ipatests : Test query to AD specific attributes is successful.

Test scenario:
configure sssd with ldap_group_name = info for the trusted domain,
so that the group name is read from the "info" attribute
of the AD group entry.
With this setting, it is possible to have a group and a user
that appear on IdM side with the same name.
Ensure that the conflict does not break IdM and that the id,
getent group and getent passwd commands work on an IdM client.

Related : https://pagure.io/freeipa/issue/9127

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

ipatests/test_integration/test_sssd.py

@@ -26,7 +26,6 @@ from ipapython.dn import DN
 
 
 class TestSSSDWithAdTrust(IntegrationTest):
-
     topology = 'star'
     num_ad_domains = 1
     num_ad_subdomains = 1
@@ -148,7 +147,7 @@ class TestSSSDWithAdTrust(IntegrationTest):
         try:
             with tasks.remote_sssd_config(self.master) as sssd_conf:
                 sssd_conf.edit_service("nss",
-                                      'filter_users', self.users[user]['name'])
+                                       'filter_users', self.users[user]['name'])
             tasks.clear_sssd_cache(self.master)
             yield
         finally:
@@ -266,6 +265,7 @@ class TestSSSDWithAdTrust(IntegrationTest):
 
         Regression test for https://pagure.io/SSSD/sssd/issue/4012
         """
+
         def get_cache_update_time(obj_kind, obj_name):
             res = self.master.run_command(
                 ['sssctl', '{}-show'.format(obj_kind), obj_name])
@@ -516,6 +516,49 @@ class TestSSSDWithAdTrust(IntegrationTest):
                                'https://pagure.io/SSSD/sssd/issue/4061'):
                 assert 'gid={id}'.format(id=gid) in test_gid.stdout_text
 
+    def test_aduser_mgmt(self):
+        """Test for aduser-group management with posix AD trust
+
+        Verify that query to the AD specific attributes for a
+        user or a group directly is successful.
+
+        Related : https://pagure.io/freeipa/issue/9127
+        """
+        tasks.remove_trust_with_ad(self.master, self.ad.domain.name,
+                                   self.ad.hostname)
+        tasks.configure_windows_dns_for_trust(self.ad, self.master)
+        tasks.establish_trust_with_ad(
+            self.master, self.ad.domain.name,
+            extra_args=['--range-type', 'ipa-ad-trust-posix',
+                        '--two-way=true'])
+        aduser = 'mytestuser@%s' % self.ad.domain.name
+        tasks.clear_sssd_cache(self.master)
+        self.master.run_command(
+            ['getent', 'group', aduser],
+            ok_returncode=2)
+        sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF)
+        content = self.master.get_file_contents(paths.SSSD_CONF,
+                                                encoding='utf-8')
+        conf = content + "\n[domain/{0}/{1}]\nldap_group_name = info".format(
+            self.master.domain.name, self.ad.domain.name
+        )
+        self.master.put_file_contents(paths.SSSD_CONF, conf)
+        tasks.clear_sssd_cache(self.master)
+        tasks.clear_sssd_cache(self.clients[0])
+        regex = r"^uid=(?P<uid>\d+).*gid=(?P<gid>\d+).*groups=(?P<groups>\d+)"
+        try:
+            for host in [self.master, self.clients[0]]:
+                test_id = host.run_command(["id", aduser])
+                match = re.match(regex, test_id.stdout_text)
+                uid = match.group('uid')
+                gid = match.group('gid')
+                assert uid == gid
+                host.run_command(["getent", "passwd", aduser])
+                host.run_command(["getent", "group", aduser])
+        finally:
+            sssd_conf_backup.restore()
+            tasks.clear_sssd_cache(self.master)
+
 
 class TestNestedMembers(IntegrationTest):
     num_clients = 1