[Freeipa-devel] [Testplan] Support of UPN for trusted domains
Sumit Bose
sbose at redhat.com
Thu Jul 7 09:13:57 UTC 2016
On Fri, May 27, 2016 at 11:24:24AM +0300, Alexander Bokovoy wrote:
> On Fri, 27 May 2016, Sumit Bose wrote:
> > On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote:
> > > Hi all,
> > >
> > >
> > > here [1] is a draft of test plan for V4 RFE Support of UPN for trusted
> > > domains.
> > >
> > > Please review this and let me know if there's something missing or wrong.
> >
> > Hi Lenka,
> >
> > thank you for the test plan.
> >
> > About the TBD, Alexander and I agreed to store the alternative domain
> > suffixes read from AD in a new attribute in the LDAP object of the
> > forest root of the trusted domain.
> >
> > About the kinit tests. Please note that it is expected that the -E
> > option of kinit must be used when alternative suffixes are used.
> >
> > I'm not sure if SSSD tests are in the scope here as well. If they are I
> > would suggest to add authentication tests with SSSD where e.g. the name
> > with an alternative domain suffix is used as login name. This in general
> > already works with SSSD but is disabled by default for IPA because of
> > the missing server-side support so far. Since SSSD must be able to work
> > with old and new IPA server https://fedorahosted.org/sssd/ticket/3018
> > was created so that SSSD can detect at runtime if the server supports
> > this or not.
> Right, I think we should make sure SSSD is tested against IPA UPN
> support because otherwise we might get regressions.
Hi Lenka,
I would like to ask you to add test where 'kinit -E' is used with an IPA
user as well to avoid regression, because currently 'kinit -E
ipauser at IPA.DOMAIN' does not work.
Please note that the full principal must be used with kinit in this case
because when just using
kinit -E ipauser
kinit is smart enough to see that it makes no sense to add the
default_realm twice and internally just does 'kinit ipauser at IPA.DOMAIN'.
If you think this test is better suited in a different test plan please
let me know, then I'll ask there.
bye,
Sumit
>
>
> --
> / Alexander Bokovoy
More information about the Freeipa-devel
mailing list