[Freeipa-devel] [PATCH 0026][Tests] RFE: Support UPN for trusted domains
Martin Basti
mbasti at redhat.com
Fri Jul 1 11:29:57 UTC 2016
On 01.07.2016 13:08, Alexander Bokovoy wrote:
> On Fri, 01 Jul 2016, Lukas Slebodnik wrote:
>> On (01/07/16 11:13), Lenka Doudova wrote:
>>> And, of course, a patch file :)
>>>
>>>
>>> On 07/01/2016 11:09 AM, Lenka Doudova wrote:
>>>> Hi all,
>>>>
>>>> here's patch with basic test suite for support of UPN.
>>>>
>>>> Note: it needs to be applied on top of my patch 0025.2 (or later, if
>>>> there's will be more fixes to that patch).
>>>>
>>>>
>>>> Lenka
>>>>
>>>
>>
>>> From 5c8cb8727322371b7246f6d939b38ac1cbd61e4c Mon Sep 17 00:00:00 2001
>>> From: Lenka Doudova <ldoudova at redhat.com>
>>> Date: Fri, 1 Jul 2016 11:00:57 +0200
>>> Subject: [PATCH] Tests: Support of UPN for trusted domains
>>>
>>> Basic set of tests to verify support of UPN functionality.
>>>
>>> Test cases:
>>> - establish trust
>>> - verify the trust recognizes UPN
>>> - verify AD user with UPN can be resolved
>>> - verify AD user with UPN can authenticate
>>> - remove trust
>>>
>>> https://fedorahosted.org/freeipa/ticket/5354
>>> ---
>>> ipatests/test_integration/test_trust.py | 32
>>> ++++++++++++++++++++++++++++++++
>>> 1 file changed, 32 insertions(+)
>>>
>>> diff --git a/ipatests/test_integration/test_trust.py
>>> b/ipatests/test_integration/test_trust.py
>>> index
>>> d662e80727b6eab3df93166d35ddbaea6a0f6f7a..e8fdc6ba68fb6275a0d7920c76ca434ed830ed84
>>> 100644
>>> --- a/ipatests/test_integration/test_trust.py
>>> +++ b/ipatests/test_integration/test_trust.py
>>> @@ -388,3 +388,35 @@ class
>>> TestExternalTrustWithRootDomain(ADTrustBase):
>>>
>>> tasks.remove_trust_with_ad(self.master, self.ad_domain)
>>> tasks.clear_sssd_cache(self.master)
>>> +
>>> +
>>> +class TestTrustWithUPN(ADTrustBase):
>>> + """
>>> + Test support of UPN for trusted domains
>>> + """
>>> + def test_upn_in_nonposix_trust(self):
>>> + """ Check that UPN is listed as trust attribute """
>>> + result = self.master.run_command(['ipa', 'trust-show',
>>> self.ad_domain,
>>> + '--all', '--raw'])
>>> +
>>> + assert "ipantadditionalsuffixes: UPNsuffix.com" in
>>> result.stdout_text
>>> +
>>> + def test_upn_user_resolution_in_nonposix_trust(self):
>>> + """ Check that user with UPN can be resolved """
>>> + upnuser = 'upnuser at UPNsuffix.com'
>>> + result = self.master.run_command(['getent', 'passwd',
>>> upnuser])
>> Is there a special reason for not using pwd.getpwnam() ?
> Technically -- yes. In case there was a change in the system
> configuration (/etc/nsswitch.conf), then these changes wouldn't be
> reflected in the application that is already using NSSWITCH interface.
>
> However, in this particular case no change to config files is expected
> so pwd.getpwnam() can be used.
Please note that the commands are executed remotely in CI tests,
pwd.getpwnam() provides only local data.
Martin^2
More information about the Freeipa-devel
mailing list