Add a new integration test for the following scenario:
- create a user with the "User Administrator" role
- as this user, create a user with a --radius=<radius_proxy_server>
This scenario was previously failing because ipa user-add --radius
requires read access to the radius server entries, and there was no
permission granting this access.
Related to https://pagure.io/freeipa/issue/7570
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
pytest 3.7.0 doesn't like ipatests.pytest_plugins package. The string
"pytest_plugins" is used as marker to load plugins. By populare vote and
to avoid future conflicts, we decided to rename the directory to pytest_ipa.
Fixes: https://pagure.io/freeipa/issue/7663
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ipa-client-install --request-cert now waits until certmonger has
provided a host certificate. In case of an error, ipa-client-install no
longer pretents to success but fails with an error code.
The --request-cert option also ensures that certmonger is enabled and
running.
See: Fixes: https://pagure.io/freeipa/issue/7623
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
The ACI needed for staged users and deleted users were granted
only to the uid=admin user. They should rather be granted to
cn=admins group, to make sure that all members of the admins
group are able to call the command ipa user-del --preserve.
This commit also adds integration test for non-regression.
https://pagure.io/freeipa/issue/7342
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
