def test_0001_ad_schema_idmapping_true_user(multihost, prepare_users):
"""test_0001_ad_schema_idmapping_true_user
:title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
idmapping is set to True for an user
:id: fb75a597-7567-48c2-a786-74c6b4eeab37
:setup:
1. Configure ldap_idmap_range_size, ldap_id_mapping=True clear
cache and restart sssd.
:steps:
1. Gather user information using getent passwd and run id command.
2. Gather user information directly from AD (powershell).
3. Gather user information from cache ldb.
4. Compute user uid, gid.
5. Compare gathered data and make sure that it is consistent.
:expectedresults:
1. User is found.
2. Data is collected.
3. Data is collected.
4. Computed user uid, gid are matching the ones from getent.
5. The content of data is consistent across the sources.
:customerscenario: False
"""
ad_realm = multihost.ad[0].domainname.upper()
# Configure sssd
multihost.client[0].service_sssd('stop')
client = sssdTools(multihost.client[0], multihost.ad[0])
client.backup_sssd_conf()
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {
'ldap_id_mapping': 'True',
'debug_level': '9',
'id_provider': 'ad',
'ad_domain': multihost.ad[0].domainname.lower(),
'ad_server': multihost.ad[0].hostname,
'ldap_idmap_range_size': RANGE_SIZE,
}
client.sssd_conf(dom_section, sssd_params)
client.clear_sssd_cache()
# Get the non-posix user name from the fixture
ad_user, _, _, _ = prepare_users
# Gather the info about user from getent passwd
getent_info = client.get_getent_passwd(f"{ad_user}@{ad_realm}")
multihost.client[0].run_command(
f'id {ad_user}@{ad_realm}', raiseonerr=False)
ldb_info = client.dump_ldb(ad_user, ad_realm.lower())
ad_op = ADOperations(multihost.ad[0])
ad_info = ad_op.get_user_info(ad_user)
uid, gid = ADOperations.compute_id_mapping(
ad_info['objectSid'], int(ad_info['primaryGroupID']),
range_min=RANGE_MIN, range_size=RANGE_SIZE, range_max=RANGE_MAX)
ad_info['uidnumber_'], ad_info['gidnumber_'] = str(uid), str(gid)
client.restore_sssd_conf()
client.clear_sssd_cache()
# Evaluate test results
assert ad_info['Name'] in getent_info['name']
assert getent_info['uid'] == ad_info['uidnumber_']
assert getent_info['gid'] == ad_info['gidnumber_']
assert getent_info['gecos'] == ad_info['gecos']
assert ad_info['Name'] == ldb_info['fullName']
assert ad_info['SamAccountName'] in ldb_info['name']
assert ad_info['uidnumber_'] == ldb_info['uidNumber']
assert ad_info['gidnumber_'] == ldb_info['gidNumber']
assert ad_info['gecos'] == ldb_info['gecos']
assert ldb_info['originalMemberOf'] in ad_info['MemberOf']
assert ad_info['userAccountControl'] == \
ldb_info['adUserAccountControl']
assert ad_info['objectSid'] == ldb_info['objectSIDString']
def test_0003_ad_schema_idmapping_false_user(multihost, prepare_users):
"""
:title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
idmapping is set to False an user
:id: bef6b2d1-656c-48f9-b6ff-2153d10c3556
:setup:
1. Configure ldap_idmap_range_size, ldap_id_mapping=False clear
cache and restart sssd.
:steps:
1. Gather user information using getent passwd and run id command.
2. Gather user information directly from AD (powershell).
3. Gather user information from cache ldb.
4. Compare gathered data and make sure that it is consistent.
:expectedresults:
1. User is found.
2. Data is collected.
3. Data is collected.
4. The content of data is consistent across the sources.
:customerscenario: False
"""
ad_realm = multihost.ad[0].domainname.upper()
client = sssdTools(multihost.client[0], multihost.ad[0])
# Backup the config because with broken config we can't leave ad
client.backup_sssd_conf()
# Configure sssd to ad_domain = junk
multihost.client[0].service_sssd('stop')
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {
'ldap_id_mapping': 'False',
'debug_level': '9',
'id_provider': 'ad',
'ad_domain': multihost.ad[0].domainname.lower(),
'ad_server': multihost.ad[0].hostname,
'ldap_idmap_range_size': RANGE_SIZE,
}
client.sssd_conf(dom_section, sssd_params)
client.clear_sssd_cache()
# Get the posix user name from the fixture
_, _, ad_user, _ = prepare_users
# Gather the info about user from getent passwd
getent_info = client.get_getent_passwd(f"{ad_user}@{ad_realm}")
multihost.client[0].run_command(
f'id {ad_user}@{ad_realm}', raiseonerr=False)
ldb_info = client.dump_ldb(ad_user, ad_realm.lower())
ad_op = ADOperations(multihost.ad[0])
ad_info = ad_op.get_user_info(ad_user)
client.restore_sssd_conf()
client.clear_sssd_cache()
# Evaluate test results
assert ad_info['Name'] in getent_info['name']
assert getent_info['uid'] == ad_info['uidNumber']
assert getent_info['gid'] == ad_info['gidNumber']
assert getent_info['gecos'] == ad_info['gecos']
assert getent_info['home'] == ad_info['unixHomeDirectory']
assert getent_info['shell'] == ad_info['loginShell']
assert ad_info['Name'] == ldb_info['fullName']
assert ad_info['SamAccountName'] in ldb_info['name']
assert ad_info['uidNumber'] == ldb_info['uidNumber']
assert ad_info['gidNumber'] == ldb_info['gidNumber']
assert ad_info['loginShell'] == ldb_info['loginShell']
assert ad_info['uSNChanged'] == ldb_info['entryUSN']
assert ad_info['gecos'] == ldb_info['gecos']
assert ad_info['unixHomeDirectory'] == ldb_info['homeDirectory']
assert ad_info['accountExpires'] == ldb_info['adAccountExpires']
assert ldb_info['originalMemberOf'] in ad_info['MemberOf']
assert ad_info['userAccountControl'] == \
ldb_info['adUserAccountControl']
assert ad_info['objectSid'] == ldb_info['objectSIDString']