|
 |
cce5df |
From d5cca835d5439331c05475d0ad2f993ac6f8b615 Mon Sep 17 00:00:00 2001
|
|
|
cce5df |
From: Sudhir Menon <sumenon@redhat.com>
|
|
|
cce5df |
Date: Wed, 11 Nov 2020 14:55:32 +0530
|
|
|
cce5df |
Subject: [PATCH] ipatests: support subordinate upn suffixes
|
|
|
cce5df |
|
|
|
cce5df |
This test adds new UPN Suffix on the AD side
|
|
|
cce5df |
within the ad.test subtree i.e new.ad.test and this
|
|
|
cce5df |
UPN is then assigned to aduser and then try to
|
|
|
cce5df |
kinit using aduser along with the UPN set, to ensure
|
|
|
cce5df |
that the kinit succeeds
|
|
|
cce5df |
|
|
|
cce5df |
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
|
|
|
cce5df |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
cce5df |
---
|
|
|
cce5df |
ipatests/test_integration/test_trust.py | 45 +++++++++++++++++++++++++
|
|
|
cce5df |
1 file changed, 45 insertions(+)
|
|
|
cce5df |
|
|
|
cce5df |
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
|
|
|
cce5df |
index 7e4dbcc6e..31349ced7 100644
|
|
|
cce5df |
--- a/ipatests/test_integration/test_trust.py
|
|
|
cce5df |
+++ b/ipatests/test_integration/test_trust.py
|
|
|
cce5df |
@@ -245,6 +245,51 @@ class TestTrust(BaseTestTrust):
|
|
|
cce5df |
self.master.run_command(['kinit', '-C', '-E', self.upn_principal],
|
|
|
cce5df |
stdin_text=self.upn_password)
|
|
|
cce5df |
|
|
|
cce5df |
+ def test_subordinate_suffix(self):
|
|
|
cce5df |
+ """Test subordinate UPN Suffixes"""
|
|
|
cce5df |
+ tasks.configure_dns_for_trust(self.master, self.ad)
|
|
|
cce5df |
+ tasks.establish_trust_with_ad(
|
|
|
cce5df |
+ self.master, self.ad_domain,
|
|
|
cce5df |
+ extra_args=['--range-type', 'ipa-ad-trust'])
|
|
|
cce5df |
+ # Clear all UPN Suffixes
|
|
|
cce5df |
+ ps_cmd = "Get-ADForest | Set-ADForest -UPNSuffixes $null"
|
|
|
cce5df |
+ self.ad.run_command(["powershell", "-c", ps_cmd])
|
|
|
cce5df |
+ result = self.master.run_command(["ipa", "trust-show", self.ad_domain])
|
|
|
cce5df |
+ assert (
|
|
|
cce5df |
+ "ipantadditionalsuffixes: {}".format(self.upn_suffix)
|
|
|
cce5df |
+ not in result.stdout_text
|
|
|
cce5df |
+ )
|
|
|
cce5df |
+ # Run Get-ADForest
|
|
|
cce5df |
+ ps_cmd1 = "Get-ADForest"
|
|
|
cce5df |
+ self.ad.run_command(["powershell", "-c", ps_cmd1])
|
|
|
cce5df |
+ # Add new UPN for AD
|
|
|
cce5df |
+ ps_cmd2 = (
|
|
|
cce5df |
+ 'Get-ADForest | Set-ADForest -UPNSuffixes '
|
|
|
cce5df |
+ '@{add="new.ad.test", "upn.dom"}'
|
|
|
cce5df |
+ )
|
|
|
cce5df |
+ self.ad.run_command(["powershell", "-c", ps_cmd2])
|
|
|
cce5df |
+ self.ad.run_command(["powershell", "-c", ps_cmd1])
|
|
|
cce5df |
+ self.master.run_command(
|
|
|
cce5df |
+ ["ipa", "trust-fetch-domains", self.ad_domain],
|
|
|
cce5df |
+ raiseonerr=False)
|
|
|
cce5df |
+ self.master.run_command(["ipa", "trust-show", self.ad_domain])
|
|
|
cce5df |
+ # Set UPN for the aduser
|
|
|
cce5df |
+ ps_cmd3 = (
|
|
|
cce5df |
+ 'set-aduser -UserPrincipalName '
|
|
|
cce5df |
+ 'Administrator@new.ad.test -Identity Administrator'
|
|
|
cce5df |
+ )
|
|
|
cce5df |
+ self.ad.run_command(["powershell", "-c", ps_cmd3])
|
|
|
cce5df |
+ # kinit to IPA using AD user Administrator@new.ad.test
|
|
|
cce5df |
+ result = self.master.run_command(
|
|
|
cce5df |
+ ["getent", "passwd", "Administrator@new.ad.test"]
|
|
|
cce5df |
+ )
|
|
|
cce5df |
+ assert result.returncode == 0
|
|
|
cce5df |
+ self.master.run_command(
|
|
|
cce5df |
+ ["kinit", "-E", "Administrator@new.ad.test"],
|
|
|
cce5df |
+ stdin_text="Secret123",
|
|
|
cce5df |
+ )
|
|
|
cce5df |
+ tasks.kdestroy_all(self.master)
|
|
|
cce5df |
+
|
|
|
cce5df |
def test_remove_nonposix_trust(self):
|
|
|
cce5df |
self.remove_trust(self.ad)
|
|
|
cce5df |
tasks.unconfigure_dns_for_trust(self.master, self.ad)
|
|
|
cce5df |
--
|
|
|
cce5df |
2.29.2
|
|
|
cce5df |
|