diff options
| author | Lenka Doudova <ldoudova@redhat.com> | 2016-07-01 11:00:57 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-07-19 13:29:51 +0200 |
| commit | 6a072f3c5c114747c190d0c309a8d53dd8e46394 (patch) | |
| tree | ba9a51002fe99ddfbebfb20770b722417d3069b8 /ipatests/test_integration | |
| parent | f487233df002bf73dd48d5c87a146b90542bd034 (diff) | |
| download | freeipa-6a072f3c5c114747c190d0c309a8d53dd8e46394.tar.gz freeipa-6a072f3c5c114747c190d0c309a8d53dd8e46394.tar.xz freeipa-6a072f3c5c114747c190d0c309a8d53dd8e46394.zip | |
Tests: Support of UPN for trusted domains
Basic set of tests to verify support of UPN functionality.
Test cases:
- establish trust
- verify the trust recognizes UPN
- verify AD user with UPN can be resolved
- verify AD user with UPN can authenticate
- remove trust
https://fedorahosted.org/freeipa/ticket/6094
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipatests/test_integration')
| -rw-r--r-- | ipatests/test_integration/test_trust.py | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index b68bd2fcd..e3fe9c89e 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -24,6 +24,7 @@ from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration import tasks from ipatests.test_integration import util from ipaplatform.paths import paths +import time class ADTrustBase(IntegrationTest): @@ -345,3 +346,44 @@ class TestExternalTrustWithRootDomain(ADTrustSubdomainBase): def test_remove_nonposix_trust(self): tasks.remove_trust_with_ad(self.master, self.ad_domain) tasks.clear_sssd_cache(self.master) + + +class TestTrustWithUPN(ADTrustBase): + """ + Test support of UPN for trusted domains + """ + + upn_suffix = 'UPNsuffix.com' + upn_username = 'upnuser' + upn_name = 'UPN User' + upn_principal = '{}@{}'.format(upn_username, upn_suffix) + upn_password = 'Secret123456' + + def test_upn_in_nonposix_trust(self): + """ Check that UPN is listed as trust attribute """ + result = self.master.run_command(['ipa', 'trust-show', self.ad_domain, + '--all', '--raw']) + + assert ("ipantadditionalsuffixes: {}".format(self.upn_suffix) in + result.stdout_text) + + def test_upn_user_resolution_in_nonposix_trust(self): + """ Check that user with UPN can be resolved """ + result = self.master.run_command(['getent', 'passwd', + self.upn_principal]) + + # result will contain AD domain, not UPN + upnuser_regex = "^{}@{}:\*:(\d+):(\d+):{}:/:$".format( + self.upn_username, self.ad_domain, self.upn_name) + assert re.search(upnuser_regex, result.stdout_text) + + def test_upn_user_authentication(self): + """ Check that AD user with UPN can authenticate in IPA """ + self.master.run_command(['systemctl', 'restart', 'krb5kdc']) + time.sleep(60) + self.master.run_command(['kinit', '-C', '-E', self.upn_principal], + stdin_text=self.upn_password) + + def test_remove_nonposix_trust(self): + tasks.remove_trust_with_ad(self.master, self.ad_domain) + tasks.clear_sssd_cache(self.master) |