Exemplo n.º 1
0
    def test_ipahealthcheck_hidden_replica(self):
        """Ensure that ipa-healthcheck runs successfully on all members
        of an IPA cluster that includes a hidden replica.
        """
        os_version = (tasks.get_platform(self.master),
                      tasks.get_platform_version(self.master))
        pki_version = tasks.get_pki_version(self.master)

        # verify state
        self._check_config([self.master], [self.replicas[0]])
        # A DNA range is needed on the replica for ipa-healthcheck to work.
        # Create a user so that the replica gets a range.
        tasks.user_add(self.replicas[0], 'testuser')
        tasks.user_del(self.replicas[0], 'testuser')
        for srv in (self.master, self.replicas[0]):
            returncode, _unused = run_healthcheck(srv, failures_only=True)
            pki_too_old = \
                (os_version[0] == 'fedora'
                    and pki_version < tasks.parse_version('11.1.0'))\
                or (os_version[0] == 'rhel'
                    and os_version[1][0] == 8
                    and pki_version < tasks.parse_version('10.12.0'))\
                or (os_version[0] == 'rhel'
                    and os_version[1][0] == 9
                    and pki_version < tasks.parse_version('11.0.4'))
            with xfail_context(pki_too_old,
                               'https://pagure.io/freeipa/issue/8582'):
                assert returncode == 0
Exemplo n.º 2
0
    def test_override_gid_subdomain(self):
        """Test that override_gid is working for subdomain

        This is a regression test for sssd bug:
        https://pagure.io/SSSD/sssd/issue/4061
        """
        tasks.clear_sssd_cache(self.master)
        user = self.users['child_ad']['name']
        gid = 10264
        # verify the user can be retrieved initially
        self.master.run_command(['id', user])
        with self.override_gid_setup(gid):
            test_gid = self.master.run_command(['id', user])
            sssd_version = tasks.get_sssd_version(self.master)
            with xfail_context(sssd_version < tasks.parse_version('2.3.0'),
                               'https://pagure.io/SSSD/sssd/issue/4061'):
                assert 'gid={id}'.format(id=gid) in test_gid.stdout_text
Exemplo n.º 3
0
    def test_trustdomain_disable_disables_subdomain(self):
        """Test that users from disabled trustdomains can not use ipa resources

        This is a regression test for sssd bug:
        https://pagure.io/SSSD/sssd/issue/4078
        """
        user = self.users['child_ad']['name']
        # verify the user can be retrieved initially
        self.master.run_command(['id', user])
        with self.disabled_trustdomain():
            res = self.master.run_command(['id', user], raiseonerr=False)
            sssd_version = tasks.get_sssd_version(self.master)
            with xfail_context(sssd_version < tasks.parse_version('2.2.3'),
                               'https://pagure.io/SSSD/sssd/issue/4078'):
                assert res.returncode == 1
                assert 'no such user' in res.stderr_text
        # verify the user can be retrieved after re-enabling trustdomain
        self.master.run_command(['id', user])
Exemplo n.º 4
0
    def test_aduser_with_idview(self):
        """Test that trusted AD users should not lose their AD domains.

        This is a regression test for sssd bug:
        https://pagure.io/SSSD/sssd/issue/4173
        1. Override AD user's UID, GID by adding it in ID view on IPA server.
        2. Stop the SSSD, and clear SSSD cache and restart SSSD on a IPA client
        3. getent with UID from ID view should return AD domain
        after default memcache_timeout.
        """
        client = self.clients[0]
        user = self.users['ad']['name']
        idview = 'testview'

        def verify_retrieved_users_domain():
            # Wait for the record to expire in SSSD's cache
            # (memcache_timeout default value is 300s).
            test_user = ['su', user, '-c', 'sleep 360; getent passwd 10001']
            result = client.run_command(test_user)
            assert user in result.stdout_text

        # verify the user can be retrieved initially
        tasks.clear_sssd_cache(self.master)
        self.master.run_command(['id', user])
        self.master.run_command(['ipa', 'idview-add', idview])
        self.master.run_command(['ipa', 'idoverrideuser-add', idview, user])
        self.master.run_command([
            'ipa', 'idview-apply', idview,
            '--hosts={0}'.format(client.hostname)
        ])
        self.master.run_command([
            'ipa', 'idoverrideuser-mod', idview, user, '--uid=10001',
            '--gid=10000'
        ])
        try:
            clear_sssd_cache(client)
            sssd_version = tasks.get_sssd_version(client)
            with xfail_context(sssd_version < tasks.parse_version('2.3.0'),
                               'https://pagure.io/SSSD/sssd/issue/4173'):
                verify_retrieved_users_domain()
        finally:
            self.master.run_command(['ipa', 'idview-del', idview])