selftest: Run krb5.kdc test against users with a UPN

This tests both a UPN in our own realm, and a UPN with a non-realm suffix.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jan 23 08:10:07 CET 2015 on sn-devel-104

1 files changed, 22 insertions, 0 deletions

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index cdbbea4c7b..91db4f87bd 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -821,6 +821,18 @@ sub provision_raw_step2($$$)
 		return undef;
 	}
 
+	my $ldbmodify = Samba::bindir_path($self, "ldbmodify");
+	my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
+	my $user_dn = "cn=testallowed,cn=users,$base_dn";
+	open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
+	print LDIF "dn: $user_dn
+changetype: modify
+replace: userPrincipalName
+userPrincipalName: testallowed_upn\@$ctx->{realm}
+-	    
+";
+	close(LDIF);
+
 	$samba_tool_cmd = Samba::bindir_path($self, "samba-tool") 
 	    . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}";
 	unless (system($samba_tool_cmd) == 0) {
@@ -828,6 +840,16 @@ sub provision_raw_step2($$$)
 		return undef;
 	}
 
+	my $user_dn = "cn=testdenied,cn=users,$base_dn";
+	open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
+	print LDIF "dn: $user_dn
+changetype: modify
+replace: userPrincipalName
+userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
+-	    
+";
+	close(LDIF);
+
 	$samba_tool_cmd = Samba::bindir_path($self, "samba-tool") 
 	    . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' testallowed";
 	unless (system($samba_tool_cmd) == 0) {