From db7cd79858ec8fad7d094ca883d8b7d82c7c1ac1 Mon Sep 17 00:00:00 2001 From: Anuja More Date: Tue, 27 Sep 2022 17:45:11 +0530 Subject: [PATCH] ipatests : Test query to AD specific attributes is successful. Test scenario: configure sssd with ldap_group_name = info for the trusted domain, so that the group name is read from the "info" attribute of the AD group entry. With this setting, it is possible to have a group and a user that appear on IdM side with the same name. Ensure that the conflict does not break IdM and that the id, getent group and getent passwd commands work on an IdM client. Related : https://pagure.io/freeipa/issue/9127 Signed-off-by: Anuja More Reviewed-By: Florence Blanc-Renaud --- ipatests/test_integration/test_sssd.py | 47 ++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index 7c15e8e2d..8d7adf53f 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -26,7 +26,6 @@ from ipapython.dn import DN class TestSSSDWithAdTrust(IntegrationTest): - topology = 'star' num_ad_domains = 1 num_ad_subdomains = 1 @@ -148,7 +147,7 @@ class TestSSSDWithAdTrust(IntegrationTest): try: with tasks.remote_sssd_config(self.master) as sssd_conf: sssd_conf.edit_service("nss", - 'filter_users', self.users[user]['name']) + 'filter_users', self.users[user]['name']) tasks.clear_sssd_cache(self.master) yield finally: @@ -266,6 +265,7 @@ class TestSSSDWithAdTrust(IntegrationTest): Regression test for https://pagure.io/SSSD/sssd/issue/4012 """ + def get_cache_update_time(obj_kind, obj_name): res = self.master.run_command( ['sssctl', '{}-show'.format(obj_kind), obj_name]) @@ -516,6 +516,49 @@ class TestSSSDWithAdTrust(IntegrationTest): 'https://pagure.io/SSSD/sssd/issue/4061'): assert 'gid={id}'.format(id=gid) in test_gid.stdout_text + def test_aduser_mgmt(self): + """Test for aduser-group management with posix AD trust + + Verify that query to the AD specific attributes for a + user or a group directly is successful. + + Related : https://pagure.io/freeipa/issue/9127 + """ + tasks.remove_trust_with_ad(self.master, self.ad.domain.name, + self.ad.hostname) + tasks.configure_windows_dns_for_trust(self.ad, self.master) + tasks.establish_trust_with_ad( + self.master, self.ad.domain.name, + extra_args=['--range-type', 'ipa-ad-trust-posix', + '--two-way=true']) + aduser = 'mytestuser@%s' % self.ad.domain.name + tasks.clear_sssd_cache(self.master) + self.master.run_command( + ['getent', 'group', aduser], + ok_returncode=2) + sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF) + content = self.master.get_file_contents(paths.SSSD_CONF, + encoding='utf-8') + conf = content + "\n[domain/{0}/{1}]\nldap_group_name = info".format( + self.master.domain.name, self.ad.domain.name + ) + self.master.put_file_contents(paths.SSSD_CONF, conf) + tasks.clear_sssd_cache(self.master) + tasks.clear_sssd_cache(self.clients[0]) + regex = r"^uid=(?P\d+).*gid=(?P\d+).*groups=(?P\d+)" + try: + for host in [self.master, self.clients[0]]: + test_id = host.run_command(["id", aduser]) + match = re.match(regex, test_id.stdout_text) + uid = match.group('uid') + gid = match.group('gid') + assert uid == gid + host.run_command(["getent", "passwd", aduser]) + host.run_command(["getent", "group", aduser]) + finally: + sssd_conf_backup.restore() + tasks.clear_sssd_cache(self.master) + class TestNestedMembers(IntegrationTest): num_clients = 1