diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index 7e4dbcc6e..31349ced7 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -245,6 +245,51 @@ class TestTrust(BaseTestTrust): self.master.run_command(['kinit', '-C', '-E', self.upn_principal], stdin_text=self.upn_password) + def test_subordinate_suffix(self): + """Test subordinate UPN Suffixes""" + tasks.configure_dns_for_trust(self.master, self.ad) + tasks.establish_trust_with_ad( + self.master, self.ad_domain, + extra_args=['--range-type', 'ipa-ad-trust']) + # Clear all UPN Suffixes + ps_cmd = "Get-ADForest | Set-ADForest -UPNSuffixes $null" + self.ad.run_command(["powershell", "-c", ps_cmd]) + result = self.master.run_command(["ipa", "trust-show", self.ad_domain]) + assert ( + "ipantadditionalsuffixes: {}".format(self.upn_suffix) + not in result.stdout_text + ) + # Run Get-ADForest + ps_cmd1 = "Get-ADForest" + self.ad.run_command(["powershell", "-c", ps_cmd1]) + # Add new UPN for AD + ps_cmd2 = ( + 'Get-ADForest | Set-ADForest -UPNSuffixes ' + '@{add="new.ad.test", "upn.dom"}' + ) + self.ad.run_command(["powershell", "-c", ps_cmd2]) + self.ad.run_command(["powershell", "-c", ps_cmd1]) + self.master.run_command( + ["ipa", "trust-fetch-domains", self.ad_domain], + raiseonerr=False) + self.master.run_command(["ipa", "trust-show", self.ad_domain]) + # Set UPN for the aduser + ps_cmd3 = ( + 'set-aduser -UserPrincipalName ' + 'Administrator@new.ad.test -Identity Administrator' + ) + self.ad.run_command(["powershell", "-c", ps_cmd3]) + # kinit to IPA using AD user Administrator@new.ad.test + result = self.master.run_command( + ["getent", "passwd", "Administrator@new.ad.test"] + ) + assert result.returncode == 0 + self.master.run_command( + ["kinit", "-E", "Administrator@new.ad.test"], + stdin_text="Secret123", + ) + tasks.kdestroy_all(self.master) + def test_remove_nonposix_trust(self): self.remove_trust(self.ad) tasks.unconfigure_dns_for_trust(self.master, self.ad)