def add_nisobject(session_multihost, request):
""" Add nisobject to auto.direct map """
share_list = [request.param]
nfs_server = session_multihost.master[0].external_hostname
client_ip = session_multihost.client[0].ip
server = sssdTools(session_multihost.master[0])
bkup = 'cp -af /etc/exports /etc/exports.backup'
session_multihost.master[0].run_command(bkup)
session_multihost.master[0].package_mgmt('nfs-utils', action='install')
server.export_nfs_fs(share_list, client_ip)
start_nfs = 'systemctl start nfs-server'
try:
session_multihost.master[0].run_command(start_nfs)
except subprocess.CalledProcessError:
pytest.fail("Unable to start nfs server")
ad = ADOperations(session_multihost.ad[0])
ret = ad.add_map(request.param, nfs_server)
assert ret == 'Success'
def remove_project():
""" Remove the nisproject from map """
stop_autofs = 'systemctl stop autofs'
session_multihost.client[0].run_command(stop_autofs)
ret = ad.delete_map(request.param)
assert ret == 'Success'
remove_share = 'rm -rf %s' % request.param
session_multihost.master[0].run_command(remove_share)
restore = 'cp -f /etc/exports.backup /etc/exports'
session_multihost.master[0].run_command(restore)
stop_nfs = "systemctl stop nfs-server"
try:
session_multihost.master[0].run_command(stop_nfs)
except subprocess.CalledProcessError:
pytest.fail("failed to stop nfs-server")
request.addfinalizer(remove_project)
def create_aduser_group(session_multihost, request):
""" create AD user group """
uid = random.randint(9999, 999999)
ad = ADOperations(session_multihost.ad[0])
ad_user = '******' % uid
ad_group = 'testgroup%d' % uid
ad.create_ad_unix_user_group(ad_user, ad_group)
def remove_ad_user_group():
""" Remove windows AD user and group """
ad.delete_ad_user_group(ad_group)
ad.delete_ad_user_group(ad_user)
request.addfinalizer(remove_ad_user_group)
return (ad_user, ad_group)
def sudorules(session_multihost, request):
""" Create AD Sudo rules """
basedn = session_multihost.ad[0].domain_basedn_entry
ad_password = session_multihost.ad[0].ssh_password
realm = session_multihost.ad[0].realm
winad = ADOperations(session_multihost.ad[0])
win_ldap = winad.ad_conn()
ad_ip = session_multihost.ad[0].ip
sudo_ou = 'ou=Sudoers,%s' % basedn
remove_sudo = "powershell.exe -inputformat none -noprofile "\
"'(Remove-ADOrganizationalUnit -Identity \"%s\" "\
"-Recursive -Confirm:$false)'" % (sudo_ou)
session_multihost.ad[0].run_command(remove_sudo, raiseonerr=False)
def_command = '/usr/bin/less'
win_ldap.org_unit('Sudoers', basedn)
for item in ['user', 'group']:
for idx in range(1, 10):
rule_dn = 'cn=less_%s_rule%d,%s' % (item, idx, sudo_ou)
sudo_identity = 'sudo_idm%s%d@%s' % (item, idx, realm)
sudo_options = ["!requiretty", "!authenticate"]
try:
win_ldap.add_sudo_rule(rule_dn, 'ALL', def_command,
sudo_identity, sudo_options)
except LdapException:
pytest.fail("Failed to add sudo rule %s" % rule_dn)
if item == 'user':
user = '******' % idx
extra_sudo_user = [(ldap.MOD_ADD, 'sudoUser',
user.encode('utf-8'))]
(ret, _) = win_ldap.modify_ldap(rule_dn, extra_sudo_user)
assert ret == 'Success'
cmd = "ldapsearch -x -LLL -b '%s' -D cn=Administrator"\
",cn=Users,%s -w %s -H ldap://%s" % (sudo_ou, basedn,
ad_password, ad_ip)
session_multihost.client[0].run_command(cmd, raiseonerr=False)
def delete_sudorule():
""" Delete sudo rule """
for item in ['user', 'group']:
for idx in range(1, 10):
rule_dn = 'cn=less_%s_rule%d,%s' % (item, idx, sudo_ou)
(ret, _) = win_ldap.del_dn(rule_dn)
assert ret == 'Success'
session_multihost.ad[0].run_command(remove_sudo)
request.addfinalizer(delete_sudorule)
def fixture_prepare_users(session_multihost, request):
"""Prepare users and groups"""
uid = random.randint(9999, 99999)
ad_op = ADOperations(session_multihost.ad[0])
# Setup non-posix user 1
ad_user_1 = 'testuser1%d' % uid
ad_group_1 = 'testgroup1%d' % uid
ad_op.create_ad_nonposix_user(ad_user_1)
ad_op.create_ad_nonposix_group(ad_group_1)
ad_op.add_user_member_of_group(ad_group_1, ad_user_1)
# Add gecos to user 1
usr = f"powershell.exe -inputformat none -noprofile 'Set-ADUser " \
f"-Identity \"{ad_user_1}\" -Add @{{" \
f"gecos = \"{ad_user_1}\";}}'"
session_multihost.ad[0].run_command(usr, raiseonerr=False)
# Set user primary group
upg = f"powershell.exe -inputformat none -noprofile " \
f"'Set-ADUserPrimaryGroup {ad_user_1} \'{ad_group_1}\''"
session_multihost.ad[0].run_command(upg, raiseonerr=False)
# Setup posix user 2
ad_user_2 = 'testuser2%d' % uid
ad_group_2 = 'testgroup2%d' % uid
ad_op.create_ad_unix_user_group(ad_user_2, ad_group_2)
# Add gecos to user 2
usr = f"powershell.exe -inputformat none -noprofile 'Set-ADUser " \
f"-Identity \"{ad_user_2}\" -Add @{{" \
f"gecos = \"{ad_user_2}\";}}'"
session_multihost.ad[0].run_command(usr, raiseonerr=False)
def remove_ad_user_groups():
""" Remove windows AD users and groups"""
ad_op.delete_ad_user_group(ad_user_1)
ad_op.delete_ad_user_group(ad_group_1)
ad_op.delete_ad_user_group(ad_user_2)
ad_op.delete_ad_user_group(ad_group_2)
request.addfinalizer(remove_ad_user_groups)
return ad_user_1, ad_group_1, ad_user_2, ad_group_2
def configure_samba(session_multihost, request):
""" samba server """
master = sambaTools(session_multihost.master[0], session_multihost.ad[0])
adops = ADOperations(session_multihost.ad[0])
share_name = 'share1'
share_path = '/mnt/samba/%s' % share_name
master.add_share_definition('share1', '/mnt/samba/share1')
master.service_smb(action='restart')
time.sleep(20)
def stop_samba_server():
""" Stop samba server """
print("we are stopping samba server")
master.service_smb(action='stop')
master.clear_samba_cache()
master.remove_smbconf()
request.addfinalizer(stop_samba_server)
def create_ad_sudousers(session_multihost, request):
""" create Ad sudo users and groups """
ad = ADOperations(session_multihost.ad[0])
for idx in range(1, 10):
ad_user = '******' % idx
ad_group = 'sudo_idmgroup%d' % idx
ad.delete_ad_user_group(ad_group)
ad.delete_ad_user_group(ad_user)
ad.create_ad_unix_user_group(ad_user, ad_group)
def remove_ad_sudousers():
""" Remove AD sudo users and groups """
for idx in range(1, 10):
ad_user = '******' % idx
ad_group = 'sudo_idmgroup%d' % idx
ad.delete_ad_user_group(ad_group)
ad.delete_ad_user_group(ad_user)
request.addfinalizer(remove_ad_sudousers)
def samba_share_permissions(session_multihost, request):
""" Set permissions on samba share """
smbTools = sambaTools(session_multihost.master[0], session_multihost.ad[0])
adops = ADOperations(session_multihost.ad[0])
share_name = 'share1'
share_path = '/mnt/samba/%s' % share_name
smbTools.create_samba_share(share_path)
realm = session_multihost.ad[0].realm
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
all_group = 'idmfooallgroup'
adops.delete_ad_user_group(ad_group)
adops.delete_ad_user_group(ad_user)
adops.delete_ad_user_group(all_group)
adops.create_ad_unix_group(all_group)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
adops.create_ad_unix_user_group(ad_user, ad_group)
adops.add_user_member_of_group(all_group, ad_user)
session_multihost.master[0].service_sssd('restart')
time.sleep(30)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
directory = '/mnt/samba/share1/idmfoogroup%d' % idx
create_dir = 'mkdir -p %s' % directory
session_multihost.master[0].run_command(create_dir)
chmod = 'chmod 2770 %s' % directory
session_multihost.master[0].run_command(chmod)
chgrp = "chgrp '%s@%s' %s " % (ad_group, realm, directory)
session_multihost.master[0].run_command(chgrp)
all_group = 'idmfooallgroup'
common_dir = 'mkdir -p /mnt/samba/share1/allgroup'
session_multihost.master[0].run_command(common_dir)
chgrp = "chgrp '%s@%s' /mnt/samba/share1/allgroup " % (all_group, realm)
chmod = "chmod 2770 /mnt/samba/share1/allgroup"
session_multihost.master[0].run_command(chgrp)
session_multihost.master[0].run_command(chmod)
# create mount point on client
mount_point = 'mkdir -p %s' % share_path
session_multihost.client[0].run_command(mount_point)
def delete_share_directory():
""" Delete share directory """
print("we are deleting samba share directory")
smbTools.delete_samba_share(share_path)
remove_mount_point = "rm -rf %s" % share_path
session_multihost.client[0].run_command(remove_mount_point)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
all_group = 'idmfooallgroup'
adops.delete_ad_user_group(ad_group)
adops.delete_ad_user_group(all_group)
adops.delete_ad_user_group(ad_user)
request.addfinalizer(delete_share_directory)
def create_ad_sudousers(session_multihost, request):
""" create Ad sudo users and groups """
ad = ADOperations(session_multihost.ad[0])
for idx in range(1, 10):
ad_user = '******' % idx
ad_group = 'sudo_idmgroup%d' % idx
ad.delete_ad_user_group(ad_group)
ad.delete_ad_user_group(ad_user)
ad.create_ad_unix_user_group(ad_user, ad_group)
ad_user1 = 'sudo_user1'
ad_group2 = 'sudo_group2'
ad.create_ad_unix_user_group(ad_user1, ad_group2)
ad_group1 = 'sudo_groupx'
ad.create_ad_nonposix_group(ad_group1)
ad.add_user_member_of_group(ad_group1, ad_user1)
def remove_ad_sudousers():
""" Remove AD sudo users and groups """
for idx in range(1, 10):
ad_user = '******' % idx
ad_group = 'sudo_idmgroup%d' % idx
ad.delete_ad_user_group(ad_group)
ad.delete_ad_user_group(ad_user)
for object in [ad_group1, ad_group2, ad_user1]:
ad.delete_ad_user_group(object)
request.addfinalizer(remove_ad_sudousers)
def test_idview_override_group_fails(multihost, create_aduser_group):
"""
:title: IPA clients fail to resolve override group names in custom view
:id: 7a0dc871-fdad-4c07-9d07-a092baa83178
:customerscenario: true
:bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=2004406
https://bugzilla.redhat.com/show_bug.cgi?id=2031729
:description: Overriding both user and group names and ids in
an idview for user and group from AD results in error in sssd
when running id command.
:setup:
1. Create user and group (group1) on AD.
2. Make AD user member of group1.
3. Create additional group (group2) on AD.
:steps:
1. ID views to override AD groupname and gid of group1.
2. ID views to override AD groupname and gid of group2.
3. ID view to override AD username, uid and gid (to gid of group2).
4. Run an "id" command for the override user.
:expectedresults:
1. View with an override is created.
2. View with an override is created.
3. User override is added to the view.
4. Id command succeeds, group override is visible, all groups are
properly resolved.
"""
(aduser, adgroup) = create_aduser_group
run_id_int = random.randint(9999, 999999)
adgroup2 = f"group2_{run_id_int}"
ado = ADOperations(multihost.ad[0])
ado.create_ad_unix_group(adgroup2)
domain = multihost.ad[0].domainname
ipa_client = sssdTools(multihost.client[0])
ipa_client.clear_sssd_cache()
view = f'prygl_trust_view_{run_id_int}'
create_view = f'ipa idview-add {view}'
multihost.master[0].run_command(create_view, raiseonerr=False)
create_grp_override = f'ipa idoverridegroup-add "{view}" ' \
f'{adgroup}@{domain} --group-name ' \
f'"borci{run_id_int}" --gid={run_id_int+1}'
multihost.master[0].run_command(create_grp_override, raiseonerr=False)
create_grp2_override = f'ipa idoverridegroup-add "{view}" ' \
f'{adgroup2}@{domain} --group-name ' \
f'"magori{run_id_int}" --gid={run_id_int+2}'
multihost.master[0].run_command(create_grp2_override, raiseonerr=False)
create_user_override = f'ipa idoverrideuser-add "{view}" ' \
f'{aduser}@{domain} --login ferko{run_id_int} ' \
f'--uid=50001 --gidnumber={run_id_int+2}'
multihost.master[0].run_command(create_user_override, raiseonerr=False)
# Apply the view on client
multihost.master[0].run_command(
f"ipa idview-apply '{view}' --hosts="
f"{multihost.client[0].sys_hostname}",
raiseonerr=False)
ipa_client.clear_sssd_cache()
time.sleep(5)
cmd = multihost.client[0].run_command(f'id ferko{run_id_int}@{domain}',
raiseonerr=False)
# TEARDOWN
ado.delete_ad_user_group(adgroup2)
multihost.master[0].run_command(f'ipa idview-del {view}',
raiseonerr=False)
# Test result Evaluation
assert cmd.returncode == 0, f"User {aduser} was not found."
assert f"borci{run_id_int}@{domain}" in cmd.stdout_text,\
f"Group 1 {adgroup} name was not overridden/resolved."
assert f"magori{run_id_int}@{domain}" in cmd.stdout_text,\
f"Group 2 {adgroup2} name was not overridden/resolved."
assert f"{run_id_int+1}" in cmd.stdout_text,\
"Group 1 id was not overridden."
assert f"{run_id_int+2}" in cmd.stdout_text,\
"Group 2 id was not overridden."
assert f"domain users@{domain}" in cmd.stdout_text, \
"Group domain users is missing."
def test_0001_ad_schema_idmapping_true_user(multihost, prepare_users):
"""test_0001_ad_schema_idmapping_true_user
:title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
idmapping is set to True for an user
:id: fb75a597-7567-48c2-a786-74c6b4eeab37
:setup:
1. Configure ldap_idmap_range_size, ldap_id_mapping=True clear
cache and restart sssd.
:steps:
1. Gather user information using getent passwd and run id command.
2. Gather user information directly from AD (powershell).
3. Gather user information from cache ldb.
4. Compute user uid, gid.
5. Compare gathered data and make sure that it is consistent.
:expectedresults:
1. User is found.
2. Data is collected.
3. Data is collected.
4. Computed user uid, gid are matching the ones from getent.
5. The content of data is consistent across the sources.
:customerscenario: False
"""
ad_realm = multihost.ad[0].domainname.upper()
# Configure sssd
multihost.client[0].service_sssd('stop')
client = sssdTools(multihost.client[0], multihost.ad[0])
client.backup_sssd_conf()
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {
'ldap_id_mapping': 'True',
'debug_level': '9',
'id_provider': 'ad',
'ad_domain': multihost.ad[0].domainname.lower(),
'ad_server': multihost.ad[0].hostname,
'ldap_idmap_range_size': RANGE_SIZE,
}
client.sssd_conf(dom_section, sssd_params)
client.clear_sssd_cache()
# Get the non-posix user name from the fixture
ad_user, _, _, _ = prepare_users
# Gather the info about user from getent passwd
getent_info = client.get_getent_passwd(f"{ad_user}@{ad_realm}")
multihost.client[0].run_command(
f'id {ad_user}@{ad_realm}', raiseonerr=False)
ldb_info = client.dump_ldb(ad_user, ad_realm.lower())
ad_op = ADOperations(multihost.ad[0])
ad_info = ad_op.get_user_info(ad_user)
uid, gid = ADOperations.compute_id_mapping(
ad_info['objectSid'], int(ad_info['primaryGroupID']),
range_min=RANGE_MIN, range_size=RANGE_SIZE, range_max=RANGE_MAX)
ad_info['uidnumber_'], ad_info['gidnumber_'] = str(uid), str(gid)
client.restore_sssd_conf()
client.clear_sssd_cache()
# Evaluate test results
assert ad_info['Name'] in getent_info['name']
assert getent_info['uid'] == ad_info['uidnumber_']
assert getent_info['gid'] == ad_info['gidnumber_']
assert getent_info['gecos'] == ad_info['gecos']
assert ad_info['Name'] == ldb_info['fullName']
assert ad_info['SamAccountName'] in ldb_info['name']
assert ad_info['uidnumber_'] == ldb_info['uidNumber']
assert ad_info['gidnumber_'] == ldb_info['gidNumber']
assert ad_info['gecos'] == ldb_info['gecos']
assert ldb_info['originalMemberOf'] in ad_info['MemberOf']
assert ad_info['userAccountControl'] == \
ldb_info['adUserAccountControl']
assert ad_info['objectSid'] == ldb_info['objectSIDString']
def test_0004_ad_schema_idmapping_false_group(multihost, prepare_users):
"""
:title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
idmapping is set to False for a group
:id: b1856f79-cbf8-4dd5-a1bd-a3761c1a4432
:setup:
1. Configure ldap_idmap_range_size, ldap_id_mapping=False clear
cache and restart sssd.
:steps:
1. Gather group information using getent group.
2. Gather group information directly from AD (powershell).
3. Gather group information from cache ldb.
4. Compare gathered data and make sure that it is consistent.
:expectedresults:
1. Group is found.
2. Data is collected.
3. Data is collected.
4. The content of data is consistent across the sources.
:customerscenario: False
"""
ad_realm = multihost.ad[0].domainname.upper()
client = sssdTools(multihost.client[0], multihost.ad[0])
# Backup the config because with broken config we can't leave ad
client.backup_sssd_conf()
# Configure sssd to ad_domain = junk
multihost.client[0].service_sssd('stop')
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {
'ldap_id_mapping': 'False',
'debug_level': '9',
'id_provider': 'ad',
'ad_domain': multihost.ad[0].domainname.lower(),
'ad_server': multihost.ad[0].hostname,
'ldap_idmap_range_size': RANGE_SIZE,
}
client.sssd_conf(dom_section, sssd_params)
client.clear_sssd_cache()
# Get the posix group name from the fixture
_, _, _, ad_group = prepare_users
# Get info from getent
getent_groupinfo = client.get_getent_group(f"{ad_group}@{ad_realm}")
# Get group info from AD
ad_op = ADOperations(multihost.ad[0])
group_info = ad_op.get_group_info(ad_group)
# Get group info from local cache ldb
group_ldb_info = client.dump_ldb(ad_group, ad_realm.lower())
client.restore_sssd_conf()
client.clear_sssd_cache()
# Evaluate test results
assert group_info['Name'] in getent_groupinfo['name']
assert group_info['gidNumber'] == getent_groupinfo['gid']
assert getent_groupinfo['users'].split("@")[0] in group_info['member']
assert group_info['Name'] in group_ldb_info['name']
assert group_info['gidNumber'] == group_ldb_info['gidNumber']
assert group_info['objectSid'] == group_ldb_info['objectSIDString']
assert group_ldb_info['orig_member'] in group_info['member']
assert group_info['uSNChanged'] == group_ldb_info['entryUSN']
def test_0003_ad_schema_idmapping_false_user(multihost, prepare_users):
"""
:title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
idmapping is set to False an user
:id: bef6b2d1-656c-48f9-b6ff-2153d10c3556
:setup:
1. Configure ldap_idmap_range_size, ldap_id_mapping=False clear
cache and restart sssd.
:steps:
1. Gather user information using getent passwd and run id command.
2. Gather user information directly from AD (powershell).
3. Gather user information from cache ldb.
4. Compare gathered data and make sure that it is consistent.
:expectedresults:
1. User is found.
2. Data is collected.
3. Data is collected.
4. The content of data is consistent across the sources.
:customerscenario: False
"""
ad_realm = multihost.ad[0].domainname.upper()
client = sssdTools(multihost.client[0], multihost.ad[0])
# Backup the config because with broken config we can't leave ad
client.backup_sssd_conf()
# Configure sssd to ad_domain = junk
multihost.client[0].service_sssd('stop')
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {
'ldap_id_mapping': 'False',
'debug_level': '9',
'id_provider': 'ad',
'ad_domain': multihost.ad[0].domainname.lower(),
'ad_server': multihost.ad[0].hostname,
'ldap_idmap_range_size': RANGE_SIZE,
}
client.sssd_conf(dom_section, sssd_params)
client.clear_sssd_cache()
# Get the posix user name from the fixture
_, _, ad_user, _ = prepare_users
# Gather the info about user from getent passwd
getent_info = client.get_getent_passwd(f"{ad_user}@{ad_realm}")
multihost.client[0].run_command(
f'id {ad_user}@{ad_realm}', raiseonerr=False)
ldb_info = client.dump_ldb(ad_user, ad_realm.lower())
ad_op = ADOperations(multihost.ad[0])
ad_info = ad_op.get_user_info(ad_user)
client.restore_sssd_conf()
client.clear_sssd_cache()
# Evaluate test results
assert ad_info['Name'] in getent_info['name']
assert getent_info['uid'] == ad_info['uidNumber']
assert getent_info['gid'] == ad_info['gidNumber']
assert getent_info['gecos'] == ad_info['gecos']
assert getent_info['home'] == ad_info['unixHomeDirectory']
assert getent_info['shell'] == ad_info['loginShell']
assert ad_info['Name'] == ldb_info['fullName']
assert ad_info['SamAccountName'] in ldb_info['name']
assert ad_info['uidNumber'] == ldb_info['uidNumber']
assert ad_info['gidNumber'] == ldb_info['gidNumber']
assert ad_info['loginShell'] == ldb_info['loginShell']
assert ad_info['uSNChanged'] == ldb_info['entryUSN']
assert ad_info['gecos'] == ldb_info['gecos']
assert ad_info['unixHomeDirectory'] == ldb_info['homeDirectory']
assert ad_info['accountExpires'] == ldb_info['adAccountExpires']
assert ldb_info['originalMemberOf'] in ad_info['MemberOf']
assert ad_info['userAccountControl'] == \
ldb_info['adUserAccountControl']
assert ad_info['objectSid'] == ldb_info['objectSIDString']
def test_0002_ad_schema_idmapping_true_group(multihost, prepare_users):
"""test_0002_ad_schema_idmapping_true_group
:title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
idmapping is set to True for a group
:id: 777bb5e3-6da5-495f-9098-754e483fa010
:setup:
1. Configure ldap_idmap_range_size, ldap_id_mapping=True clear
cache and restart sssd.
:steps:
1. Gather group information using getent group.
2. Gather group information directly from AD (powershell).
3. Gather group information from cache ldb.
4. Compute the gid for the group and compare with getent output.
5. Compare gathered data and make sure that it is consistent.
:expectedresults:
1. Group is found.
2. Data is collected.
3. Data is collected.
4. Computed gid is matching with the one from getent.
5. The content of data is consistent across the sources.
:customerscenario: False
"""
ad_realm = multihost.ad[0].domainname.upper()
# Configure sssd
multihost.client[0].service_sssd('stop')
client = sssdTools(multihost.client[0], multihost.ad[0])
client.backup_sssd_conf()
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {
'ldap_id_mapping': 'True',
'debug_level': '9',
'id_provider': 'ad',
'ad_domain': multihost.ad[0].domainname.lower(),
'ad_server': multihost.ad[0].hostname,
'ldap_idmap_range_size': RANGE_SIZE,
}
client.sssd_conf(dom_section, sssd_params)
client.clear_sssd_cache()
# Get the non-posix group name from the fixture
_, ad_group, _, _ = prepare_users
# Get info from getent
getent_groupinfo = client.get_getent_group(f"{ad_group}@{ad_realm}")
# Get group info from AD
ad_op = ADOperations(multihost.ad[0])
group_info = ad_op.get_group_info(ad_group)
# Get group info from local cache ldb
group_ldb_info = client.dump_ldb(ad_group, ad_realm.lower())
# Compute group gid
g_gid, _ = ADOperations.compute_id_mapping(
group_info['objectSid'], 0,
range_min=RANGE_MIN, range_size=RANGE_SIZE, range_max=RANGE_MAX)
group_info['gidnumber_'] = str(g_gid)
client.restore_sssd_conf()
client.clear_sssd_cache()
# Evaluate test results
assert group_info['Name'] in getent_groupinfo['name']
assert group_info['gidnumber_'] == getent_groupinfo['gid']
assert getent_groupinfo['users'].split("@")[0] in group_info['member']
assert group_info['Name'] in group_ldb_info['name']
assert group_info['gidnumber_'] == group_ldb_info['gidNumber']
assert group_info['objectSid'] == group_ldb_info['objectSIDString']
assert group_ldb_info['orig_member'] in group_info['member']