From 1f22ae50be0268b7bb19ccb3f2f9cc832cd9f7c5 Mon Sep 17 00:00:00 2001 From: Sergio Oliveira Campos Date: Jun 08 2020 18:37:51 +0000 Subject: Add test for sssd ad trust lookup with dn in certmaprule Related to https://pagure.io/SSSD/sssd/issue/3721 Signed-off-by: Sergio Oliveira Campos Reviewed-By: Sumit Bose Reviewed-By: Alexander Bokovoy Reviewed-By: Florence Blanc-Renaud Reviewed-By: Anuja More --- diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index 08b91c3..a39884b 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -406,6 +406,42 @@ class TestSSSDWithAdTrust(IntegrationTest): # verify the user can be retrieved after re-enabling trustdomain self.master.run_command(['id', user]) + @pytest.mark.xfail( + osinfo.id == 'fedora' and osinfo.version_number <= (31,), + reason='https://pagure.io/SSSD/sssd/issue/3721', + ) + def test_subdomain_lookup_with_certmaprule_containing_dn(self): + """DN names on certmaprules should not break AD Trust lookups. + + Regression test for https://pagure.io/SSSD/sssd/issue/3721 + """ + tasks.kinit_admin(self.master) + + # verify the user can be retrieved initially + first_res = self.master.run_command(['id', self.users['ad']['name']]) + + cert_cn = 'CN=adca' + cert_dcs = 'DC=' + ',DC='.join(self.ad.domain.name.split('.')) + cert_subject = cert_cn + ',' + cert_dcs + + self.master.run_command([ + 'ipa', + 'certmaprule-add', + "'{}'".format(cert_subject), + "--maprule='(userCertificate;binary={cert!bin})'", + "--matchrule='{}'".format(cert_subject), + "--domain={}".format(self.master.domain.name) + ]) + tasks.clear_sssd_cache(self.master) + + # verify the user can be retrieved after the certmaprule is added + second_res = self.master.run_command(['id', self.users['ad']['name']]) + + assert first_res.stdout_text == second_res.stdout_text + verify_in_stdout = ['gid', 'uid', 'groups', self.users['ad']['name']] + for text in verify_in_stdout: + assert text in second_res.stdout_text + class TestNestedMembers(IntegrationTest): num_clients = 1