<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/13/2015 05:54 PM, Martin Basti
wrote:<br>
</div>
<blockquote cite="mid:555373C7.2070007@redhat.com" type="cite">On
13/05/15 17:44, David Kupka wrote:
<br>
<blockquote type="cite">On 05/13/2015 02:57 PM, Lenka Ryznarova
wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I've prepared test plan design for User Lifecycle Plugin -
[1]. Please
<br>
review and let me know if you have any comments on that.
<br>
<br>
Thanks,
<br>
Lenka
<br>
<br>
[1]
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/User_Life-Cycle_Management/Test_Plan">http://www.freeipa.org/page/V4/User_Life-Cycle_Management/Test_Plan</a>
<br>
<br>
<br>
</blockquote>
Hi,
<br>
thanks for sharing the test plan. I've quickly looked at it and
have just 2 notes:
<br>
<br>
1) please add "Verify that specific GID number of a staged entry
is preserved after activation"
<br>
<br>
2) In a block of tests "Try activating staged entry with
<every-possible-attribute>" please add a activation tests.
It should be possible to add/modify the attributes in staging
are freely all the check must be applied when the user is
activated.
<br>
<br>
</blockquote>
Hello, following tests are out of scope of API tests, but would be
nice to have:
<br>
* test to make sure the staged/deleted user is unable to kinit
<br>
* opposite case the reactivated user is able to kinit (if this
case is valid)
<br>
* ACI tests: to make sure only proper roles can manipulate with
staged users.
<br>
<br>
</blockquote>
<font face="Times New Roman, Times, serif">Hello Lenka,<br>
<br>
This is looking as a very good set of tests. If you have time, you
may also add those tests:<br>
</font>
<ul>
<li><font face="Times New Roman, Times, serif">try do a simple
bind with a stage/delete user</font></li>
<li><font face="Times New Roman, Times, serif">option only-delete,
also-delete and --deleted are deprecated.. sorry the design is
not up-to-date, now it is --preserved flag</font></li>
<li><font face="Times New Roman, Times, serif">Run the tests as
admin</font></li>
<li><font face="Times New Roman, Times, serif">Run the tests as a
stageadm (member of 'User administrator')</font></li>
<li><font face="Times New Roman, Times, serif">Try to update a
stageuser with invalid uid/gidnumber (<0 , or string)</font></li>
<li><font face="Times New Roman, Times, serif">Check that
activated and undelete users are member of ipausers</font></li>
<li><font face="Times New Roman, Times, serif">Being authenticated
with a newly activated user, check you have limited access to
entries (only modify yourself)</font></li>
<li><font face="Times New Roman, Times, serif">Try to add
(ldapadd) an entry directly in delete container, should not be
allowed even for admin.</font></li>
<li><font face="Times New Roman, Times, serif">Create a user that
is member of a 'system provisioning' role. 'system
provisioning' role has the 'Stage user provisioning' priviledge.<br>
This user should only be allow to add 'stage' user (no read, delete,
mod)</font></li>
</ul>
<p><font face="Times New Roman, Times, serif">Thanks<br>
thierry<br>
</font></p>
</body>
</html>