[Freeipa-devel] [Testplan Review] Certs in ID overrides
Sumit Bose
sbose at redhat.com
Mon Jun 27 08:28:08 UTC 2016
On Mon, Jun 27, 2016 at 10:06:23AM +0200, Oleg Fayans wrote:
> Hi Sumit,
>
> I've updated the testplan. (Thank you for the link to Fraser's blogpost,
> it was really very useful!). All the operations described were
> performed manually and succeed. Could you please review it again in case
> I forgot something?
Thank you, the tests are looking good.
I have two comments. First, for your information, I#m not sure if WebUI
is in the scope of this tests, Pavel already send '0058 WebUI:
certificate widget on ID override user page' to the freeipa-devel list,
so adding certificates to idoverrides with the WebUI should work soon as
well.
Second, the LDAP attribute used to store the certificates is a
multi-value attribute. Adding a test where a second certificate is added
to the override and removed (without deleting the other certificate)
might be useful here.
bye,
Sumit
>
>
> On 06/09/2016 05:06 PM, Sumit Bose wrote:
> > On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
> >> Hi guys,
> >>
> >> Here is the first somewhat skeletal and pretty short version of the
> >> testplan. Could you please review it anyone?
> >>
> >> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
> >
> > Hi Oleg,
> >
> > 'Make sure the id view is applied to ipa master host' the IPA
> > masters/servers will always and only have the 'Default Trust View'. But
> > it is ok to use the 'Default Trust View' for testing the certificates in
> > the ID override.
> >
> > The 'openssl req ...' call will only generate a certificate request and
> > not the certificate itself. The request must still be signed by e.g. the
> > IPA CA. Please see the blog posts of Fraser
> > (https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
> > and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.
> >
> > Since you want to test certificates in overrides you should use
> > idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
> > user-add-cert and user-remove-cert.
> >
> > bye,
> > Sumit
> >
> >> --
> >> Oleg Fayans
> >> Quality Engineer
> >> FreeIPA team
> >> RedHat.
> >>
> >> --
> >> Manage your subscription for the Freeipa-devel mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-devel
> >> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
> --
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
More information about the Freeipa-devel
mailing list