ipatests:Test if proper error thrown when AD user tries to run IPA co…

…mmands Before fix the error used to implies that the ipa setup is broken. Fix is to throw the proper error. This test is to check that the error with 'Invalid credentials' thrown when AD user tries to run IPA commands. related: https://pagure.io/freeipa/issue/8163 Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
freeipa · Apr 2, 2020 · a02df53 · a02df53
1 parent 9b3c320
commit a02df53
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
@@ -127,6 +127,28 @@ def test_user_gid_uid_resolution_in_nonposix_trust(self):
         assert re.search(
             testuser_regex, result.stdout_text), result.stdout_text
 
+    def test_ipa_commands_run_as_aduser(self):
+        """Test if proper error thrown when AD user tries to run IPA commands
+
+        Before fix the error used to implies that the ipa setup is broken.
+        Fix is to throw the proper error. This test is to check that the
+        error with 'Invalid credentials' thrown when AD user tries to run
+        IPA commands.
+
+        related: https://pagure.io/freeipa/issue/8163
+        """
+        tasks.kdestroy_all(self.master)
+        ad_admin = 'Administrator@%s' % self.ad_domain
+        tasks.kinit_as_user(self.master, ad_admin,
+                            self.master.config.ad_admin_password)
+        err_string = ('ipa: ERROR: Insufficient access: SASL(-14):'
+                      ' authorization failure: Invalid credentials')
+        result = self.master.run_command(['ipa', 'ping'], raiseonerr=False)
+        assert err_string in result.stderr_text
+
+        tasks.kdestroy_all(self.master)
+        tasks.kinit_admin(self.master)
+
     def test_ipauser_authentication_with_nonposix_trust(self):
         ipauser = u'tuser'
         original_passwd = 'Secret123'