[Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains

Martin Basti mbasti at redhat.com
Fri Jul 1 11:29:57 UTC 2016 


On 01.07.2016 13:08, Alexander Bokovoy wrote:
> On Fri, 01 Jul 2016, Lukas Slebodnik wrote:
>> On (01/07/16 11:13), Lenka Doudova wrote:
>>> And, of course, a patch file :)
>>>
>>>
>>> On 07/01/2016 11:09 AM, Lenka Doudova wrote:
>>>> Hi all,
>>>>
>>>> here's patch with basic test suite for support of UPN.
>>>>
>>>> Note: it needs to be applied on top of my patch 0025.2 (or later, if
>>>> there's will be more fixes to that patch).
>>>>
>>>>
>>>> Lenka
>>>>
>>>
>>
>>> From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
>>> From: Lenka Doudova <ldoudova at redhat.com>
>>> Date: Fri, 1 Jul 2016 11:00:57 +0200
>>> Subject: [PATCH] Tests: Support of UPN for trusted domains
>>>
>>> Basic set of tests to verify support of UPN functionality.
>>>
>>> Test cases:
>>> - establish trust
>>> - verify the trust recognizes UPN
>>> - verify AD user with UPN can be resolved
>>> - verify AD user with UPN can authenticate
>>> - remove trust
>>>
>>> https://fedorahosted.org/freeipa/ticket/5354
>>> ---
>>> ipatests/test_integration/test_trust.py | 32 
>>> ++++++++++++++++++++++++++++++++
>>> 1 file changed, 32 insertions(+)
>>>
>>> diff --git a/ipatests/test_integration/test_trust.py 
>>> b/ipatests/test_integration/test_trust.py
>>> index 
>>> d662e80727b6eab3df93166d35ddbaea6a0f6f7a..e8fdc6ba68fb6275a0d7920c76ca434ed830ed84 
>>> 100644
>>> --- a/ipatests/test_integration/test_trust.py
>>> +++ b/ipatests/test_integration/test_trust.py
>>> @@ -388,3 +388,35 @@ class 
>>> TestExternalTrustWithRootDomain(ADTrustBase):
>>>
>>>         tasks.remove_trust_with_ad(self.master, self.ad_domain)
>>>         tasks.clear_sssd_cache(self.master)
>>> +
>>> +
>>> +class TestTrustWithUPN(ADTrustBase):
>>> +    """
>>> +    Test support of UPN for trusted domains
>>> +    """
>>> +    def test_upn_in_nonposix_trust(self):
>>> +        """ Check that UPN is listed as trust attribute """
>>> +        result = self.master.run_command(['ipa', 'trust-show', 
>>> self.ad_domain,
>>> +                                          '--all', '--raw'])
>>> +
>>> +        assert "ipantadditionalsuffixes: UPNsuffix.com" in 
>>> result.stdout_text
>>> +
>>> +    def test_upn_user_resolution_in_nonposix_trust(self):
>>> +        """ Check that user with UPN can be resolved """
>>> +        upnuser = 'upnuser at UPNsuffix.com'
>>> +        result = self.master.run_command(['getent', 'passwd', 
>>> upnuser])
>> Is there a special reason for not using pwd.getpwnam() ?
> Technically -- yes. In case there was a change in the system
> configuration (/etc/nsswitch.conf), then these changes wouldn't be
> reflected in the application that is already using NSSWITCH interface.
>
> However, in this particular case no change to config files is expected
> so pwd.getpwnam() can be used.

Please note that the commands are executed remotely in CI tests, 
pwd.getpwnam() provides only local data.
Martin^2

More information about the Freeipa-devel mailing list