From 22f07e5131ae31839178fba9523e5bbdca0c6cbb Mon Sep 17 00:00:00 2001 From: lisa Date: Tue, 6 Feb 2024 22:21:54 -0500 Subject: [PATCH] Convert multihost/ad/test_idmap to test_identity --- src/tests/multihost/ad/test_idmap.py | 1 + src/tests/system/tests/test_identity.py | 51 ++++++++++++++++++++++++- 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/ad/test_idmap.py b/src/tests/multihost/ad/test_idmap.py index 5ba6da80325..88212384b7b 100644 --- a/src/tests/multihost/ad/test_idmap.py +++ b/src/tests/multihost/ad/test_idmap.py @@ -20,6 +20,7 @@ class Testidmap(object): 2. Create a non-POSIX user and a non-POSIX group 3. Create a user and a group with posix attributes """ + @pytest.mark.converted('test_identity.py', 'test_identity__lookup_idmapping_of_posix_and_non_posix_user_and_group') @staticmethod def test_001_idmap_disable(multihost): """ diff --git a/src/tests/system/tests/test_identity.py b/src/tests/system/tests/test_identity.py index 40b6d6cd251..bb5986dc2f3 100644 --- a/src/tests/system/tests/test_identity.py +++ b/src/tests/system/tests/test_identity.py @@ -8,7 +8,7 @@ import pytest from sssd_test_framework.roles.client import Client -from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.generic import GenericProvider, GenericADProvider from sssd_test_framework.topology import KnownTopologyGroup @@ -496,3 +496,52 @@ def test_identity__lookup_users_fully_qualified_name_and_case_insensitive(client result = client.tools.id(name) assert result is not None, f"User {name} was not found using id" assert result.memberof([103, 1003]), f"User {name} is member of wrong groups" + + +@pytest.mark.importance("critical") +@pytest.mark.authentication +@pytest.mark.topology(KnownTopologyGroup.AnyAD) +def test_identity__lookup_idmapping_of_posix_and_non_posix_user_and_group(client: Client, provider: GenericADProvider): + """ + :title: Check ID mapping of POSIX and non POSIX users in AD type directories when ldap_id_mapping is false + :setup: + 1. Create user with POSIX attriubtes + 2. Create group with POSIX attributes + 3. Create user with no POSIX attributes + 4. Create group with no POSIX attributes + 5. Configure SSSD with "ldap_id_mapping" = false + 6. Start SSSD + :steps: + 1. Query POSIX group information + 2. Query POSIX user information + 3. Query Non-POSIX group information + 4. Query Non-POSIX user information + :expectedresults: + 1. POSIX group information should be returned and + gid matches the one supplied in creation + 2. POSIX user information should be returned and + uid matches the one supplied in creation + 3. Non-POSIX group information should not be returned + 4. Non-POSIX user information should not be returned + :customerscenario: False + """ + + u1 = provider.user("posix_user").add(uid=10001, gid=20001, password="Secret123", + gecos='User for tests', + shell='/bin/bash') + provider.group("posix_group").add(gid=20001).add_member(u1) + + u2 = provider.user("nonposix_user").add(password="Secret123") + provider.group("nonposix_group").add().add_member(u2) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.getent.group("posix_group") is not None, 'posix-group is not returned by sssd' + assert client.tools.id("posix_user").group.id == 20001, 'gid returned not matched the one provided' + + assert client.tools.getent.passwd("posix_user") is not None, 'posix-user is not returned by sssd' + assert client.tools.id("posix_user").user.id == 10001, 'uid returned not matched the one provided' + + assert client.tools.getent.group("nonposix_group") is None, 'non-posix group is returned by sssd, it should not be' + assert client.tools.getent.passwd("nonposix_user") is None, 'non-posix user is returned by sssd, it should not be'