3979c73861
- Resolves: RHEL-53500 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52306 Unconditionally add MS-PAC to global config - Resolves: RHEL-52300 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" - Resolves: RHEL-52222 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51944 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50804 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49602 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
117 lines
4.7 KiB
Diff
117 lines
4.7 KiB
Diff
From ee96c129a6034d02245a41c58fa3398c12c9ee75 Mon Sep 17 00:00:00 2001
|
|
From: Mohammad Rizwan <myusuf@redhat.com>
|
|
Date: Thu, 11 Jul 2024 18:14:52 +0530
|
|
Subject: [PATCH] ipatests: Verify that SIDgen task continue even if it fails
|
|
to assign sid
|
|
|
|
related: https://pagure.io/freeipa/issue/9618
|
|
|
|
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
---
|
|
ipatests/test_integration/test_commands.py | 73 +++++++++++++++++++++-
|
|
1 file changed, 71 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
|
|
index f6f1c979a751a300f09358c044fbfb34539d188e..fd34defe5b12f06ed7c16350cb90933ce9bcd72e 100644
|
|
--- a/ipatests/test_integration/test_commands.py
|
|
+++ b/ipatests/test_integration/test_commands.py
|
|
@@ -1267,7 +1267,7 @@ class TestIPACommand(IntegrationTest):
|
|
|
|
def get_dirsrv_id(self):
|
|
serverid = realm_to_serverid(self.master.domain.realm)
|
|
- return("dirsrv@%s.service" % serverid)
|
|
+ return ("dirsrv@%s.service" % serverid)
|
|
|
|
def test_ipa_nis_manage_enable(self):
|
|
"""
|
|
@@ -1769,7 +1769,7 @@ class TestIPACommandWithoutReplica(IntegrationTest):
|
|
api.bootstrap_with_global_options(context='server')
|
|
api.finalize()
|
|
api.Backend.ldap2.connect()
|
|
-
|
|
+
|
|
api.Command["group_add"]("testgroup1", external=True)
|
|
api.Command["group_add"]("testgroup2", external=False)
|
|
result1 = api.Command["group_show"]("testgroup1", all=True)["result"] # noqa: E501
|
|
@@ -1814,6 +1814,75 @@ class TestIPACommandWithoutReplica(IntegrationTest):
|
|
'/tmp/reproducer2_code.py'])
|
|
assert "missing attribute" not in result.stdout_text
|
|
|
|
+ def test_sidgen_task_continue_on_error(self):
|
|
+ """Verify that SIDgen task continue even if it fails to assign sid
|
|
+ scenario:
|
|
+ - add a user with no uid (it will be auto-assigned inside
|
|
+ the range)
|
|
+ - add a user with uid 2000
|
|
+ - add a user with no uid (it will be auto-assigned inside
|
|
+ the range)
|
|
+ - edit the first and 3rd users, remove the objectclass
|
|
+ ipaNTUserAttrs and the attribute ipaNTSecurityIdentifier
|
|
+ - run the sidgen task
|
|
+ - verify that user1 and user3 have a ipaNTSecurityIdentifier
|
|
+ - verify that old error message is not seen in dirsrv error log
|
|
+ - verify that new error message is seen in dirsrv error log
|
|
+
|
|
+ related: https://pagure.io/freeipa/issue/9618
|
|
+ """
|
|
+ test_user1 = 'test_user1'
|
|
+ test_user2 = 'test_user2'
|
|
+ test_user2000 = 'test_user2000'
|
|
+ base_dn = str(self.master.domain.basedn)
|
|
+ old_err_msg = 'Cannot add SID to existing entry'
|
|
+ new_err_msg = r'Finished with [0-9]+ failures, please check the log'
|
|
+
|
|
+ tasks.kinit_admin(self.master)
|
|
+ tasks.user_add(self.master, test_user1)
|
|
+ self.master.run_command(
|
|
+ ['ipa', 'user-add', test_user2000,
|
|
+ '--first', 'test', '--last', 'user',
|
|
+ '--uid', '2000']
|
|
+ )
|
|
+ tasks.user_add(self.master, test_user2)
|
|
+
|
|
+ for user in (test_user1, test_user2):
|
|
+ entry_ldif = textwrap.dedent("""
|
|
+ dn: uid={user},cn=users,cn=accounts,{base_dn}
|
|
+ changetype: modify
|
|
+ delete: ipaNTSecurityIdentifier
|
|
+ -
|
|
+ delete: objectclass
|
|
+ objectclass: ipaNTUserAttrs
|
|
+ """).format(
|
|
+ user=user,
|
|
+ base_dn=base_dn)
|
|
+ tasks.ldapmodify_dm(self.master, entry_ldif)
|
|
+
|
|
+ # run sidgen task
|
|
+ self.master.run_command(
|
|
+ ['ipa', 'config-mod', '--add-sids', '--enable-sid']
|
|
+ )
|
|
+
|
|
+ # ensure that sidgen have added the attr removed above
|
|
+ for user in (test_user1, test_user2):
|
|
+ result = tasks.ldapsearch_dm(
|
|
+ self.master,
|
|
+ 'uid={user},cn=users,cn=accounts,{base_dn}'.format(
|
|
+ user=user, base_dn=base_dn),
|
|
+ ['ipaNTSecurityIdentifier']
|
|
+ )
|
|
+ assert 'ipaNTSecurityIdentifier' in result.stdout_text
|
|
+
|
|
+ dashed_domain = self.master.domain.realm.replace(".", '-')
|
|
+ dirsrv_error_log = self.master.get_file_contents(
|
|
+ paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % (dashed_domain),
|
|
+ encoding='utf-8'
|
|
+ )
|
|
+ assert old_err_msg not in dirsrv_error_log
|
|
+ assert re.search(new_err_msg, dirsrv_error_log)
|
|
+
|
|
|
|
class TestIPAautomount(IntegrationTest):
|
|
@classmethod
|
|
--
|
|
2.45.2
|
|
|