예제 #1
0
    def test_0004_ad_schema_idmapping_false_group(multihost, prepare_users):
        """
        :title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
         idmapping is set to False for a group
        :id: b1856f79-cbf8-4dd5-a1bd-a3761c1a4432
        :setup:
          1. Configure ldap_idmap_range_size, ldap_id_mapping=False clear
          cache and restart sssd.
        :steps:
          1. Gather group information using getent group.
          2. Gather group information directly from AD (powershell).
          3. Gather group information from cache ldb.
          4. Compare gathered data and make sure that it is consistent.
        :expectedresults:
          1. Group is found.
          2. Data is collected.
          3. Data is collected.
          4. The content of data is consistent across the sources.
        :customerscenario: False
        """
        ad_realm = multihost.ad[0].domainname.upper()
        client = sssdTools(multihost.client[0], multihost.ad[0])

        # Backup the config because with broken config we can't leave ad
        client.backup_sssd_conf()

        # Configure sssd to ad_domain = junk
        multihost.client[0].service_sssd('stop')
        dom_section = f'domain/{client.get_domain_section_name()}'
        sssd_params = {
            'ldap_id_mapping': 'False',
            'debug_level': '9',
            'id_provider': 'ad',
            'ad_domain': multihost.ad[0].domainname.lower(),
            'ad_server': multihost.ad[0].hostname,
            'ldap_idmap_range_size': RANGE_SIZE,
        }
        client.sssd_conf(dom_section, sssd_params)
        client.clear_sssd_cache()

        # Get the posix group name from the fixture
        _, _, _, ad_group = prepare_users

        # Get info from getent
        getent_groupinfo = client.get_getent_group(f"{ad_group}@{ad_realm}")

        # Get group info from AD
        ad_op = ADOperations(multihost.ad[0])
        group_info = ad_op.get_group_info(ad_group)

        # Get group info from local cache ldb
        group_ldb_info = client.dump_ldb(ad_group, ad_realm.lower())

        client.restore_sssd_conf()
        client.clear_sssd_cache()

        # Evaluate test results
        assert group_info['Name'] in getent_groupinfo['name']
        assert group_info['gidNumber'] == getent_groupinfo['gid']
        assert getent_groupinfo['users'].split("@")[0] in group_info['member']

        assert group_info['Name'] in group_ldb_info['name']
        assert group_info['gidNumber'] == group_ldb_info['gidNumber']
        assert group_info['objectSid'] == group_ldb_info['objectSIDString']
        assert group_ldb_info['orig_member'] in group_info['member']
        assert group_info['uSNChanged'] == group_ldb_info['entryUSN']
예제 #2
0
    def test_0002_ad_schema_idmapping_true_group(multihost, prepare_users):
        """test_0002_ad_schema_idmapping_true_group

        :title: IDM-SSSD-TC: ad_provider: ad_schema: Compare with sysdb when
         idmapping is set to True for a group
        :id: 777bb5e3-6da5-495f-9098-754e483fa010
        :setup:
          1. Configure ldap_idmap_range_size, ldap_id_mapping=True clear
         cache and restart sssd.
        :steps:
          1. Gather group information using getent group.
          2. Gather group information directly from AD (powershell).
          3. Gather group information from cache ldb.
          4. Compute the gid for the group and compare with getent output.
          5. Compare gathered data and make sure that it is consistent.
        :expectedresults:
          1. Group is found.
          2. Data is collected.
          3. Data is collected.
          4. Computed gid is matching with the one from getent.
          5. The content of data is consistent across the sources.
        :customerscenario: False
        """
        ad_realm = multihost.ad[0].domainname.upper()

        # Configure sssd
        multihost.client[0].service_sssd('stop')
        client = sssdTools(multihost.client[0], multihost.ad[0])
        client.backup_sssd_conf()
        dom_section = f'domain/{client.get_domain_section_name()}'
        sssd_params = {
            'ldap_id_mapping': 'True',
            'debug_level': '9',
            'id_provider': 'ad',
            'ad_domain': multihost.ad[0].domainname.lower(),
            'ad_server': multihost.ad[0].hostname,
            'ldap_idmap_range_size':  RANGE_SIZE,
        }
        client.sssd_conf(dom_section, sssd_params)
        client.clear_sssd_cache()

        # Get the non-posix group name from the fixture
        _, ad_group, _, _ = prepare_users

        # Get info from getent
        getent_groupinfo = client.get_getent_group(f"{ad_group}@{ad_realm}")

        # Get group info from AD
        ad_op = ADOperations(multihost.ad[0])
        group_info = ad_op.get_group_info(ad_group)

        # Get group info from local cache ldb
        group_ldb_info = client.dump_ldb(ad_group, ad_realm.lower())

        # Compute group gid
        g_gid, _ = ADOperations.compute_id_mapping(
            group_info['objectSid'], 0,
            range_min=RANGE_MIN, range_size=RANGE_SIZE, range_max=RANGE_MAX)
        group_info['gidnumber_'] = str(g_gid)

        client.restore_sssd_conf()
        client.clear_sssd_cache()

        # Evaluate test results
        assert group_info['Name'] in getent_groupinfo['name']
        assert group_info['gidnumber_'] == getent_groupinfo['gid']
        assert getent_groupinfo['users'].split("@")[0] in group_info['member']

        assert group_info['Name'] in group_ldb_info['name']
        assert group_info['gidnumber_'] == group_ldb_info['gidNumber']
        assert group_info['objectSid'] == group_ldb_info['objectSIDString']
        assert group_ldb_info['orig_member'] in group_info['member']