6c2a5fa538
- Resolves: RHEL-49452 Include latest fixes in python3-ipatests packages - Resolves: RHEL-49433 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases - Resolves: RHEL-49432 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-49413 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-47157 ipa-migrate -V options fails to display version - Resolves: RHEL-47148 Pagure #9629: Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-40892 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
75 lines
2.9 KiB
Diff
75 lines
2.9 KiB
Diff
From 8b703150a47bf509f37856bdc27cfa99e85e5e6b Mon Sep 17 00:00:00 2001
|
|
From: Anuja More <amore@redhat.com>
|
|
Date: Mon, 24 Jun 2024 13:48:24 +0530
|
|
Subject: [PATCH] ipatests: Test replica installation using AD admin.
|
|
|
|
Test to verify that replica connection check is not failing when
|
|
the AD administrator Administrator@AD.EXAMPLE.COM is
|
|
used for the deployment or promotion of a replica
|
|
|
|
Related: https://pagure.io/freeipa/issue/9542
|
|
|
|
Signed-off-by: Anuja More <amore@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
---
|
|
.../test_replica_promotion.py | 46 +++++++++++++++++++
|
|
1 files changed, 46 insertions(+)
|
|
|
|
diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
|
|
index 7ef44c571c8a4106577d27f4712f661be873dacc..c754cef88cb275987f5afdaad43f2ea07e3b7476 100644
|
|
--- a/ipatests/test_integration/test_replica_promotion.py
|
|
+++ b/ipatests/test_integration/test_replica_promotion.py
|
|
@@ -1318,3 +1318,49 @@ class TestHiddenReplicaKRA(IntegrationTest):
|
|
self.replicas[0].hostname, '--state=hidden'
|
|
])
|
|
assert result.returncode == 0
|
|
+
|
|
+
|
|
+class TestReplicaConn(IntegrationTest):
|
|
+ num_replicas = 1
|
|
+ num_ad_domains = 1
|
|
+
|
|
+ @classmethod
|
|
+ def install(cls, mh):
|
|
+ cls.replica = cls.replicas[0]
|
|
+ cls.ad = cls.ads[0]
|
|
+ ad_domain = cls.ad.domain.name
|
|
+ cls.ad_admin = 'Administrator@{}'.format(ad_domain.upper())
|
|
+ cls.adview = 'Default Trust View'
|
|
+ tasks.install_master(cls.master, setup_adtrust=True)
|
|
+ tasks.configure_dns_for_trust(cls.master, cls.ad)
|
|
+ tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
|
|
+ tasks.install_client(cls.master, cls.replica)
|
|
+
|
|
+ def test_replica_conncheck_ad_admin(self):
|
|
+ """
|
|
+ Test to verify that replica installation is not failing for
|
|
+ replica connection check when AD administrator
|
|
+ Administrator@AD.EXAMPLE.COM is used for the deployment
|
|
+ or promotion of a replica.
|
|
+
|
|
+ Related : https://pagure.io/freeipa/issue/9542
|
|
+ """
|
|
+ self.master.run_command(
|
|
+ ['ipa', 'idoverrideuser-add', self.adview, self.ad_admin]
|
|
+ )
|
|
+ self.master.run_command(
|
|
+ ["ipa", "group-add-member", "admins", "--idoverrideusers",
|
|
+ self.ad_admin]
|
|
+ )
|
|
+ tasks.clear_sssd_cache(self.master)
|
|
+
|
|
+ self.replica.run_command(
|
|
+ ["ipa-replica-install", "--setup-ca", "-U", "--ip-address",
|
|
+ self.replica.ip, "--realm", self.replica.domain.realm,
|
|
+ "--domain", self.replica.domain.name,
|
|
+ "--principal={0}".format(self.ad_admin),
|
|
+ "--password", self.master.config.ad_admin_password]
|
|
+ )
|
|
+ logs = self.replica.get_file_contents(paths.IPAREPLICA_CONNCHECK_LOG)
|
|
+ error = "not allowed to perform server connection check"
|
|
+ assert error.encode() not in logs
|
|
--
|
|
2.45.2
|
|
|