[Freeipa-devel] Kerberos Principal Aliases Testplan review
Martin Babinsky
mbabinsk at redhat.com
Wed Jun 29 14:29:06 UTC 2016
Hi,
I have looked at the testplan[1] and have the following comments:
In general LGTM, but I miss the following test scenarios:
1.) Test principal alias removal, more specifically test that the
removal of the alias equivalent to the canonical name triggers an error
2.) Test that you cannot create an enterprise principal alias whose
suffix overlaps with trusted domains UPN[2]. You do not need trust for
this, just a domain entry in LDAP, see
`test_xmlrpc/test_range_plugin.py` and MockLDAP class for hints.
Basically you should get an error when adding principal alias such as
'user\@trusted.domain.upn at REALM' regardless of the case of
'trusted.domain.upn'.
3.) test that when adding alias to an entry lacking 'krbcanonicalname'
(e.g. old entry from upgrade), the existing value of 'krbprincipalname'
is copied to the attribute
That is all I can currently think of off the top of my head.
[1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases/Test_Plan
[2] http://www.freeipa.org/page/V4/Support_of_UPN_for_trusted_domains
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list