diff options
author | Lenka Doudova <ldoudova@redhat.com> | 2016-07-18 14:38:18 +0200 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-07-25 12:22:21 +0200 |
commit | 648b5afa2f2d01d99c1cf2d1f4a87a5da4461246 (patch) | |
tree | 44467c5cb12c107978564cbfbca1e9b9bcd2f3c0 /ipatests | |
parent | ab4fcb0fe25e313c93caae3b90f68b4010a9f2eb (diff) | |
download | freeipa-648b5afa2f2d01d99c1cf2d1f4a87a5da4461246.tar.gz freeipa-648b5afa2f2d01d99c1cf2d1f4a87a5da4461246.tar.xz freeipa-648b5afa2f2d01d99c1cf2d1f4a87a5da4461246.zip |
Tests: IPA user can kinit using enterprise principal with IPA domain
Providing missing test case verifying authentication as IPA user, namely:
"kinit -E ipauser@IPADOMAIN".
https://fedorahosted.org/freeipa/ticket/6036
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipatests')
-rw-r--r-- | ipatests/test_integration/test_trust.py | 20 | ||||
-rw-r--r-- | ipatests/test_integration/util.py | 13 |
2 files changed, 33 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index e3fe9c89e..d0b8e58b7 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -161,6 +161,26 @@ class TestBasicADTrust(ADTrustBase): assert re.search(testuser_regex, result.stdout_text) + def test_ipauser_authentication(self): + ipauser = u'tuser' + original_passwd = 'Secret123' + new_passwd = 'userPasswd123' + + # create an ipauser for this test + self.master.run_command(['ipa', 'user-add', ipauser, '--first=Test', + '--last=User', '--password'], + stdin_text=original_passwd) + + # change password for the user to be able to kinit + util.ldappasswd_user_change(ipauser, original_passwd, new_passwd, + self.master) + + # try to kinit as ipauser + self.master.run_command( + ['kinit', '-E', '{0}@{1}'.format(ipauser, + self.master.domain.name)], + stdin_text=new_passwd) + def test_remove_nonposix_trust(self): tasks.remove_trust_with_ad(self.master, self.ad_domain) tasks.clear_sssd_cache(self.master) diff --git a/ipatests/test_integration/util.py b/ipatests/test_integration/util.py index 594737b6d..179f6727e 100644 --- a/ipatests/test_integration/util.py +++ b/ipatests/test_integration/util.py @@ -20,6 +20,8 @@ import time import re +from ipaplatform.paths import paths +from ipalib.constants import DEFAULT_CONFIG def run_repeatedly(host, command, assert_zero_rc=True, test=None, timeout=30, **kwargs): @@ -75,3 +77,14 @@ def get_host_ip_with_hostmask(host): if match: return match.group('full_ip') + + +def ldappasswd_user_change(user, oldpw, newpw, master): + container_user = dict(DEFAULT_CONFIG)['container_user'] + basedn = master.domain.basedn + + userdn = "uid={},{},{}".format(user, container_user, basedn) + + args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw, + '-s', newpw, '-x'] + master.run_command(args) |