From Fedora Project Wiki

mNo edit summary
mNo edit summary
Line 7: Line 7:
=== Authentication ===
=== Authentication ===


<ol>
==== Unauthenticated User ====
<li>Unauthenticated User</li>


Verify that an unauthenticated user cannot access the UI.
Verify that an unauthenticated user cannot access the UI.
Line 16: Line 15:
* An error message should appear.
* An error message should appear.


<li>Authenticated as Administrator</li>
==== Authenticated as Administrator ====


Verify that the admin has full access to the UI.
Verify that the admin has full access to the UI.
Line 26: Line 25:
* The initial page should display a list of users.
* The initial page should display a list of users.


<li>Authenticated as User</li>
==== Authenticated as User ====


Verify that a user only has access to the self-service page.
Verify that a user only has access to the self-service page.
Line 39: Line 38:
* The initial page should display user's data.
* The initial page should display user's data.


<li>Expired Credentials</li>
==== Expired Credentials ====


Verify that when the credentials expires the user loses access to the UI.
Verify that when the credentials expires the user loses access to the UI.
Line 52: Line 51:
* Click Retry.
* Click Retry.
* The action should complete successfully.
* The action should complete successfully.
</ol>


=== Users ===
=== Users ===


<ol>
==== Finding Users ====
<li>Finding Users</li>


Verify that the UI can be used to find users.
Verify that the UI can be used to find users.
Line 80: Line 76:
* The list should display all users again.
* The list should display all users again.


<li>Adding Users</li>
==== Adding Users ====


Verify that the UI can be used to add users.
Verify that the UI can be used to add users.
Line 96: Line 92:




<li>Editing Users</li>
==== Editing Users ====


Verify that the UI can be used to edit users.
Verify that the UI can be used to edit users.
Line 114: Line 110:




<li>Changing User Passwords</li>
==== Changing User Passwords ====


Validate that the UI can be used to change user passwords.
Validate that the UI can be used to change user passwords.
Line 133: Line 129:
* Reload the Web UI, it should show the self-service page for this user.
* Reload the Web UI, it should show the self-service page for this user.


<li>Deactivating and Reactivating Users</li>
==== Deactivating and Reactivating Users ====


Verify that the UI can be used to deactivate and reactivate users.
Verify that the UI can be used to deactivate and reactivate users.
Line 150: Line 146:
* Authenticate as the user, it should work.
* Authenticate as the user, it should work.


<li>Managing Group Enrollment</li>
==== Managing Group Enrollment ====


Verify that user's group enrollment can be managed via UI.
Verify that user's group enrollment can be managed via UI.
Line 174: Line 170:




<li>Deleting Users</li>
==== Deleting Users ====


Verify that the UI can be used to delete users.
Verify that the UI can be used to delete users.
Line 188: Line 184:
  # ipa user-show <user login>
  # ipa user-show <user login>


</ol>


=== User Groups ===
=== User Groups ===


<ol>
==== Managing Member Users Enrollment ====
<li>Managing Member Users Enrollment</li>


Verify that group's member users can be managed via UI.
Verify that group's member users can be managed via UI.
Line 222: Line 215:




<li>Managing Member Groups Enrollment</li>
==== Managing Member Groups Enrollment ====


Verify that group's member groups can be managed via UI.
Verify that group's member groups can be managed via UI.
Line 250: Line 243:




<li>Managing Group Membership Enrollment</li>
==== Managing Group Membership Enrollment ====


Verify that group's membership in other groups can be managed via UI.
Verify that group's membership in other groups can be managed via UI.
Line 277: Line 270:
  # ipa group-show <group name>
  # ipa group-show <group name>


</ol>


=== Hosts ===
=== Hosts ===


<ol>
==== Finding Hosts ====
<li>Finding Hosts</li>


Verify that the UI can be used to find hosts.
Verify that the UI can be used to find hosts.
Line 305: Line 295:
* The list should display all hosts.
* The list should display all hosts.


<li>Adding Hosts</li>
==== Adding Hosts ====


Verify that the UI can be used to add new hosts.
Verify that the UI can be used to add new hosts.
Line 320: Line 310:




<li>Editing Hosts</li>
==== Editing Hosts ====


Verify that the UI can be used to edit hosts.
Verify that the UI can be used to edit hosts.
Line 335: Line 325:




<li>Managing Host Enrollment</li>
==== Managing Host Enrollment ====


Verify that host enrollment can be managed via the UI.
Verify that host enrollment can be managed via the UI.
Line 363: Line 353:




<li>Managing Host Certificate</li>
==== Managing Host Certificate ====


Verify that host certificate can be managed via the UI.
Verify that host certificate can be managed via the UI.
Line 396: Line 386:
* Close the dialog box.
* Close the dialog box.


<li>Deleting Hosts</li>
==== Deleting Hosts ====


Verify that the UI can be used to delete hosts.
Verify that the UI can be used to delete hosts.
Line 410: Line 400:
  # ipa host-show <hostname>
  # ipa host-show <hostname>


</ol>


<!--=== Host Groups ===
<!--=== Host Groups ===
Line 419: Line 407:
=== Services ===
=== Services ===


<ol>
==== Managing Service Enrollment ====
<li>Managing Service Enrollment</li>


Verify that service enrollment can be managed via the UI.
Verify that service enrollment can be managed via the UI.
Line 448: Line 435:




<li>Managing Service Certificate</li>
==== Managing Service Certificate ====


Verify that service certificate can be managed via the UI.
Verify that service certificate can be managed via the UI.
Line 480: Line 467:
* Verify the certificate info against the output of the previous command.
* Verify the certificate info against the output of the previous command.
* Close the dialog box.
* Close the dialog box.
</ol>


<!--=== DNS Zones ===
<!--=== DNS Zones ===
Line 489: Line 474:
=== HBAC Rules ===
=== HBAC Rules ===


<ol>
==== Finding HBAC Rules ====
<li>Finding HBAC Rules</li>


Verify that the UI can be used to find HBAC rules.
Verify that the UI can be used to find HBAC rules.
Line 504: Line 488:
* The list should display all HBAC rules.
* The list should display all HBAC rules.


<li>Adding HBAC Rules</li>
==== Adding HBAC Rules ====


Verify that the UI can be used to add HBAC rules.
Verify that the UI can be used to add HBAC rules.
Line 516: Line 500:
* The list should now contain the new HBAC rule.
* The list should now contain the new HBAC rule.


<li>Editing HBAC Rule's General Attributes</li>
==== Editing HBAC Rule's General Attributes ====


Verify that the UI can be used to edit HBAC rule's general attributes.
Verify that the UI can be used to edit HBAC rule's general attributes.
Line 528: Line 512:
* On the left click Update, the Undo links should disappear.
* On the left click Update, the Undo links should disappear.


<li>Editing HBAC Rule's Users</li>
==== Editing HBAC Rule's Users ====


Verify that the UI can be used to edit HBAC rule's users (Who).
Verify that the UI can be used to edit HBAC rule's users (Who).
Line 549: Line 533:
* Click Update, the undo link should disappear.
* Click Update, the undo link should disappear.


<li>Editing HBAC Rule's Target Hosts</li>
==== Editing HBAC Rule's Target Hosts ====


Verify that the UI can be used to edit HBAC rule's target hosts (Accessing).
Verify that the UI can be used to edit HBAC rule's target hosts (Accessing).
Line 555: Line 539:
Steps: Similar to Editing HBAC Rule's Users.
Steps: Similar to Editing HBAC Rule's Users.


<li>Editing HBAC Rule's Services</li>
==== Editing HBAC Rule's Services ====


Verify that the UI can be used to edit HBAC rule's target services (Via Service).
Verify that the UI can be used to edit HBAC rule's target services (Via Service).
Line 561: Line 545:
Steps: Similar to Editing HBAC Rule's Users.
Steps: Similar to Editing HBAC Rule's Users.


<li>Editing HBAC Rule's Source Hosts</li>
==== Editing HBAC Rule's Source Hosts ====


Verify that the UI can be used to edit HBAC rule's source hosts (From).
Verify that the UI can be used to edit HBAC rule's source hosts (From).
Line 567: Line 551:
Steps: Similar to Editing HBAC Rule's Users.
Steps: Similar to Editing HBAC Rule's Users.


<li>Deleting HBAC Rules</li>
==== Deleting HBAC Rules ====


Verify that the UI can be used to delete HBAC rules.
Verify that the UI can be used to delete HBAC rules.
Line 577: Line 561:
* A confirmation message should appear showing the HBAC rules to be deleted.
* A confirmation message should appear showing the HBAC rules to be deleted.
* Click Delete, the selected HBAC rules should disappear from the list.
* Click Delete, the selected HBAC rules should disappear from the list.
</ol>


=== HBAC Services ===
=== HBAC Services ===


<ol>
==== Finding HBAC Services ====
<li>Finding HBAC Services</li>


Verify that the UI can be used to find HBAC services.
Verify that the UI can be used to find HBAC services.
Line 597: Line 578:
* The list should display all HBAC services.
* The list should display all HBAC services.


<li>Adding HBAC Services</li>
==== Adding HBAC Services ====


Verify that the UI can be used to add HBAC services.
Verify that the UI can be used to add HBAC services.
Line 609: Line 590:
* The list should now contain the new HBAC service.
* The list should now contain the new HBAC service.


<li>Editing HBAC Services</li>
==== Editing HBAC Services ====


Verify that the UI can be used to edit HBAC services.
Verify that the UI can be used to edit HBAC services.
Line 620: Line 601:
* On the left click Update, the Undo links should disappear.
* On the left click Update, the Undo links should disappear.


<li>Deleting HBAC Services</li>
==== Deleting HBAC Services ====


Verify that the UI can be used to delete HBAC services.
Verify that the UI can be used to delete HBAC services.
Line 630: Line 611:
* A confirmation message should appear showing the HBAC services to be deleted.
* A confirmation message should appear showing the HBAC services to be deleted.
* Click Delete, the selected HBAC services should disappear from the list.
* Click Delete, the selected HBAC services should disappear from the list.
</ol>


=== HBAC Service Groups ===
=== HBAC Service Groups ===


<ol>
==== Finding HBAC Service Groups ====
<li>Finding HBAC Service Groups</li>


Verify that the UI can be used to find HBAC service groups.
Verify that the UI can be used to find HBAC service groups.
Line 650: Line 628:
* The list should display all HBAC service groups.
* The list should display all HBAC service groups.


<li>Adding HBAC Service Group</li>
==== Adding HBAC Service Group ====


Verify that the UI can be used to add HBAC service groups.
Verify that the UI can be used to add HBAC service groups.
Line 662: Line 640:
* The list should now contain the new HBAC service group.
* The list should now contain the new HBAC service group.


<li>Editing HBAC Service Groups</li>
==== Editing HBAC Service Groups ====


Verify that the UI can be used to edit HBAC service groups.
Verify that the UI can be used to edit HBAC service groups.
Line 673: Line 651:
* On the left click Update, the undo links should disappear.
* On the left click Update, the undo links should disappear.


<li>Deleting HBAC Service Groups</li>
==== Deleting HBAC Service Groups ====


Verify that the UI can be used to delete HBAC service groups.
Verify that the UI can be used to delete HBAC service groups.
Line 683: Line 661:
* A confirmation message should appear showing the HBAC service groups to be deleted.
* A confirmation message should appear showing the HBAC service groups to be deleted.
* Click Delete, the selected HBAC service groups should disappear from the list.
* Click Delete, the selected HBAC service groups should disappear from the list.
</ol>


=== SUDO Rules ===
=== SUDO Rules ===


<ol>
==== Finding SUDO Rules ====
<li>Finding SUDO Rules</li>


Verify that the UI can be used to find SUDO rules.
Verify that the UI can be used to find SUDO rules.
Line 703: Line 678:
* The list should display all SUDO rules.
* The list should display all SUDO rules.


<li>Adding SUDO Rules</li>
==== Adding SUDO Rules ====


Verify that the UI can be used to add SUDO rules.
Verify that the UI can be used to add SUDO rules.
Line 715: Line 690:
* The list should now contain the new SUDO rule.
* The list should now contain the new SUDO rule.


<li>Editing SUDO Rule's General Attributes</li>
==== Editing SUDO Rule's General Attributes ====


Verify that the UI can be used to edit SUDO rule's general attributes.
Verify that the UI can be used to edit SUDO rule's general attributes.
Line 727: Line 702:
* On the left click Update, the undo links should disappear.
* On the left click Update, the undo links should disappear.


<li>Editing SUDO Rule's Users</li>
==== Editing SUDO Rule's Users ====


Verify that the UI can be used to edit SUDO rule's users (Who).
Verify that the UI can be used to edit SUDO rule's users (Who).
Line 748: Line 723:
* Click Update, the undo link should disappear.
* Click Update, the undo link should disappear.


<li>Editing SUDO Rule's Hosts</li>
==== Editing SUDO Rule's Hosts ====


Verify that the UI can be used to edit SUDO rule's hosts (Accessing This Host).
Verify that the UI can be used to edit SUDO rule's hosts (Accessing This Host).
Line 754: Line 729:
Steps: Similar to Editing SUDO Rule's Users.
Steps: Similar to Editing SUDO Rule's Users.


<li>Editing SUDO Rule's Allow/Deny Commands</li>
==== Editing SUDO Rule's Allow/Deny Commands ====


Verify that the UI can be used to edit SUDO rule's allow/deny commands (Run Commands).
Verify that the UI can be used to edit SUDO rule's allow/deny commands (Run Commands).
Line 776: Line 751:
* A dialog box should appear listing the commands/groups to be deleted. Click Delete, the commands/groups should disappear from the list.
* A dialog box should appear listing the commands/groups to be deleted. Click Delete, the commands/groups should disappear from the list.


<li>Editing SUDO Rule's Run-As Users</li>
==== Editing SUDO Rule's Run-As Users ====


Verify that the UI can be used to edit SUDO rule's run-as users (As Whom).
Verify that the UI can be used to edit SUDO rule's run-as users (As Whom).
Line 782: Line 757:
Steps: Similar to Editing SUDO Rule's Users.
Steps: Similar to Editing SUDO Rule's Users.


<li>Deleting SUDO Rules</li>
==== Deleting SUDO Rules ====


Verify that the UI can be used to delete SUDO rules.
Verify that the UI can be used to delete SUDO rules.
Line 792: Line 767:
* A confirmation message should appear showing the SUDO rules to be deleted.
* A confirmation message should appear showing the SUDO rules to be deleted.
* Click Delete, the selected SUDO rules should disappear from the list.
* Click Delete, the selected SUDO rules should disappear from the list.
</ol>


=== SUDO Commands ===
=== SUDO Commands ===


<ol>
==== Finding SUDO Commands ====
<li>Finding SUDO Commands</li>


Verify that the UI can be used to find SUDO commands.
Verify that the UI can be used to find SUDO commands.
Line 812: Line 784:
* The list should display all SUDO commands.
* The list should display all SUDO commands.


<li>Adding SUDO Commands</li>
==== Adding SUDO Commands ====


Verify that the UI can be used to add SUDO commands.
Verify that the UI can be used to add SUDO commands.
Line 824: Line 796:
* The list should now contain the new SUDO commands.
* The list should now contain the new SUDO commands.


<li>Editing SUDO Commands</li>
==== Editing SUDO Commands ====


Verify that the UI can be used to edit SUDO commands.
Verify that the UI can be used to edit SUDO commands.
Line 835: Line 807:
* On the left click Update, the Undo link should disappear.
* On the left click Update, the Undo link should disappear.


<li>Deleting SUDO Commands</li>
==== Deleting SUDO Commands ====


Verify that the UI can be used to delete SUDO commands.
Verify that the UI can be used to delete SUDO commands.
Line 845: Line 817:
* A confirmation message should appear showing the SUDO commands to be deleted.
* A confirmation message should appear showing the SUDO commands to be deleted.
* Click Delete, the selected SUDO commands should disappear from the list.
* Click Delete, the selected SUDO commands should disappear from the list.
</ol>


=== SUDO Command Groups ===
=== SUDO Command Groups ===


<ol>
==== Finding SUDO Command Groups ====
<li>Finding SUDO Command Groups</li>


Verify that the UI can be used to find SUDO command groups.
Verify that the UI can be used to find SUDO command groups.
Line 865: Line 834:
* The list should display all SUDO command groups.
* The list should display all SUDO command groups.


<li>Adding SUDO Command Groups</li>
==== Adding SUDO Command Groups ====


Verify that the UI can be used to add SUDO command groups.
Verify that the UI can be used to add SUDO command groups.
Line 877: Line 846:
* The list should now contain the new SUDO command groups.
* The list should now contain the new SUDO command groups.


<li>Editing SUDO Command Groups</li>
==== Editing SUDO Command Groups ====


Verify that the UI can be used to edit SUDO command groups.
Verify that the UI can be used to edit SUDO command groups.
Line 888: Line 857:
* On the left click Update, the Undo link should disappear.
* On the left click Update, the Undo link should disappear.


<li>Deleting SUDO Command Groups</li>
==== Deleting SUDO Command Groups ====


Verify that the UI can be used to delete SUDO command groups.
Verify that the UI can be used to delete SUDO command groups.
Line 898: Line 867:
* A confirmation message should appear showing the SUDO command groups to be deleted.
* A confirmation message should appear showing the SUDO command groups to be deleted.
* Click Delete, the selected SUDO command groups should disappear from the list.
* Click Delete, the selected SUDO command groups should disappear from the list.
</ol>


<!--=== Password Policy ===
<!--=== Password Policy ===
Line 907: Line 874:
=== Role Based Access Control ===
=== Role Based Access Control ===


<ol>
==== Add subtree permission ====
<li>Add subtree permission</li>
* In tabs click IPA Server->Role Based Access Control
* In tabs click IPA Server->Role Based Access Control
* In left panel click Permission
* In left panel click Permission
Line 920: Line 886:
* Fields should blank out and be set back to filter
* Fields should blank out and be set back to filter


<li>Add filter permission</li>
==== Add filter permission ====
* set the following fields:
* set the following fields:
** permission name:sample-filter-permission
** permission name:sample-filter-permission
Line 929: Line 895:
* Fields should blank out and be set back to filter
* Fields should blank out and be set back to filter


<li>Add target group permission</li>
==== Add target group permission ====
* set the following fields:
* set the following fields:
** permission name:sample-targetgroup-permission
** permission name:sample-targetgroup-permission
Line 938: Line 904:
* Permissions List will update with three new permissions at the end: sample-subtree-permission sample-filter-permission sample-targetgroup-permission
* Permissions List will update with three new permissions at the end: sample-subtree-permission sample-filter-permission sample-targetgroup-permission


<li>Add type permission</li>
==== Add type permission ====
*Click add in left Panel:
*Click add in left Panel:
* set the following fields:
* set the following fields:
Line 950: Line 916:




<li>Add privilege and assign permissions</li>
==== Add privilege and assign permissions ====
* Click '''privileges''' in the left panel
* Click '''privileges''' in the left panel
* click on the add button  
* click on the add button  
Line 969: Line 935:
* the list should now show the four permissions that start with '''sample'''
* the list should now show the four permissions that start with '''sample'''


<li>Delete assigned permission</li>
==== Delete assigned permission ====
* click the checkbox next to '''sample-filter-permission'''
* click the checkbox next to '''sample-filter-permission'''
* click the '''delete'''button in the left panel
* click the '''delete'''button in the left panel
Line 976: Line 942:
* the dialog box should close, and a spinner should briefly appear, then the selected permission should disappear from the list.
* the dialog box should close, and a spinner should briefly appear, then the selected permission should disappear from the list.


<li>Create role and assign permissions</li>
==== Create role and assign permissions ====


* In the left panel, click '''roles'''
* In the left panel, click '''roles'''
Line 1,002: Line 968:
* the privilege settings page should display with the information for '''sample-privilege'''
* the privilege settings page should display with the information for '''sample-privilege'''


<li>Delete permission assignment</li>
==== Delete permission assignment ====


* You should still be on the settings page for '''sample-privilege'''
* You should still be on the settings page for '''sample-privilege'''
Line 1,011: Line 977:
* the '''sample-type-permission'''  value should be removed from the list
* the '''sample-type-permission'''  value should be removed from the list


<li>Delete permissions</li>
==== Delete permissions ====
*in the left panel, click the word '''permissions'''
*in the left panel, click the word '''permissions'''
* the permission list should show.
* the permission list should show.
Line 1,020: Line 986:
* click delete
* click delete
* the list should be empty
* the list should be empty
</ol>


=== Self Service Permissions ===
=== Self Service Permissions ===


<ol>
==== Verify that we can add and remove permissions for users to perform self service on various attributes ====
<li>Verify that we can add and remove permissions for users to perform self service on various attributes</li>
*
*


Line 1,064: Line 1,027:
* open browser, login as psmith
* open browser, login as psmith
* user settings page should be displayed.  home directory field should not be editable anymore.
* user settings page should be displayed.  home directory field should not be editable anymore.
</ol>


=== Delegation ===
=== Delegation ===


<ol>
==== Verify that users assigned to one group can be delegated authority to modify fields for members of another group. ====
<li>Verify that users assigned to one group can be delegated authority to modify fields for members of another group.</li>


*
*
Line 1,113: Line 1,073:
* Click Back to list
* Click Back to list
* The Title field for the user ptownsend should say "Lead Guiter"
* The Title field for the user ptownsend should say "Lead Guiter"
</ol>


<!--=== Configuration ===-->
<!--=== Configuration ===-->
Line 1,120: Line 1,078:
=== Undo and Reset ===
=== Undo and Reset ===


<ol>
Verify that the Undo and Reset links can be used to revert attribute values.
<li>Verify that the Undo and Reset links can be used to revert attribute values.</li>


* As admin or user open the Web UI.
* As admin or user open the Web UI.
Line 1,128: Line 1,085:
* Click the Undo link, the attribute should revert to the original value.
* Click the Undo link, the attribute should revert to the original value.
* Click the Reset link, all attributes should revert to the original values, all Undo links should disappear.
* Click the Reset link, all attributes should revert to the original values, all Undo links should disappear.
</ol>


|results=
|results=
All the test steps should end with the specified results.
All the test steps should end with the specified results.
}}
}}

Revision as of 16:48, 14 February 2011

Description

UI testing.

Setup

  1. Make sure you have a working FreeIPA server (see QA:Testcase_freeipav2_installation)
  2. Make sure the CLI works as expected (see QA:Testcase_freeipav2_cli)

How to test

Authentication

Unauthenticated User

Verify that an unauthenticated user cannot access the UI.

  • Remove all credentials using kdestroy and check with klist.
  • Open the Web UI.
  • An error message should appear.

Authenticated as Administrator

Verify that the admin has full access to the UI.

  • Authenticate as admin.
  • Open the Web UI.
  • At the top right corner it should say Administrator.
  • There should be 3 tabs: Identity, Policy, IPA Server.
  • The initial page should display a list of users.

Authenticated as User

Verify that a user only has access to the self-service page.

  • Authenticate as admin.
  • Create a new user.
  • Set user's password.
  • Authenticate as the new user.
  • Open the Web UI.
  • The user's name should appear at the top right corner.
  • There should be 1 tab: Identity.
  • The initial page should display user's data.

Expired Credentials

Verify that when the credentials expires the user loses access to the UI.

  • Authenticate as admin or user using kinit.
  • Open the Web UI.
  • The UI should work normally.
  • Remove credentials using kdestroy.
  • Perform any action on the UI.
  • An error message should appear.
  • Authenticate again as admin or user.
  • Click Retry.
  • The action should complete successfully.

Users

Finding Users

Verify that the UI can be used to find users.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • The page should display a list of all users.
  • The list should contain these columns: full name, user login, UID, email address, and telephone number.
  • Verify the list with the following command:
# ipa user-find
  • Above the list there should be a search field.
  • Enter a keyword which is the partial name of a known user, then click Find.
  • The list should show users with matching names.
  • Verify the list with the following command:
# ipa user-find <keyword>
  • Empty the search field, then click Find.
  • The list should display all users again.

Adding Users

Verify that the UI can be used to add users.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • The page should display a list of all users.
  • On the left click Add.
  • Enter user login, first name, and last name.
  • Click Add.
  • The list should now contain the new user.
  • Verify the addition with the following command:
# ipa user-show <user login>


Editing Users

Verify that the UI can be used to edit users.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • Click one of the users in the list.
  • The user details should be displayed.
  • Change the value of some attributes.
  • Undo the changes on some attributes.
  • On the left click Update, the undo links should disappear.
  • Click Back to List.
  • It should display the list of users.
  • Verify the changes with the following command:
# ipa user-show <user login>


Changing User Passwords

Validate that the UI can be used to change user passwords.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • Click one of the users in the list.
  • Under "Account Settings", click "reset password".
  • Enter a temporary password, then click "Reset Password".
  • Authenticate as the user and enter the temporary password. It will ask for a new password, enter a new password.
# kinit psmith

Password for psmith@IPA: <temporary password> Password expired. You must change it now. Enter new password: <new password> Enter it again: <new password>

  • Reload the Web UI, it should show the self-service page for this user.

Deactivating and Reactivating Users

Verify that the UI can be used to deactivate and reactivate users.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • Click one of the users in the list.
  • Under "Account Settings", the "Account disabled" should indicate that the user is initially Active.
  • Click Deactivate, the status should change to Inactive.
  • Authenticate as the user, it should fail.
# kinit psmith

kinit: Clients credentials have been revoked while getting initial credentials

  • Click Activate, the status should change back to Active.
  • Authenticate as the user, it should work.

Managing Group Enrollment

Verify that user's group enrollment can be managed via UI.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • Click one of the users in the list.
  • On the left under Member Of click User Groups.
  • The list of User Groups where the user is enrolled in should be displayed.
  • Click Enroll, a dialog box will appear.
  • Select some User Groups from the available list, then click >>.
  • Click Enroll, the selected User Groups should be added to the list.
  • Verify with the following command:
# ipa user-show <user login>
  • Select some User Groups from the list.
  • Click Delete, a dialog box will appear.
  • Click Delete, the selected User Groups should be deleted from the list.
  • Verify with the following command:
# ipa user-show <user login>


Deleting Users

Verify that the UI can be used to delete users.

  • As admin open the Web UI.
  • Go to Identity -> Users.
  • Check the checkboxes next to some of the users in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the users to be deleted.
  • Click Delete, the selected users should disappear from the list.
  • Verify the deletion with the following command:
# ipa user-show <user login>


User Groups

Managing Member Users Enrollment

Verify that group's member users can be managed via UI.

  • As admin open the Web UI.
  • Go to Identity -> Groups.
  • Click one of the groups in the list.
  • On the left under Member click Users.
  • The list of member users should be displayed.
  • Verify the member users with the following command:
# ipa group-show <group name>
  • Click Enroll, a dialog box will appear.
  • Select some users from the available list, then click >>.
  • Click Enroll, the selected users should be added to the list.
  • Verify the addition with the following command:
# ipa group-show <group name>
  • Select some users from the list.
  • Click Delete, a dialog box will appear.
  • Click Delete, the selected users should be deleted from the list.
  • Verify the deletion with the following command:
# ipa group-show <group name>


Managing Member Groups Enrollment

Verify that group's member groups can be managed via UI.

  • As admin open the Web UI.
  • Go to Identity -> Groups.
  • Click one of the groups in the list.
  • On the left under Member click User Groups.
  • The list of member groups should be displayed.
  • Verify the member groups with the following command:
# ipa group-show <group name>
  • Click Enroll, a dialog box will appear.
  • Select some groups from the available list, then click >>.
  • Click Enroll, the selected groups should be added to the list.
  • Verify the addition with the following command:
# ipa group-show <group name>
  • Select some groups from the list.
  • Click Delete, a dialog box will appear.
  • Click Delete, the selected groups should be deleted from the list.
  • Verify the deletion with the following command:
# ipa group-show <group name>


Managing Group Membership Enrollment

Verify that group's membership in other groups can be managed via UI.

  • As admin open the Web UI.
  • Go to Identity -> Groups.
  • Click one of the groups in the list.
  • On the left under Member Of click User Groups.
  • The list of groups where this group is a member should be displayed.
  • Verify the group membership (member of groups) with the following command:
# ipa group-show <group name>
  • Click Enroll, a dialog box will appear.
  • Select some groups from the available list, then click >>.
  • Click Enroll, the selected groups should be added to the list.
  • Verify the addition with the following command:
# ipa group-show <group name>
  • Select some groups from the list.
  • Click Delete, a dialog box will appear.
  • Click Delete, the selected groups should be deleted from the list.
  • Verify the deletion with the following command:
# ipa group-show <group name>


Hosts

Finding Hosts

Verify that the UI can be used to find hosts.

  • As admin open the Web UI.
  • Go to Identity -> Hosts.
  • The page should display a list of all hosts. Initially there is only one host which is the IPA server itself.
  • The list should contain these columns: hostname, description, enrolled and location.
  • Verify the list with the following command:
# ipa host-find
  • Above the list there should be a search field.
  • Enter a keyword which is the partial name of a known host, then click Find.
  • The list should show hosts with matching names.
  • Verify the list with the following command:
# ipa host-find <keyword>
  • Empty the search field, then click Find.
  • The list should display all hosts.

Adding Hosts

Verify that the UI can be used to add new hosts.

  • As admin open the Web UI.
  • Go to Identity -> Hosts.
  • The page should display a list of all hosts.
  • On the left click Add.
  • Enter the hostname and select Force.
  • Click Add, the list should now contain the new host.
  • Verify the addition with the following command:
# ipa host-show <hostname>


Editing Hosts

Verify that the UI can be used to edit hosts.

  • As admin open the Web UI.
  • Go to Identity -> Hosts.
  • Click one of the hosts in the list.
  • The host details should be displayed.
  • Change the host description, an undo link should appear.
  • On the left click Update, the undo links should disappear.
  • Verify the changes with the following command:
# ipa host-show <hostname>


Managing Host Enrollment

Verify that host enrollment can be managed via the UI.

  • As admin open the Web UI.
  • Go to Identity -> Hosts.
  • Create a new host (e.g. test.example.com), then view the host details. Don't use the IPA server's host for this.
  • Initially the enrollment status should say: Kerberos Key Not Present.
  • Verify the Keytab is False with the following command:
# ipa host-show <hostname>
  • Get the host keytab using the following command:
# ipa-getkeytab -s localhost -p host/test.example.com -k test.keytab
  • Reload the host details page. The status should say: Kerberos Key Present.
  • Verify the Keytab is True with the following command:
# ipa host-show <hostname>
  • Click Delete Key, Unprovision, a dialog box should appear.
  • Click Unprovision to confirm. The status should change back to: Kerberos Key Not Present.
  • Verify the Keytab is False with the following command:
# ipa host-show <hostname>


Managing Host Certificate

Verify that host certificate can be managed via the UI.

  • As admin open the Web UI.
  • Go to Identity -> Hosts.
  • Create a new host (e.g. test.example.com), then view the host details. Don't use the IPA server's host for this.
  • Initially the certificate status should say: No Valid Certificate.
  • Verify there is no certificate with the following command:
# ipa host-show <hostname>
  • Generate private key using the following command:
# openssl genrsa -out test.key 1024
  • Generate CSR using the following command:
# openssl req -new -nodes -subj '/O=IPA/CN=test.example.com' -key test.key -out test.csr
  • Open test.csr, copy the base-64 encoded CSR data not including the BEGIN/END CERTIFICATE REQUEST delimiters.
  • Click New Certificate, paste the CSR data.
  • Click Issue, the status should now say: Valid Certificate Present.
  • Verify new certificate is created with the following command:
# ipa host-show <hostname>
  • Click Get, the base-64 encoded certificate should be displayed.
  • Verify the base-64 encoded certificate against the output of the previous command.
  • Close the dialog box. Click View, the certificate info should be displayed.
  • Verify the certificate info against the output of the previous command.
  • Close the dialog box.

Deleting Hosts

Verify that the UI can be used to delete hosts.

  • As admin open the Web UI.
  • Go to Identity -> Hosts.
  • Check the checkboxes next to some of the hosts in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the hosts to be deleted.
  • Click Delete, the selected hosts should disappear from the list.
  • Verify the deletion with the following command:
# ipa host-show <hostname>


Services

Managing Service Enrollment

Verify that service enrollment can be managed via the UI.

  • As admin open the Web UI.
  • Go to Identity -> Services.
  • Create a new service (e.g. nfs/test.example.com), then view the service details. Don't use existing IPA services for this.
  • Initially the enrollment status should say: Kerberos Key Not Present.
  • Verify the Keytab is False with the following command:
# ipa service-show <service principal>
  • Get the host keytab using the following command:
# ipa-getkeytab -s localhost -p nfs/test.example.com -k test.keytab
  • Reload the service details page. The status should say: Kerberos Key Present.
  • Verify the Keytab is True with the following command:
# ipa service-show <service principal>
  • Click Delete Key, Unprovision, a dialog box should appear.
  • Click Unprovision to confirm. The status should change back to: Kerberos Key Not Present.
  • Verify the Keytab is False with the following command:
# ipa service-show <service principal>


Managing Service Certificate

Verify that service certificate can be managed via the UI.

  • As admin open the Web UI.
  • Go to Identity -> Services.
  • Create a new service (e.g. nfs/test.example.com), then view the service details. Don't use existing IPA services for this.
  • Initially the certificate status should say: No Valid Certificate.
  • Verify there is no certificate with the following command:
# ipa service-show <service principal>
  • Generate private key using the following command:
# openssl genrsa -out test.key 1024
  • Generate CSR using the following command:
# openssl req -new -nodes -subj '/O=IPA/CN=test.example.com' -key test.key -out test.csr
  • Open test.csr, copy the base-64 encoded CSR data not including the BEGIN/END CERTIFICATE REQUEST delimiters.
  • Click New Certificate, paste the CSR data.
  • Click Issue, the status should now say: Valid Certificate Present.
  • Verify new certificate is created with the following command:
# ipa service-show <service principal> --all
  • Click Get, the base-64 encoded certificate should be displayed.
  • Verify the base-64 encoded certificate against the output of the previous command.
  • Close the dialog box. Click View, the certificate info should be displayed.
  • Verify the certificate info against the output of the previous command.
  • Close the dialog box.


HBAC Rules

Finding HBAC Rules

Verify that the UI can be used to find HBAC rules.

  • As admin open the Web UI.
  • Go to Policy -> HBAC.
  • The page should display a list of all HBAC rules.
  • The list should contain these columns: rule name, user category, host category, enabled, service category and source host category.
  • Above the list there should be a search field.
  • Enter a partial name of a known HBAC rule, then click Find.
  • The list should show HBAC rules with matching names.
  • Empty the search field, then click Find.
  • The list should display all HBAC rules.

Adding HBAC Rules

Verify that the UI can be used to add HBAC rules.

  • As admin open the Web UI.
  • Go to Policy -> HBAC.
  • The page should display a list of all HBAC rules.
  • On the left click Add.
  • Enter rule name and rule type.
  • Click Add.
  • The list should now contain the new HBAC rule.

Editing HBAC Rule's General Attributes

Verify that the UI can be used to edit HBAC rule's general attributes.

  • As admin open the Web UI.
  • Go to Policy -> HBAC.
  • Click one of the HBAC rules in the list.
  • The HBAC rule details should be displayed.
  • Under the General section change the value of some attributes.
  • Undo the changes on some attributes.
  • On the left click Update, the Undo links should disappear.

Editing HBAC Rule's Users

Verify that the UI can be used to edit HBAC rule's users (Who).

  • As admin open the Web UI.
  • Go to Policy -> HBAC.
  • Create a new HBAC rule, then edit it.
  • Initially the user category should be: Specified Users and Groups. The list of Users and User Groups should be empty.
  • On the Users list click Add, select some users, click >>, then click Enroll.
  • The users should be added into the list.
  • Select some users from the Users list, then click Remove.
  • A dialog box should appear listing the users to be deleted. Click Delete, the users should disappear from the list.
  • On the User Groups list click Add, select some groups, click >>, then click Enroll.
  • The groups should be added into the list.
  • Select some groups from the User Groups list, then click Remove.
  • A dialog box should appear listing the groups to be deleted. Click Delete, the groups should disappear from the list.
  • Change the user category to: Anyone. An undo link should appear. The Add/Remove links should become disabled.
  • Click Update, the undo link should disappear. The Users and User Groups lists should become empty.
  • Change the user category back to: Specified Users and Groups. An undo link should appear. The Add/Remove links should become enabled again.
  • Click Update, the undo link should disappear.

Editing HBAC Rule's Target Hosts

Verify that the UI can be used to edit HBAC rule's target hosts (Accessing).

Steps: Similar to Editing HBAC Rule's Users.

Editing HBAC Rule's Services

Verify that the UI can be used to edit HBAC rule's target services (Via Service).

Steps: Similar to Editing HBAC Rule's Users.

Editing HBAC Rule's Source Hosts

Verify that the UI can be used to edit HBAC rule's source hosts (From).

Steps: Similar to Editing HBAC Rule's Users.

Deleting HBAC Rules

Verify that the UI can be used to delete HBAC rules.

  • As admin open the Web UI.
  • Go to Policy -> HBAC.
  • Check the checkboxes next to some of the HBAC rules in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the HBAC rules to be deleted.
  • Click Delete, the selected HBAC rules should disappear from the list.

HBAC Services

Finding HBAC Services

Verify that the UI can be used to find HBAC services.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Services.
  • The page should display a list of all HBAC services.
  • The list should contain these columns: service name and description.
  • Above the list there should be a search field.
  • Enter a partial name of a known HBAC service, then click Find.
  • The list should show HBAC services with matching names.
  • Empty the search field, then click Find.
  • The list should display all HBAC services.

Adding HBAC Services

Verify that the UI can be used to add HBAC services.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Services.
  • The page should display a list of all HBAC services.
  • On the left click Add.
  • Enter service name and description.
  • Click Add.
  • The list should now contain the new HBAC service.

Editing HBAC Services

Verify that the UI can be used to edit HBAC services.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Services.
  • Click one of the HBAC services in the list.
  • The HBAC service details should be displayed.
  • Change the description. An Undo link should appear.
  • On the left click Update, the Undo links should disappear.

Deleting HBAC Services

Verify that the UI can be used to delete HBAC services.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Services.
  • Check the checkboxex next to some of the HBAC services in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the HBAC services to be deleted.
  • Click Delete, the selected HBAC services should disappear from the list.

HBAC Service Groups

Finding HBAC Service Groups

Verify that the UI can be used to find HBAC service groups.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Service Groups.
  • The page should display a list of all HBAC service groups.
  • The list should contain these columns: service group name and description.
  • Above the list there should be a search field.
  • Enter a partial name of a known HBAC service group, then click Find.
  • The list should show HBAC service groups with matching names.
  • Empty the search field, then click Find.
  • The list should display all HBAC service groups.

Adding HBAC Service Group

Verify that the UI can be used to add HBAC service groups.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Service Groups.
  • The page should display a list of all HBAC service groups.
  • On the left click Add.
  • Enter service group name and description.
  • Click Add.
  • The list should now contain the new HBAC service group.

Editing HBAC Service Groups

Verify that the UI can be used to edit HBAC service groups.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Service Groups.
  • Click one of the HBAC service groups in the list.
  • The HBAC service group details should be displayed.
  • Change the description. An undo link should appear.
  • On the left click Update, the undo links should disappear.

Deleting HBAC Service Groups

Verify that the UI can be used to delete HBAC service groups.

  • As admin open the Web UI.
  • Go to Policy -> HBAC -> HBAC Service Groups.
  • Check the checkboxes next to some of the HBAC service groups in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the HBAC service groups to be deleted.
  • Click Delete, the selected HBAC service groups should disappear from the list.

SUDO Rules

Finding SUDO Rules

Verify that the UI can be used to find SUDO rules.

  • As admin open the Web UI.
  • Go to Policy -> SUDO.
  • The page should display a list of all SUDO rules.
  • The list should contain these columns: rule name, description, command category.
  • Above the list there should be a search field.
  • Enter a partial name of a known SUDO rule, then click Find.
  • The list should show SUDO rules with matching names.
  • Empty the search field, then click Find.
  • The list should display all SUDO rules.

Adding SUDO Rules

Verify that the UI can be used to add SUDO rules.

  • As admin open the Web UI.
  • Go to Policy -> SUDO.
  • The page should display a list of all SUDO rules.
  • On the left click Add.
  • Enter rule name.
  • Click Add.
  • The list should now contain the new SUDO rule.

Editing SUDO Rule's General Attributes

Verify that the UI can be used to edit SUDO rule's general attributes.

  • As admin open the Web UI.
  • Go to Policy -> SUDO.
  • Click one of the SUDO rules in the list.
  • The SUDO rule details should be displayed.
  • Under the General section change the value of some attributes.
  • Undo the changes on some attributes.
  • On the left click Update, the undo links should disappear.

Editing SUDO Rule's Users

Verify that the UI can be used to edit SUDO rule's users (Who).

  • As admin open the Web UI.
  • Go to Policy -> SUDO.
  • Create a new SUDO rule, then edit it.
  • Initially the user category should be: Specified Users and Groups. The list of Users and User Groups should be empty.
  • On the Users list click Add, select some users, click >>, then click Enroll.
  • The users should be added into the list.
  • Select some users from the Users list, then click Remove.
  • A dialog box should appear listing the users to be deleted. Click Delete, the users should disappear from the list.
  • On the User Groups list click Add, select some groups, click >>, then click Enroll.
  • The groups should be added into the list.
  • Select some groups from the User Groups list, then click Remove.
  • A dialog box should appear listing the groups to be deleted. Click Delete, the groups should disappear from the list.
  • Change the user category to: Anyone. An undo link should appear. The Add/Remove links should become disabled.
  • Click Update, the undo link should disappear. The Users and User Groups lists should become empty.
  • Change the user category back to: Specified Users and Groups. An undo link should appear. The Add/Remove links should become enabled again.
  • Click Update, the undo link should disappear.

Editing SUDO Rule's Hosts

Verify that the UI can be used to edit SUDO rule's hosts (Accessing This Host).

Steps: Similar to Editing SUDO Rule's Users.

Editing SUDO Rule's Allow/Deny Commands

Verify that the UI can be used to edit SUDO rule's allow/deny commands (Run Commands).

  • As admin open the Web UI.
  • Go to Policy -> SUDO.
  • Create a new SUDO rule, then edit it. Go to Run Commands section.
  • There should be 2 subsections: Allow and Deny.
  • The Allow subsection should have a command category.
  • Initially the command category should be: Specified Commands and Groups.
  • Iniitally the list of Allow Commands/Groups should be empty.
  • On the Allow Commands/Groups list click Add, select some commands/groups, click >>, then click Enroll.
  • The commands/groups should be added into the list.
  • Select some commands/groups from the Allow Commands/Groups list, then click Remove.
  • A dialog box should appear listing the commands/groups to be deleted. Click Delete, the commands/groups should disappear from the list.
  • The Deny subsection should not have a command category.
  • Initially the list of Deny Commands/Groups should be empty.
  • On the Deny Commands/Groups list click Add, select some commands/groups, click >>, then click Enroll.
  • The commands/groups should be added into the list.
  • Select some commands/groups from the Deny Commands/Groups list, then click Remove.
  • A dialog box should appear listing the commands/groups to be deleted. Click Delete, the commands/groups should disappear from the list.

Editing SUDO Rule's Run-As Users

Verify that the UI can be used to edit SUDO rule's run-as users (As Whom).

Steps: Similar to Editing SUDO Rule's Users.

Deleting SUDO Rules

Verify that the UI can be used to delete SUDO rules.

  • As admin open the Web UI.
  • Go to Policy -> SUDO.
  • Check the checkboxes next to some of the SUDO rules in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the SUDO rules to be deleted.
  • Click Delete, the selected SUDO rules should disappear from the list.

SUDO Commands

Finding SUDO Commands

Verify that the UI can be used to find SUDO commands.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Commands.
  • The page should display a list of all SUDO commands.
  • The list should contain these columns: SUDO command and description.
  • Above the list there should be a search field.
  • Enter a partial name of a known SUDO command, then click Find.
  • The list should show SUDO commands with matching commands.
  • Empty the search field, then click Find.
  • The list should display all SUDO commands.

Adding SUDO Commands

Verify that the UI can be used to add SUDO commands.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Commands.
  • The page should display a list of all SUDO commands.
  • On the left click Add.
  • Enter SUDO command and description.
  • Click Add.
  • The list should now contain the new SUDO commands.

Editing SUDO Commands

Verify that the UI can be used to edit SUDO commands.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Commands.
  • Click one of the SUDO commands in the list.
  • The SUDO command details should be displayed.
  • Change the description. An Undo link should appear.
  • On the left click Update, the Undo link should disappear.

Deleting SUDO Commands

Verify that the UI can be used to delete SUDO commands.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Commands.
  • Check the checkboxes next to some of the SUDO commands in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the SUDO commands to be deleted.
  • Click Delete, the selected SUDO commands should disappear from the list.

SUDO Command Groups

Finding SUDO Command Groups

Verify that the UI can be used to find SUDO command groups.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Command Groups.
  • The page should display a list of all SUDO command groups.
  • The list should contain these columns: SUDO command group and description.
  • Above the list there should be a search field.
  • Enter a partial name of a known SUDO command group, then click Find.
  • The list should show SUDO command groups with matching names.
  • Empty the search field, then click Find.
  • The list should display all SUDO command groups.

Adding SUDO Command Groups

Verify that the UI can be used to add SUDO command groups.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Command Groups.
  • The page should display a list of all SUDO command groups.
  • On the left click Add.
  • Enter SUDO command group and description.
  • Click Add.
  • The list should now contain the new SUDO command groups.

Editing SUDO Command Groups

Verify that the UI can be used to edit SUDO command groups.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Command Groups.
  • Click one of the SUDO command groups in the list.
  • The SUDO command group details should be displayed.
  • Change the description. An Undo link should appear.
  • On the left click Update, the Undo link should disappear.

Deleting SUDO Command Groups

Verify that the UI can be used to delete SUDO command groups.

  • As admin open the Web UI.
  • Go to Policy -> SUDO -> SUDO Command Groups.
  • Check the checkboxes next to some of the SUDO command groups in the list.
  • On the left click Delete.
  • A confirmation message should appear showing the SUDO command groups to be deleted.
  • Click Delete, the selected SUDO command groups should disappear from the list.


Role Based Access Control

Add subtree permission

  • In tabs click IPA Server->Role Based Access Control
  • In left panel click Permission
  • Click Add
  • set the following fields:
    • permission name:sample-subtree-permission
    • rights: write
    • Target On: Query
    • ldap:///cn=*,cn=roles,cn=accounts,dc=example,dc=com
  • Click Add and Add Another
  • Fields should blank out and be set back to filter

Add filter permission

  • set the following fields:
    • permission name:sample-filter-permission
    • rights: write
    • Target On: Filter
    • ou=engineering
  • Click Add and Add Another
  • Fields should blank out and be set back to filter

Add target group permission

  • set the following fields:
    • permission name:sample-targetgroup-permission
    • rights: write
    • Target On: targetgroup
    • group:editors
  • Click Add
  • Permissions List will update with three new permissions at the end: sample-subtree-permission sample-filter-permission sample-targetgroup-permission

Add type permission

  • Click add in left Panel:
  • set the following fields:
    • permission name:sample-type-permission
    • rights: write
    • Target On: type
    • Type: user
    • attributes: scroll down and click title
  • Click Add and Edit
  • Settings page should display. The type select box should be displayed and set to user, the checkbox next to the title attribute should be checked


Add privilege and assign permissions

  • Click privileges in the left panel
  • click on the add button
  • Fill in the following fields
    • Name: sample-privilege
    • Description: Privilege for testing purposes only.
  • click Add and Edit
  • the privilege settings page should show.
  • in the left panel, under Member Of, click Permissions
  • Click enroll
  • type sample into the text box at the top of the dialog and click Find
  • the left column labeled Available should show the four permissions created above
  • click the checkbox next to the word "Permissions" in the left column
  • all the check boxes in the white area should now be checked
  • click >>
  • he selected permissions should move to to the right column, labeled prospective
  • click enroll
  • the list should now show the four permissions that start with sample

Delete assigned permission

  • click the checkbox next to sample-filter-permission
  • click the deletebutton in the left panel
  • a dialog box should show the selelcted permission
  • click delete
  • the dialog box should close, and a spinner should briefly appear, then the selected permission should disappear from the list.

Create role and assign permissions

  • In the left panel, click roles
  • The list should be prepopulated with some entires.
  • In he left panel, click the add button
  • A dialog should open up
  • fill out the following values:
    • Role Name: sample-role
    • Description: role for testing only
  • click add
  • the role sample-role should be appended to the list
  • click the hyperlink sample-role
  • the role details page should appear, with the name and description
  • in the left panel, under member of click 'Privileges'
  • the list should be empty.
  • in the left panel, click the enroll button
  • in the text box at the top of the dialog, type sample
  • Click the find button
  • The left column labeled privileges should reduce to a single entry, sample-privilege
  • click the checkbox next to sample-privilege
  • click >>
  • click the enroll button
  • The dialog should close, and the list should update with the sample-privilege
  • click the hyperlink 'sample-privilege
  • the privilege settings page should display with the information for sample-privilege

Delete permission assignment

  • You should still be on the settings page for sample-privilege
  • In the left panel, under the word Member of click on the word permissions
  • the four permissions starting with the word sample should be listed
  • click the checkbox at the next to the word sample-type-permission
  • click the delete button in the left panel
  • the sample-type-permission value should be removed from the list

Delete permissions

  • in the left panel, click the word permissions
  • the permission list should show.
  • in the text field at the tope of the page, type the word sample
  • click the find button
  • the list should be reduced to the four permissions starting with the word sample
  • click the checkbox at the top of the page to select all four permissions
  • click delete
  • the list should be empty

Self Service Permissions

Verify that we can add and remove permissions for users to perform self service on various attributes

# kinit admin
  • open browser
  • navigate to http://server.ipa.example.com
  • Click IPA Server tab
  • Click Self Service Permissions tab:
  • Self Service Permisions should be listed, with only one value in there: user can change own password
  • Click add
  • set to following fields
    • Self-Service name: change-homedir
    • Under attributes, homedirectory
  • Click Add and Edit
  • Close browser

Verify that the permissions are enabled

# kinit psmith
  • open browser, login as psmith
  • user settings page should be displayed. home directory field should now be editable.

Verify that deleting the permission disables the field.

  • close broweser
# kinit admin
  • open browser. go to IPA Server->Self Service Permissions
  • click checkbox next to change-homedir
  • click delete
  • Close browser
  • kinit psmith
  • open browser, login as psmith
  • user settings page should be displayed. home directory field should not be editable anymore.

Delegation

Verify that users assigned to one group can be delegated authority to modify fields for members of another group.

# kinit admin
  • open browser. go to http://server.ipa.example.com
  • click IPA server Top tab
  • click Delegation subtab
  • Should be on delegation list page, and the list should be empty
  • Click Add
  • Fill out the following fileds with the specified values
    • DelegationName: title-delegate
    • scroll down and click title
    • User Group: click editors
    • Member User group: click ipausers
  • Click add and edit.
  • Settyings page should be displayed. Values should be what they were set on 'add'
  • Go to Indentity->User tab.
  • select user psmith
  • User settings page for psmith should show.
  • click on user Groups in the left panel
  • click on the enroll button in the left panel
    • select group editors
    • click >> to move that to the right list of enrollments.
    • click enroll
  • click on Back to List
  • create another user with uid of ptownshend
  • close browser
# kdestroy
# kinit psmith
  • open browser
  • go to http://server.ipa.example.com
  • you should be on the psmith user page. click "Back to List"
  • you should be on the user list page
  • select user ptownshend
  • You should be on that user settings page for ptownshend. Most of the fields should be unwritable, but the title field should be editable.
  • Add the value "Lead Guitar" and click update.
  • Click Back to list
  • The Title field for the user ptownsend should say "Lead Guiter"


Undo and Reset

Verify that the Undo and Reset links can be used to revert attribute values.

  • As admin or user open the Web UI.
  • Open one of the details page (e.g. go to Identity -> Users, click one of the users).
  • Change the value on some of the attributes. An Undo link should appear next to each of the attribute changed.
  • Click the Undo link, the attribute should revert to the original value.
  • Click the Reset link, all attributes should revert to the original values, all Undo links should disappear.

Expected Results

All the test steps should end with the specified results.