def test_0001_ad_schema_idmapping_true_user(multihost, prepare_users): """test_0001_ad_schema_idmapping_true_user :title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when idmapping is set to True for an user :id: fb75a597-7567-48c2-a786-74c6b4eeab37 :setup: 1. Configure ldap_idmap_range_size, ldap_id_mapping=True clear cache and restart sssd. :steps: 1. Gather user information using getent passwd and run id command. 2. Gather user information directly from AD (powershell). 3. Gather user information from cache ldb. 4. Compute user uid, gid. 5. Compare gathered data and make sure that it is consistent. :expectedresults: 1. User is found. 2. Data is collected. 3. Data is collected. 4. Computed user uid, gid are matching the ones from getent. 5. The content of data is consistent across the sources. :customerscenario: False """ ad_realm = multihost.ad[0].domainname.upper() # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() dom_section = f'domain/{client.get_domain_section_name()}' sssd_params = { 'ldap_id_mapping': 'True', 'debug_level': '9', 'id_provider': 'ad', 'ad_domain': multihost.ad[0].domainname.lower(), 'ad_server': multihost.ad[0].hostname, 'ldap_idmap_range_size': RANGE_SIZE, } client.sssd_conf(dom_section, sssd_params) client.clear_sssd_cache() # Get the non-posix user name from the fixture ad_user, _, _, _ = prepare_users # Gather the info about user from getent passwd getent_info = client.get_getent_passwd(f"{ad_user}@{ad_realm}") multihost.client[0].run_command( f'id {ad_user}@{ad_realm}', raiseonerr=False) ldb_info = client.dump_ldb(ad_user, ad_realm.lower()) ad_op = ADOperations(multihost.ad[0]) ad_info = ad_op.get_user_info(ad_user) uid, gid = ADOperations.compute_id_mapping( ad_info['objectSid'], int(ad_info['primaryGroupID']), range_min=RANGE_MIN, range_size=RANGE_SIZE, range_max=RANGE_MAX) ad_info['uidnumber_'], ad_info['gidnumber_'] = str(uid), str(gid) client.restore_sssd_conf() client.clear_sssd_cache() # Evaluate test results assert ad_info['Name'] in getent_info['name'] assert getent_info['uid'] == ad_info['uidnumber_'] assert getent_info['gid'] == ad_info['gidnumber_'] assert getent_info['gecos'] == ad_info['gecos'] assert ad_info['Name'] == ldb_info['fullName'] assert ad_info['SamAccountName'] in ldb_info['name'] assert ad_info['uidnumber_'] == ldb_info['uidNumber'] assert ad_info['gidnumber_'] == ldb_info['gidNumber'] assert ad_info['gecos'] == ldb_info['gecos'] assert ldb_info['originalMemberOf'] in ad_info['MemberOf'] assert ad_info['userAccountControl'] == \ ldb_info['adUserAccountControl'] assert ad_info['objectSid'] == ldb_info['objectSIDString']
def test_0002_ad_schema_idmapping_true_group(multihost, prepare_users): """test_0002_ad_schema_idmapping_true_group :title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when idmapping is set to True for a group :id: 777bb5e3-6da5-495f-9098-754e483fa010 :setup: 1. Configure ldap_idmap_range_size, ldap_id_mapping=True clear cache and restart sssd. :steps: 1. Gather group information using getent group. 2. Gather group information directly from AD (powershell). 3. Gather group information from cache ldb. 4. Compute the gid for the group and compare with getent output. 5. Compare gathered data and make sure that it is consistent. :expectedresults: 1. Group is found. 2. Data is collected. 3. Data is collected. 4. Computed gid is matching with the one from getent. 5. The content of data is consistent across the sources. :customerscenario: False """ ad_realm = multihost.ad[0].domainname.upper() # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() dom_section = f'domain/{client.get_domain_section_name()}' sssd_params = { 'ldap_id_mapping': 'True', 'debug_level': '9', 'id_provider': 'ad', 'ad_domain': multihost.ad[0].domainname.lower(), 'ad_server': multihost.ad[0].hostname, 'ldap_idmap_range_size': RANGE_SIZE, } client.sssd_conf(dom_section, sssd_params) client.clear_sssd_cache() # Get the non-posix group name from the fixture _, ad_group, _, _ = prepare_users # Get info from getent getent_groupinfo = client.get_getent_group(f"{ad_group}@{ad_realm}") # Get group info from AD ad_op = ADOperations(multihost.ad[0]) group_info = ad_op.get_group_info(ad_group) # Get group info from local cache ldb group_ldb_info = client.dump_ldb(ad_group, ad_realm.lower()) # Compute group gid g_gid, _ = ADOperations.compute_id_mapping( group_info['objectSid'], 0, range_min=RANGE_MIN, range_size=RANGE_SIZE, range_max=RANGE_MAX) group_info['gidnumber_'] = str(g_gid) client.restore_sssd_conf() client.clear_sssd_cache() # Evaluate test results assert group_info['Name'] in getent_groupinfo['name'] assert group_info['gidnumber_'] == getent_groupinfo['gid'] assert getent_groupinfo['users'].split("@")[0] in group_info['member'] assert group_info['Name'] in group_ldb_info['name'] assert group_info['gidnumber_'] == group_ldb_info['gidNumber'] assert group_info['objectSid'] == group_ldb_info['objectSIDString'] assert group_ldb_info['orig_member'] in group_info['member']