From ccc12b68ba1da30c609c724a38b7e2fba4ee573c Mon Sep 17 00:00:00 2001
From: Patrik Rosecky <prosecky@redhat.com>
Date: Thu, 21 Sep 2023 12:42:45 +0200
Subject: [PATCH] Tests:alltests/test_rfc2307.py converted to test_ldap.py

---
 src/tests/multihost/alltests/test_rfc2307.py |  1 +
 src/tests/system/tests/test_ldap.py          | 44 ++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/src/tests/multihost/alltests/test_rfc2307.py b/src/tests/multihost/alltests/test_rfc2307.py
index a4f92aa0857..39fb4dfeea2 100644
--- a/src/tests/multihost/alltests/test_rfc2307.py
+++ b/src/tests/multihost/alltests/test_rfc2307.py
@@ -51,6 +51,7 @@ class Testrfc2307(object):
           1. Configure SSSD to authenticate against directory server
           2. Enable debug_level to 9 in the 'nss', 'pam' and domain section
     """
+    @pytest.mark.converted('test_ldap.py', 'test_ldap__user_with_whitespace')
     @pytest.mark.tier2
     def test_0001_bz1362023(self, multihost, backupsssdconf):
         """
diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py
index 00f7522e728..09b880298c3 100644
--- a/src/tests/system/tests/test_ldap.py
+++ b/src/tests/system/tests/test_ldap.py
@@ -50,3 +50,47 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str):
 
     assert client.auth.ssh.password(user, new_pass), "Authentication with new correct password failed"
     assert not client.auth.ssh.password(user, old_pass), "Authentication with old incorrect password did not fail"
+
+
+@pytest.mark.ticket(bz=[1067476, 1065534])
+@pytest.mark.topology(KnownTopology.LDAP)
+def test_ldap__user_with_whitespace(client: Client, ldap: LDAP):
+    """
+    :title: user with a whitespace at beginning is able to login and "id"
+    :setup:
+        1. Add " space1" user with uid and password set to SSSD
+        2. Add user without whitespace to SSSD
+        3. Clear memcache, logs and db
+        4. Start SSSD
+    :steps:
+        1. Fetch " space1" user information using 'id'
+        2. Check " space1" user is able to login via ssh
+        3. Check "space1" user is not able to login via ssh
+        4. A normal user information is fetched
+        5. Check if a user information is not fetched if a space is added to the beginning
+    :expectedresults:
+        1. User is fetched and has correct id
+        2. User is able to login
+        3. User is not able to login
+        4. User is fetched and has correct id
+        5. User is not fetched
+    :customerscenario: True
+    """
+    ldap.user(" space1").add(uid=10011, password="Secret123")
+    ldap.user("user1").add(uid=10012)
+    client.sssd.clear(db=True, memcache=True, logs=True)
+    client.sssd.start()
+
+    result = client.tools.id(" space1")
+    assert result is not None
+    assert result.user.id == 10011
+
+    assert client.auth.ssh.password(" space1", "Secret123")
+    assert not client.auth.ssh.password("space1", "Secret123")
+
+    result = client.tools.id("user1")
+    assert result is not None
+    assert result.user.id == 10012
+
+    result = client.tools.id(" user1")
+    assert result is None