From 57ab2b3978bc668f769e48b5029b2fc6f1986d65 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Thu, 11 May 2023 15:52:08 +0530 Subject: [PATCH] Test: Check case-insensitive while checking with group lookup for a overrideuser Added automation for following bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2192708 https://bugzilla.redhat.com/show_bug.cgi?id=2196838 https://bugzilla.redhat.com/show_bug.cgi?id=2196816 https://bugzilla.redhat.com/show_bug.cgi?id=2196839 verify: #6721 Signed-off-by: Madhuri Upadhye --- src/tests/multihost/ipa/test_adtrust.py | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 49607e8e9b4..8900df1dd92 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -856,3 +856,65 @@ def test_ldap_user_extra_attrs(multihost, create_aduser_group): assert check_id.returncode == 0, f'{aduser} id is not successful' assert f"{aduser}@{domain}" in check_id.stdout_text, "User name was not resolved." assert f"{adgroup}@{domain}" in check_id.stdout_text, "Group name was not resolved." + + @staticmethod + def test_s2n_get_request(multihost): + """ + :title: User lookup on IPA client fails with 's2n get_fqlist request failed' + :id: fae73dd7-5a18-4aa4-a39f-a20a2f66b1c9 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2192708 + https://bugzilla.redhat.com/show_bug.cgi?id=2196838 + https://bugzilla.redhat.com/show_bug.cgi?id=2196816 + https://bugzilla.redhat.com/show_bug.cgi?id=2196839 + :description: When checking if the input group-name of an autogenerated + user-private-group is the original name from AD or an overwritten one the + comparison is currently done case sensitive. + Since AD handles names case-insensitive and hence SSSD should do this as + well to make sure that e.g. mixed-case names like Administrator can be + match reliable. + :setup: + 1. Add an Administrator user override to the 'default trust view' with sshpubkey. + :steps: + 1. Check group lookup for Administrator user using mixed chars upper/lower cases. + :expectedresults: + 1. Successfully group lookup the administrator user using mixed chars cases. + """ + domain = multihost.ad[0].domainname + + ipa_client = sssdTools(multihost.client[0]) + ipa_master = sssdTools(multihost.master[0]) + + ssh_key = f"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiOfcg3WRL6z+6XWSAw4mT7q7aE7rj1KmhaM6U5" \ + f"fmbN5QnEfCAMp8qbSbBLsjY0F501ZNpcAgeefDv3oNYL62sfac8OzWf5eXZlKJQYYILi8dv8i8HoJ" \ + f"BT9+n81Y5w1UVbmRNX9n2lqqxdfhiL2iIsbzJ1KGmIw6JlmbeRtcgGRQzt0M+Ggftl6Kr97obEWo1" \ + f"l9E5QWvkliecPXWJVTBUpM+Gr2CWhqLtNf5VALjYilX3jfC2355hIR8R8UsnkbWbjNksj7nruUQP9" \ + f"goHcbJ6vbyzka3v/2aRC5eIa7b8NE8vwRbrtp5CV9QNbx/GiTY6T50CJE0lyEwmlLHKUmovt " \ + f"Administrator@{domain}" + + # Add override user with ssh pub key + add_user_override = f"ipa idoverrideuser-add 'Default Trust View' Administrator@{domain} " \ + f"--sshpubkey='{ssh_key}'" + multihost.master[0].run_command(add_user_override, raiseonerr=False) + + ipa_master.clear_sssd_cache() + ipa_client.clear_sssd_cache() + time.sleep(5) + + # check lookup of group + group_lookup1 = f'getent group administrator@{domain}' + check_gr_lookup1 = multihost.client[0].run_command(group_lookup1, raiseonerr=False) + + group_lookup2 = f'getent group adMiniStraTor@{domain}' + check_gr_lookup2 = multihost.client[0].run_command(group_lookup2, raiseonerr=False) + + # Delete an Administrator User ID override + cmd_to_delete = f"ipa idoverrideuser-del 'default trust view' administrator@{domain}" + multihost.master[0].run_command(cmd_to_delete, raiseonerr=False) + + # Test result Evaluations + assert check_gr_lookup1.returncode == 0 and check_gr_lookup2.returncode == 0, \ + f"group lookup was not resolved." + assert f"administrator@{domain}" in check_gr_lookup1.stdout_text, "Group name was not resolved." + assert f"administrator@{domain}" in check_gr_lookup2.stdout_text, "Group name was not resolved."