Test Day:2013-07-25 AD trusts with POSIX attributes in AD and support for old clients

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
Line 63: Line 63:
 
* 1.  [[QA:Testcase_freeipa_trust_establish|Establish trust with an AD server]].
 
* 1.  [[QA:Testcase_freeipa_trust_establish|Establish trust with an AD server]].
 
** When this test case is completed, the trust relationship between an IPA server and an AD server would be established
 
** When this test case is completed, the trust relationship between an IPA server and an AD server would be established
* 2.  [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Use nss-pam-ldapd to give access to trusted domain users]]
+
* 2.  [[QA:Testcase_freeipa_generic_trust_client_config|Configure a generic legacy client for accessing trusted resources]]
 +
** Instructions for setting up a generic LDAP client are described here
 +
* 3.  [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Use nss-pam-ldapd to give access to trusted domain users]]
 
** This is actual test for old clients using nss-pam-ldapd (http://arthurdejong.org/git/nss-pam-ldapd). We are interested in test on RHEL 4/5, FreeBSD, and Solaris/AIX
 
** This is actual test for old clients using nss-pam-ldapd (http://arthurdejong.org/git/nss-pam-ldapd). We are interested in test on RHEL 4/5, FreeBSD, and Solaris/AIX
* 3.  [[QA:Testcase_freeipa_use_legacy_sssd_to_give_access_to_trusted_domain_users|Use legacy SSSD to give access to trusted domain users]]
+
* 4.  [[QA:Testcase_freeipa_use_legacy_sssd_to_give_access_to_trusted_domain_users|Use legacy SSSD to give access to trusted domain users]]
 
** This is actual test for old clients using SSSD, but without native support for subdomain users. This includes all SSSD versions up to 1.9
 
** This is actual test for old clients using SSSD, but without native support for subdomain users. This includes all SSSD versions up to 1.9
 
== Test Results ==
 
== Test Results ==

Revision as of 23:19, 24 July 2013

Fedora Test Days
Echo-testing-48px.png
Provide users from trusted Active directory domain to legacy clients

Date 2013-07-25
Time all day

Website QA/Fedora_19_test_days
IRC #fedora-test-day (webirc)

Mailing list
MailSubscribeArchives


Note.png
Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

Contents

What to test?

Today's instalment of Fedora Test Day will focus on making the support for users coming from a trusted Active Directory domain available to legacy (non-SSSD) clients as well as providing support for using POSIX attributes from AD.

Who's available

Feedback

We need your feedback!

Prerequisite for Test Day

# wget http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo \
       -O /etc/yum.repos.d/fedora-freeipa-test-day.repo

How to test?

This test day focuses on making users and groups from a trusted AD domain available to a wide range of clients. Even if your flavor of Linux or UNIX client is not described in the steps below, you are still welcome to join the test day! In general, the testing would include:

  • Establish a trust between an IPA server and an Active Directory instance following the steps below
  • Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server
  • Retrieve identity information about users coming from the trusted AD domain
  • Authenticate as a user coming from the trusted AD domain

Please report any issues you find using the channels described above or simply start a thread on the freeipa-users mailing list.

Test Cases

Install/Setup Tests

Using POSIX attributes defined in AD

Serving legacy clients for trusts

Test Results

If you have problems with any of the tests, report a bug to Trac or Bugzilla usually for the component freeipa

Note.png
Filing a bug
If you are unsure about exactly how to file the report or what other information to include, just ask us on IRC and we will help you.

Once you have completed the tests, add your results to the appropriate Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.

User Installation POSIX in AD Trust creation Legacy clients Legacy SSSD References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
Pass pass
  1. Test pass, but also encountered RHBZ #54321
  2. RHBZ #12345