ipatests: test that adding Active Directory user to a role makes it an administrator

Fixes: https://pagure.io/freeipa/issue/8357

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy 2020-06-05 19:18:07 +03:00 committed by Rob Crittenden
parent 0ba64b1ac3
commit 9248d23ae8

View File

@ -149,6 +149,32 @@ class TestTrust(BaseTestTrust):
tasks.kdestroy_all(self.master)
tasks.kinit_admin(self.master)
def test_ipa_management_run_as_aduser(self):
"""Test if adding AD user to a role makes it an administrator"""
ipauser = u'tuser'
ad_admin = 'Administrator@%s' % self.ad_domain
tasks.kdestroy_all(self.master)
tasks.kinit_admin(self.master)
self.master.run_command(['ipa', 'idoverrideuser-add',
'Default Trust View', ad_admin])
self.master.run_command(['ipa', 'role-add-member',
'User Administrator',
'--idoverrideusers', ad_admin])
tasks.kdestroy_all(self.master)
tasks.kinit_as_user(self.master, ad_admin,
self.master.config.ad_admin_password)
# Create a user in IPA as Active Directory administrator
self.test_ipauser_authentication_with_nonposix_trust()
tasks.kdestroy_all(self.master)
tasks.kinit_as_user(self.master, ad_admin,
self.master.config.ad_admin_password)
self.master.run_command(['ipa', 'user-del', ipauser], raiseonerr=False)
tasks.kdestroy_all(self.master)
tasks.kinit_admin(self.master)
def test_ipauser_authentication_with_nonposix_trust(self):
ipauser = u'tuser'
original_passwd = 'Secret123'