From Fedora Project Wiki

(Initial draft)
 
m (Add cacert instructions)
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{QA/Test_Case
{{QA/Test_Case
|description= This test is designed to validate the feature [[Features/SSSDByDefault]].  The test involves configuring a system for LDAP identity and authentication, and performing several actions on the system.
|description= This test is designed to validate the feature [[Features/SSSDByDefault]].  The test requires an existing LDAP server to perform several identity and authentication actions.
{{admon/tip|Testing for the SSSD by Default Test Day?|If you are testing during the [[Test_Day:2010-03-30_SSSDByDefault|SSSD by Default Test Day]], you may use the server information provided on the [[Test_Day:2010-03-30_SSSDByDefault|test day wiki]].  Otherwise, you will need a LDAP server to connect with to perform this test.}}
 
|actions=
|actions=
# Prepare you system by enabling firstboot to start on boot.  As an authorized user, run the following commands:
# Prepare your system by configuring {{package|firstboot}} to start on boot.  As an authorized user, run the commands listed below.  Once complete, ''reboot'' your system.
#: <pre>
#: <pre>
#: rm -f /etc/sysconfig/firstboot
#: rm -f /etc/sysconfig/firstboot
#: /sbin/chkconfig firstboot on</pre>
#: /sbin/chkconfig firstboot on</pre>
# Reboot your system
# At firstboot, proceed to the ''Create User'' step and select ''Use Network Login...'' to start the ''Authentication Configuration'' (see [[:Image:Screenshot-firstboot.png]])
# At firstboot, proceed to the ''Create User'' step and select ''Use Network Login...'' to start the ''Authentication Configuration''
# In the ''Authentication Configuration'' application, under the ''Identity & Authentication'' tab set '''User Account Database''' to '''LDAP''' and make the configuration changes listed below.   
# In the ''Authentication Configuration'' application, under the ''Identity & Authentication'' tab set '''User Account Database''' to '''LDAP'''.  Enter a valid ''Search Base DN'' and ''Server'' for a local LDAP serverIf you are testing during the [[Test_Day:2010-03-30_SSSDByDefault|SSSD by Default Test Day]], you may use the LDAP server information provided on the [[Test_Day:2010-03-30_SSSDByDefault|test day wiki]].
#* Enter a valid ''Search Base DN''
# Next, on the same screen, set '''Authentication Method''' to '''LDAP password'''. When finished, select ''Apply'' and complete the remaining steps in {{command|firstboot}} as desired.
#* Enter a LDAP server in the field ''Server''.  Use the format <code>ldaps://my.ldap.server</code>
# When the graphical login screen appears, login using a valid LDAP username and password.  If you are testing during the [[Test_Day:2010-03-30_SSSDByDefault|SSSD by Default Test Day]], use the LDAP username and password information found on the [[Test_Day:2010-03-30_SSSDByDefault|test day wiki]].
#* Select ''Download CA Certificate...'' and enter the certificate URL
# Also in the ''Authentication Configuration'' application, under the ''Identity & Authentication'' tab set '''Authentication Method''' to '''LDAP password''' (see [[:Image:Screenshot-LDAP Authentication Configuration.png]])
# When finished, select ''Apply'' and complete the remaining steps in {{command|firstboot}} as desired.
# When the graphical login screen appears, login to the system using a valid LDAP username and password.
# Open a terminal application, and check whether you can query for information about other LDAP usersFor example, if using the Test Day login information you might run a commands similar to:
#: <pre>
#: getent passwd sssdtest10002
#: getent group sssdgroup20002
#: finger sssdtest10002</pre>
# Change the password for the logged in LDAP user.  This can be accomplished by starting ''System'' → ''Preferences'' → ''About me'', then selecting ''Change Password''.  Or you can run the command {{command|passwd}} from a terminal application.  After changing the password, logout of the desktop.
# Let's confirm the password change by logging into using the same LDAP user, but with the new password.  Once logged in, use the same procedure to revert the LDAP user password to the original value.
# Finally, login to your system over the network.  For example, use {{command|ssh}} to login to your local system by typing: <pre>ssh $USER@localhost</pre>
|results=
|results=
# Firstboot is enabled and starts on boot
# Firstboot is configured to start without error
and starts on boot
# The ''Authentication Configuration'' application starts and completes without error
# The ''Authentication Configuration'' application starts and completes without error
# The ''Authentication Configuration'' writes configuration information to {{filename|/etc/sssd/sssd.conf}} that includes the following details:
# The ''Authentication Configuration'' writes configuration information to {{filename|/etc/sssd/sssd.conf}} that includes the following details:
#: <pre>
#: <pre>
#: Add some config file key=value pairs to look for
#: [domain/default]
#: ldap_id_use_start_tls = False
#: cache_credentials = True
#: ldap_search_base = dc=example,dc=com
#: krb5_realm = EXAMPLE.COM
#: chpass_provider = ldap
#: id_provider = ldap
#: auth_provider = ldap
#: debug_level = 0
#: min_id = 1000
#: ldap_uri = ldaps://publictest9.fedoraproject.org/
#: krb5_kdcip = kerberos.example.com
#: </pre>
#: </pre>
# Login to the graphical desktop is successful using a valid LDAP username and password
# Login to the graphical desktop is successful using a valid LDAP username and password
# The commands {{command|getent}} and {{command|finger}} return information about LDAP users.  Sample output appears below.
#: <pre>
#: getent passwd sssdtest10001
#: sssdtest10001:*:10001:20001:SSSD 10001 test user:/home/sssdtest10001:/bin/bash
#:
#: finger sssdtest10001
#: Login: sssdtest10001  Name: SSSD 10001 test user
#: Directory: /home/sssdtest10001      Shell: /bin/bash
#: On since Mon Mar 29 15:57 (IST) on pts/2 from localhost
#: </pre>
# Whether using a graphical utility, or the command {{command|passwd}}, the password is successfully changed
# The new password is accepted when logging into the desktop
# You are able to login to your system using a remote shell command such as {{command|ssh}}
}}
}}


[[Category:SSSD Test Cases]]
[[Category:SSSD Test Cases]]

Latest revision as of 15:28, 30 March 2010

Description

This test is designed to validate the feature Features/SSSDByDefault. The test requires an existing LDAP server to perform several identity and authentication actions.

Testing for the SSSD by Default Test Day?
If you are testing during the SSSD by Default Test Day, you may use the server information provided on the test day wiki. Otherwise, you will need a LDAP server to connect with to perform this test.


How to test

  1. Prepare your system by configuring firstboot to start on boot. As an authorized user, run the commands listed below. Once complete, reboot your system.
    rm -f /etc/sysconfig/firstboot
    /sbin/chkconfig firstboot on
  2. At firstboot, proceed to the Create User step and select Use Network Login... to start the Authentication Configuration (see Image:Screenshot-firstboot.png)
  3. In the Authentication Configuration application, under the Identity & Authentication tab set User Account Database to LDAP and make the configuration changes listed below.
    • Enter a valid Search Base DN
    • Enter a LDAP server in the field Server. Use the format ldaps://my.ldap.server
    • Select Download CA Certificate... and enter the certificate URL
  4. Also in the Authentication Configuration application, under the Identity & Authentication tab set Authentication Method to LDAP password (see Image:Screenshot-LDAP Authentication Configuration.png)
  5. When finished, select Apply and complete the remaining steps in firstboot as desired.
  6. When the graphical login screen appears, login to the system using a valid LDAP username and password.
  7. Open a terminal application, and check whether you can query for information about other LDAP users. For example, if using the Test Day login information you might run a commands similar to:
    getent passwd sssdtest10002
    getent group sssdgroup20002
    finger sssdtest10002
  8. Change the password for the logged in LDAP user. This can be accomplished by starting SystemPreferencesAbout me, then selecting Change Password. Or you can run the command passwd from a terminal application. After changing the password, logout of the desktop.
  9. Let's confirm the password change by logging into using the same LDAP user, but with the new password. Once logged in, use the same procedure to revert the LDAP user password to the original value.
  10. Finally, login to your system over the network. For example, use ssh to login to your local system by typing:
    ssh $USER@localhost

Expected Results

  1. Firstboot is configured to start without error
  2. and starts on boot
  3. The Authentication Configuration application starts and completes without error
  4. The Authentication Configuration writes configuration information to /etc/sssd/sssd.conf that includes the following details:
    [domain/default]
    ldap_id_use_start_tls = False
    cache_credentials = True
    ldap_search_base = dc=example,dc=com
    krb5_realm = EXAMPLE.COM
    chpass_provider = ldap
    id_provider = ldap
    auth_provider = ldap
    debug_level = 0
    min_id = 1000
    ldap_uri = ldaps://publictest9.fedoraproject.org/
    krb5_kdcip = kerberos.example.com
  5. Login to the graphical desktop is successful using a valid LDAP username and password
  6. The commands getent and finger return information about LDAP users. Sample output appears below.
    getent passwd sssdtest10001
    sssdtest10001:*:10001:20001:SSSD 10001 test user:/home/sssdtest10001:/bin/bash
    finger sssdtest10001
    Login: sssdtest10001 Name: SSSD 10001 test user
    Directory: /home/sssdtest10001 Shell: /bin/bash
    On since Mon Mar 29 15:57 (IST) on pts/2 from localhost
  7. Whether using a graphical utility, or the command passwd, the password is successfully changed
  8. The new password is accepted when logging into the desktop
  9. You are able to login to your system using a remote shell command such as ssh