Test: Add the test when we replace id_provider

With AD/Samba check the authentication of user by replacing id_provider = ldap Signed-off-by: Madhuri Upadhye <[email protected]> Reviewed-by: Alexey Tikhonov <[email protected]> Reviewed-by: Dan Lavu <[email protected]> Reviewed-by: Jakub Vávra <[email protected]>
SSSD · Dec 10, 2024 · ef53531 · ef53531
1 parent 8c86abd
commit ef53531
Showing 1 changed file with 70 additions and 0 deletions.
diff --git a/src/tests/system/tests/test_ad.py b/src/tests/system/tests/test_ad.py
@@ -0,0 +1,70 @@
+"""
+SSSD AD Provider Test Cases
+
+:requirement: ad
+"""
+
+from __future__ import annotations
+
+import pytest
+from sssd_test_framework.roles.client import Client
+from sssd_test_framework.roles.generic import GenericADProvider
+from sssd_test_framework.topology import KnownTopologyGroup
+
+
+@pytest.mark.topology(KnownTopologyGroup.AnyAD)
+@pytest.mark.ticket(jira="RHEL-65848", gh=7690)
+@pytest.mark.parametrize("method", ["su", "ssh"])
+@pytest.mark.importance("high")
+def test_ad__user_authentication_when_provider_is_set_to_ldap_with_gss_spnego(
+    client: Client, provider: GenericADProvider, method: str
+):
+    """
+    :title: Login to AD when id_provider is set to ldap
+    :setup:
+        1. Add AD user
+        2. Update sssd.conf with 'id_provider = ldap', 'ldap_schema = ad',
+        'ldap_id_use_start_tls = false', 'auth_provider = ad' and
+        'ldap_sasl_mech = gssspengo' and Start SSSD
+    :steps:
+        1. Check authentication of the user
+        2. Check log message in krb5_child.log, UPN [user1@null] should not be logged
+    :expectedresults:
+        1. Authentication is successful
+        2. Get required UPN [user1@<domain_name>] from krb5_child.log
+    :customerscenario: False
+    """
+    provider.user("user1").add()
+
+    client.sssd.config.remove_option("domain/test", "id_provider")
+
+    configurations = {
+        "id_provider": "ldap",
+        "ldap_schema": "ad",
+        "ldap_id_use_start_tls": "False",
+        "auth_provider": "ad",
+        "ldap_referrals": "False",
+        "ldap_sasl_mech": "GSS-SPNEGO",
+        "ldap_id_mapping": "True",
+    }
+
+    for key, value in configurations.items():
+        client.sssd.domain[key] = value
+
+    # id_provider = ldap will not add them automatically if they are not
+    # defined on the server side.
+    client.sssd.nss["default_shell"] = "/bin/bash"
+    client.sssd.nss["override_homedir"] = "/home/%u"
+
+    # `provider.host.domain` is ignored because it is dynamically added
+    p_domain = f"{provider.host.domain}"  # type: ignore[attr-defined]
+
+    client.sssd.domain["krb5_realm"] = f"{p_domain.upper()}"
+    client.sssd.domain["dns_discovery_domain"] = f"{p_domain}"
+
+    client.sssd.start()
+
+    assert client.auth.parametrize(method).password("user1", "Secret123"), "User user1 failed login!"
+
+    log_str = client.fs.read("/var/log/sssd/krb5_child.log")
+    assert f"UPN [user1@{p_domain}]" in log_str, f"'UPN [user1@{p_domain}]' not in logs!"  # type: ignore