IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Tests: IPA user can kinit using enterprise principal with IPA domain

Browse Source 
Providing missing test case verifying authentication as IPA user, namely:
"kinit -E ipauser@IPADOMAIN".

https://fedorahosted.org/freeipa/ticket/6036

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Lenka Doudova 2016-07-18 14:38:18 +02:00 committed by Martin Babinsky
parent ab4fcb0fe2
commit 648b5afa2f
2 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ipatests/test_integration/test_trust.py
View File

@ -161,6 +161,26 @@ class TestBasicADTrust(ADTrustBase):
assert re.search(testuser_regex, result.stdout_text) assert re.search(testuser_regex, result.stdout_text)
def test_ipauser_authentication(self):
ipauser = u'tuser'
original_passwd = 'Secret123'
new_passwd = 'userPasswd123'
# create an ipauser for this test
self.master.run_command(['ipa', 'user-add', ipauser, '--first=Test',
'--last=User', '--password'],
stdin_text=original_passwd)
# change password for the user to be able to kinit
util.ldappasswd_user_change(ipauser, original_passwd, new_passwd,
self.master)
# try to kinit as ipauser
self.master.run_command(
['kinit', '-E', '{0}@{1}'.format(ipauser,
self.master.domain.name)],
stdin_text=new_passwd)
def test_remove_nonposix_trust(self): def test_remove_nonposix_trust(self):
tasks.remove_trust_with_ad(self.master, self.ad_domain) tasks.remove_trust_with_ad(self.master, self.ad_domain)
tasks.clear_sssd_cache(self.master) tasks.clear_sssd_cache(self.master)

13
ipatests/test_integration/util.py
View File

@ -20,6 +20,8 @@
import time import time
import re import re
from ipaplatform.paths import paths
from ipalib.constants import DEFAULT_CONFIG
def run_repeatedly(host, command, assert_zero_rc=True, test=None, def run_repeatedly(host, command, assert_zero_rc=True, test=None,
timeout=30, **kwargs): timeout=30, **kwargs):
@ -75,3 +77,14 @@ def get_host_ip_with_hostmask(host):
if match: if match:
return match.group('full_ip') return match.group('full_ip')
def ldappasswd_user_change(user, oldpw, newpw, master):
container_user = dict(DEFAULT_CONFIG)['container_user']
basedn = master.domain.basedn
userdn = "uid={},{},{}".format(user, container_user, basedn)
args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
'-s', newpw, '-x']
master.run_command(args)