From 90eef2f84d3ad61894a1656c529000072e6cb036 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf Date: Apr 03 2020 09:49:05 +0000 Subject: ipatests:Test if proper error thrown when AD user tries to run IPA commands Before fix the error used to implies that the ipa setup is broken. Fix is to throw the proper error. This test is to check that the error with 'Invalid credentials' thrown when AD user tries to run IPA commands. related: https://pagure.io/freeipa/issue/8163 Signed-off-by: Mohammad Rizwan Yusuf Reviewed-By: Alexander Bokovoy Reviewed-By: Alexander Bokovoy --- diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index a81fbe3..0f31927 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -127,6 +127,28 @@ class TestTrust(BaseTestTrust): assert re.search( testuser_regex, result.stdout_text), result.stdout_text + def test_ipa_commands_run_as_aduser(self): + """Test if proper error thrown when AD user tries to run IPA commands + + Before fix the error used to implies that the ipa setup is broken. + Fix is to throw the proper error. This test is to check that the + error with 'Invalid credentials' thrown when AD user tries to run + IPA commands. + + related: https://pagure.io/freeipa/issue/8163 + """ + tasks.kdestroy_all(self.master) + ad_admin = 'Administrator@%s' % self.ad_domain + tasks.kinit_as_user(self.master, ad_admin, + self.master.config.ad_admin_password) + err_string = ('ipa: ERROR: Insufficient access: SASL(-14):' + ' authorization failure: Invalid credentials') + result = self.master.run_command(['ipa', 'ping'], raiseonerr=False) + assert err_string in result.stderr_text + + tasks.kdestroy_all(self.master) + tasks.kinit_admin(self.master) + def test_ipauser_authentication_with_nonposix_trust(self): ipauser = u'tuser' original_passwd = 'Secret123'