From 6b0f8f3617378da41ead8640e194e5b9415a38b1 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Jun 08 2020 19:58:26 +0000 Subject: ipatests: test that adding Active Directory user to a role makes it an administrator Fixes: https://pagure.io/freeipa/issue/8357 Signed-off-by: Alexander Bokovoy Reviewed-By: Rob Crittenden Reviewed-By: Rob Crittenden --- diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index 0f31927..a6a055c 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -149,6 +149,32 @@ class TestTrust(BaseTestTrust): tasks.kdestroy_all(self.master) tasks.kinit_admin(self.master) + def test_ipa_management_run_as_aduser(self): + """Test if adding AD user to a role makes it an administrator""" + ipauser = u'tuser' + ad_admin = 'Administrator@%s' % self.ad_domain + + tasks.kdestroy_all(self.master) + tasks.kinit_admin(self.master) + self.master.run_command(['ipa', 'idoverrideuser-add', + 'Default Trust View', ad_admin]) + + self.master.run_command(['ipa', 'role-add-member', + 'User Administrator', + '--idoverrideusers', ad_admin]) + tasks.kdestroy_all(self.master) + tasks.kinit_as_user(self.master, ad_admin, + self.master.config.ad_admin_password) + # Create a user in IPA as Active Directory administrator + self.test_ipauser_authentication_with_nonposix_trust() + + tasks.kdestroy_all(self.master) + tasks.kinit_as_user(self.master, ad_admin, + self.master.config.ad_admin_password) + self.master.run_command(['ipa', 'user-del', ipauser], raiseonerr=False) + tasks.kdestroy_all(self.master) + tasks.kinit_admin(self.master) + def test_ipauser_authentication_with_nonposix_trust(self): ipauser = u'tuser' original_passwd = 'Secret123'