From Fedora Project Wiki


In general, try to replicate tests described on other pages using Web UI. Web UI should support most of usecases. Web UI doesn't support work with replicas and setup of client. This test page contains tests which are attempting to reproduce one issue we couldn't reproduce and tests for new features since FreeIPA 2.2. You can try to run these tests on other browsers too. To cover more ground you can use Web UI test cases from previous test day.

In 3.0 Web UI has new controls which serve as a place with listed actions which can be executed. These places are: Action List and Action Panels. Action list is always one on a page. It's situated in page header on the same line as page title, below breadcrumb navigation. You can execute an action by selecting it in drop-down menu and clicking on apply button. Action panels are situated in sections on the right below section title. Action can be executed by just clicking on the text. Usually it should execute some kind of confirmation dialog or a dialog to enter more information.

Setup IE9

For Web UI tests in IE9 you need to have Windows 7, Vista or 2008 server. IE9 can be installed through Windows Update or downloaded on .

Replication of

Goal: try to replicate bug we couldn't replicate.

  1. in /etc/httpd/conf.d/ipa.conf change
    KrbMethodK5Passwd off
    KrbMethodK5Passwd on
  2. restart Apache
    systemctl restart httpd.service
  3. open Web UI in IE9 and enter login/password via IE password dialog, login is in format admin@EXAMPLE.COM
  4. leave the window untouched for a couple of minutes
  5. error dialog with text "Invalid JSON-RPC request: No JSON object could be decoded" might pop up

If you manage to replicate it, please report.


  1. enter random or desired stuff, watch how Web UI reacts
  2. report bugs, inconsistencies and unclear things


Establish trust using Web UI

  1. Navigate to IPA Server/Trusts
  2. Click on Add
  3. Fill the form. You can establish trust using shared secret or admin credentials

ID Ranges

  1. navigate to IPA Server/ID ranges

Add range

  1. click on Add
  2. fill the form
  3. click on Add

Edit range

  1. click on newly created range or existing one
  2. change its attributes
  3. click on Update


There are 3 group types: normal, posix and external. Now you can change group type normal to the other ones. External groups can contain external members which are SIDs from trusted domains.

  • navigate to Identity/User Groups

Create normal group

  1. click on Add
  2. fill name, description, leave group type on normal
  3. click on Add

Check if the group is really normal

  1. click on group name, it should navigate to details page
  2. click on tab Settings
  3. field Group Type should contain Normal. GID should be empty. Both should be non-editable.

Change created group to POSIX

  1. execute action Change to POSIX group from action panel
  2. Group Type should change to POSIX and GID field should be editable and contain auto-generated GID.
  3. group can be also deleted by action Delete in action panel, try it

Change group to External

  1. create normal group and navigate to it's Settings tab. You can save time by using Add and Edit while creating a group.
  2. execute action Change to external group from action panel
  3. Group Type should change to External

Add external members to external group

  1. navigate to External tab in details page of an external group
  2. if you have established trust you can add external members (SIDs of trusted domains) to that group: click on Add
  3. enter SID
  4. click on Add (on the dialog)
  5. try to repeat it with multiple SIDs - try to use Add and Add another button in the dialog

Remove external members

  1. navigate to External tab in details page of an external group
  2. select some members by checking related checkboxes in the table
  3. Delete should become enabled. Click on it and confirm the dialog.
  4. page should refresh and selected members should be gone

Actions which were moved

With action panels several actions moved to them. Action panels are situated on following pages, try to use all actions if possible:

  1. user details page, Settings tab: account settings section
  2. host details page, Settings tab: enrollment, host certificate sections
  3. service details page, Settings tab: provisioning, service certificate sections

DNS zones

DNS zones can have permissions which can be used to allow administration of the zone to different users than admin

Add DNS zone permission

  1. navigate to Identity/DNS, click on DNS zone, choose settings tab
  2. execute Add Permission action from action list

Remove DNS zone permission

  1. execute Remove Permission action from the same action list

SELinux maps


  1. navigate to Policy/SELinux User Maps
  2. click on Add
  3. fill the form, use values similar to CLI test testrule, user_u:s0-s0:c0.c1023
  4. click on Add

Leverage existing HBAC rule

  1. open existing SE Linux rule
  2. in General set HBAC rule field with an existing HBAC rule
  3. click on Update

It should be successful if User and Host' sections are empty. If not, an error should be shown.

Add/Remove users and hosts

You can add/remove users, user groups, hosts and host groups the same way as in HBAC rule UI

SSH public key management

User SSH keys are listed in User details page in Account settings section, host SSH keys are in Host details page in Host settings section. Both are managed the same way.

Add SSH key

  1. click on Add in SSH public keys field, new row should appear
  2. click on Show/Set key link, a dialog with Set SSH key title should pop up
  3. enter the key in Open SSH format into the textarea
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcuiedn5g9vECbjDaboheZ6yZ/ra6fM0YlAzS6bEh6HsH64AaQRih29L0sWygCIjhTPxO4gIaAzC4mrZjFnMbV3GPWhEisU33vJ8fqSmQZaAWAyV+aNIWMZRHIMgvBf+sTPYiMCzH7hkzDjljKHOTnMoDoOJ8cCNalC+KxDfSDDEulo/hmEYNTDQHrQJMtu+X3h7Z/EGbmeYlTFzneNZ/E6BkfCU/as3ViRy+DwKAZ2NPpozh/AEkVEVr76zoqMYuuqk5cyhXDJFeve/qJjBK/JqaGanPk8bxqpYYk6MbNXfP70HBP+8FAZaj53tJBYCB2aIc8+ZlF3z2ZCrh4hUKt
  4. click on Update

You can try adding only the BLOB part.

Edit key

  1. click on Show/Set key link on a key row in SSH public keys field
  2. modify the key the same was as in Add SSH key step

Delete key

Keys are deleted as all multivalued properties. Click on Delete link in the key row.