 32 insertions(+)
>>
>>diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
>>index d662e80727b6eab3df93166d35ddbaea6a0f6f7a..e8fdc6ba68fb6275a0d7920c76ca434ed830ed84 100644
>>--- a/ipatests/test_integration/test_trust.py
>>+++ b/ipatests/test_integration/test_trust.py
>>@@ -388,3 +388,35 @@ class TestExternalTrustWithRootDomain(ADTrustBase):
>>
>>         tasks.remove_trust_with_ad(self.master, self.ad_domain)
>>         tasks.clear_sssd_cache(self.master)
>>+
>>+
>>+class TestTrustWithUPN(ADTrustBase):
>>+    """
>>+    Test support of UPN for trusted domains
>>+    """
>>+    def test_upn_in_nonposix_trust(self):
>>+        """ Check that UPN is listed as trust attribute """
>>+        result = self.master.run_command(['ipa', 'trust-show', self.ad_domain,
>>+                                          '--all', '--raw'])
>>+
>>+        assert "ipantadditionalsuffixes: UPNsuffix.com" in result.stdout_text
>>+
>>+    def test_upn_user_resolution_in_nonposix_trust(self):
>>+        """ Check that user with UPN can be resolved """
>>+        upnuser = 'upnuser at UPNsuffix.com'
>>+        result = self.master.run_command(['getent', 'passwd', upnuser])
>Is there a special reason for not using pwd.getpwnam() ?
Technically -- yes. In case there was a change in the system
configuration (/etc/nsswitch.conf), then these changes wouldn't be
reflected in the application that is already using NSSWITCH interface.

However, in this particular case no change to config files is expected
so pwd.getpwnam() can be used.
-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list