From Fedora Project Wiki
(Created page with '{{QA/Test_Case |description=UI testing. |setup= # Make sure you have a working FreeIPA server (see QA:Testcase_freeipav2_installation) # Make sure the CLI works as expected (...') |
mNo edit summary |
||
Line 413: | Line 413: | ||
</ol> | </ol> | ||
=== Host Groups === | <!--=== Host Groups === | ||
=== Net Groups === | === Net Groups ===--> | ||
=== Services === | === Services === | ||
Line 483: | Line 483: | ||
</ol> | </ol> | ||
=== DNS Zones === | <!--=== DNS Zones === | ||
=== DNS Resource Records === | === DNS Resource Records ===--> | ||
=== HBAC Rules === | === HBAC Rules === | ||
Line 901: | Line 901: | ||
</ol> | </ol> | ||
=== Password Policy === | <!--=== Password Policy === | ||
=== Kerberos Ticket Policy === | === Kerberos Ticket Policy ===--> | ||
=== Role Based Access Control === | === Role Based Access Control === | ||
Line 1,116: | Line 1,116: | ||
</ol> | </ol> | ||
=== Configuration === | <!--=== Configuration ===--> | ||
=== Undo and Reset === | === Undo and Reset === |
Revision as of 15:51, 14 February 2011
Description
UI testing.
Setup
- Make sure you have a working FreeIPA server (see QA:Testcase_freeipav2_installation)
- Make sure the CLI works as expected (see QA:Testcase_freeipav2_cli)
How to test
Authentication
- Unauthenticated User Verify that an unauthenticated user cannot access the UI.
- Remove all credentials using kdestroy and check with klist.
- Open the Web UI.
- An error message should appear.
- Authenticated as Administrator Verify that the admin has full access to the UI.
- Authenticate as admin.
- Open the Web UI.
- At the top right corner it should say Administrator.
- There should be 3 tabs: Identity, Policy, IPA Server.
- The initial page should display a list of users.
- Authenticated as User Verify that a user only has access to the self-service page.
- Authenticate as admin.
- Create a new user.
- Set user's password.
- Authenticate as the new user.
- Open the Web UI.
- The user's name should appear at the top right corner.
- There should be 1 tab: Identity.
- The initial page should display user's data.
- Expired Credentials Verify that when the credentials expires the user loses access to the UI.
- Authenticate as admin or user using kinit.
- Open the Web UI.
- The UI should work normally.
- Remove credentials using kdestroy.
- Perform any action on the UI.
- An error message should appear.
- Authenticate again as admin or user.
- Click Retry.
- The action should complete successfully.
Users
- Finding Users Verify that the UI can be used to find users.
- As admin open the Web UI.
- Go to Identity -> Users.
- The page should display a list of all users.
- The list should contain these columns: full name, user login, UID, email address, and telephone number.
- Verify the list with the following command:
- Above the list there should be a search field.
- Enter a keyword which is the partial name of a known user, then click Find.
- The list should show users with matching names.
- Verify the list with the following command:
- Empty the search field, then click Find.
- The list should display all users again.
- Adding Users Verify that the UI can be used to add users.
- As admin open the Web UI.
- Go to Identity -> Users.
- The page should display a list of all users.
- On the left click Add.
- Enter user login, first name, and last name.
- Click Add.
- The list should now contain the new user.
- Verify the addition with the following command:
- Editing Users Verify that the UI can be used to edit users.
- As admin open the Web UI.
- Go to Identity -> Users.
- Click one of the users in the list.
- The user details should be displayed.
- Change the value of some attributes.
- Undo the changes on some attributes.
- On the left click Update, the undo links should disappear.
- Click Back to List.
- It should display the list of users.
- Verify the changes with the following command:
- Changing User Passwords Validate that the UI can be used to change user passwords.
- As admin open the Web UI.
- Go to Identity -> Users.
- Click one of the users in the list.
- Under "Account Settings", click "reset password".
- Enter a temporary password, then click "Reset Password".
- Authenticate as the user and enter the temporary password. It will ask for a new password, enter a new password.
- Reload the Web UI, it should show the self-service page for this user.
- Deactivating and Reactivating Users Verify that the UI can be used to deactivate and reactivate users.
- As admin open the Web UI.
- Go to Identity -> Users.
- Click one of the users in the list.
- Under "Account Settings", the "Account disabled" should indicate that the user is initially Active.
- Click Deactivate, the status should change to Inactive.
- Authenticate as the user, it should fail.
- Click Activate, the status should change back to Active.
- Authenticate as the user, it should work.
- Managing Group Enrollment Verify that user's group enrollment can be managed via UI.
- As admin open the Web UI.
- Go to Identity -> Users.
- Click one of the users in the list.
- On the left under Member Of click User Groups.
- The list of User Groups where the user is enrolled in should be displayed.
- Click Enroll, a dialog box will appear.
- Select some User Groups from the available list, then click >>.
- Click Enroll, the selected User Groups should be added to the list.
- Verify with the following command:
- Select some User Groups from the list.
- Click Delete, a dialog box will appear.
- Click Delete, the selected User Groups should be deleted from the list.
- Verify with the following command:
- Deleting Users Verify that the UI can be used to delete users.
- As admin open the Web UI.
- Go to Identity -> Users.
- Check the checkboxes next to some of the users in the list.
- On the left click Delete.
- A confirmation message should appear showing the users to be deleted.
- Click Delete, the selected users should disappear from the list.
- Verify the deletion with the following command:
User Groups
- Managing Member Users Enrollment Verify that group's member users can be managed via UI.
- As admin open the Web UI.
- Go to Identity -> Groups.
- Click one of the groups in the list.
- On the left under Member click Users.
- The list of member users should be displayed.
- Verify the member users with the following command:
- Click Enroll, a dialog box will appear.
- Select some users from the available list, then click >>.
- Click Enroll, the selected users should be added to the list.
- Verify the addition with the following command:
- Select some users from the list.
- Click Delete, a dialog box will appear.
- Click Delete, the selected users should be deleted from the list.
- Verify the deletion with the following command:
- Managing Member Groups Enrollment Verify that group's member groups can be managed via UI.
- As admin open the Web UI.
- Go to Identity -> Groups.
- Click one of the groups in the list.
- On the left under Member click User Groups.
- The list of member groups should be displayed.
- Verify the member groups with the following command:
- Click Enroll, a dialog box will appear.
- Select some groups from the available list, then click >>.
- Click Enroll, the selected groups should be added to the list.
- Verify the addition with the following command:
- Select some groups from the list.
- Click Delete, a dialog box will appear.
- Click Delete, the selected groups should be deleted from the list.
- Verify the deletion with the following command:
- Managing Group Membership Enrollment Verify that group's membership in other groups can be managed via UI.
- As admin open the Web UI.
- Go to Identity -> Groups.
- Click one of the groups in the list.
- On the left under Member Of click User Groups.
- The list of groups where this group is a member should be displayed.
- Verify the group membership (member of groups) with the following command:
- Click Enroll, a dialog box will appear.
- Select some groups from the available list, then click >>.
- Click Enroll, the selected groups should be added to the list.
- Verify the addition with the following command:
- Select some groups from the list.
- Click Delete, a dialog box will appear.
- Click Delete, the selected groups should be deleted from the list.
- Verify the deletion with the following command:
Hosts
- Finding Hosts Verify that the UI can be used to find hosts.
- As admin open the Web UI.
- Go to Identity -> Hosts.
- The page should display a list of all hosts. Initially there is only one host which is the IPA server itself.
- The list should contain these columns: hostname, description, enrolled and location.
- Verify the list with the following command:
- Above the list there should be a search field.
- Enter a keyword which is the partial name of a known host, then click Find.
- The list should show hosts with matching names.
- Verify the list with the following command:
- Empty the search field, then click Find.
- The list should display all hosts.
- Adding Hosts Verify that the UI can be used to add new hosts.
- As admin open the Web UI.
- Go to Identity -> Hosts.
- The page should display a list of all hosts.
- On the left click Add.
- Enter the hostname and select Force.
- Click Add, the list should now contain the new host.
- Verify the addition with the following command:
- Editing Hosts Verify that the UI can be used to edit hosts.
- As admin open the Web UI.
- Go to Identity -> Hosts.
- Click one of the hosts in the list.
- The host details should be displayed.
- Change the host description, an undo link should appear.
- On the left click Update, the undo links should disappear.
- Verify the changes with the following command:
- Managing Host Enrollment Verify that host enrollment can be managed via the UI.
- As admin open the Web UI.
- Go to Identity -> Hosts.
- Create a new host (e.g. test.example.com), then view the host details. Don't use the IPA server's host for this.
- Initially the enrollment status should say: Kerberos Key Not Present.
- Verify the Keytab is False with the following command:
- Get the host keytab using the following command:
- Reload the host details page. The status should say: Kerberos Key Present.
- Verify the Keytab is True with the following command:
- Click Delete Key, Unprovision, a dialog box should appear.
- Click Unprovision to confirm. The status should change back to: Kerberos Key Not Present.
- Verify the Keytab is False with the following command:
- Managing Host Certificate Verify that host certificate can be managed via the UI.
- As admin open the Web UI.
- Go to Identity -> Hosts.
- Create a new host (e.g. test.example.com), then view the host details. Don't use the IPA server's host for this.
- Initially the certificate status should say: No Valid Certificate.
- Verify there is no certificate with the following command:
- Generate private key using the following command:
- Generate CSR using the following command:
- Open test.csr, copy the base-64 encoded CSR data not including the BEGIN/END CERTIFICATE REQUEST delimiters.
- Click New Certificate, paste the CSR data.
- Click Issue, the status should now say: Valid Certificate Present.
- Verify new certificate is created with the following command:
- Click Get, the base-64 encoded certificate should be displayed.
- Verify the base-64 encoded certificate against the output of the previous command.
- Close the dialog box. Click View, the certificate info should be displayed.
- Verify the certificate info against the output of the previous command.
- Close the dialog box.
- Deleting Hosts Verify that the UI can be used to delete hosts.
- As admin open the Web UI.
- Go to Identity -> Hosts.
- Check the checkboxes next to some of the hosts in the list.
- On the left click Delete.
- A confirmation message should appear showing the hosts to be deleted.
- Click Delete, the selected hosts should disappear from the list.
- Verify the deletion with the following command:
Services
- Managing Service Enrollment Verify that service enrollment can be managed via the UI.
- As admin open the Web UI.
- Go to Identity -> Services.
- Create a new service (e.g. nfs/test.example.com), then view the service details. Don't use existing IPA services for this.
- Initially the enrollment status should say: Kerberos Key Not Present.
- Verify the Keytab is False with the following command:
- Get the host keytab using the following command:
- Reload the service details page. The status should say: Kerberos Key Present.
- Verify the Keytab is True with the following command:
- Click Delete Key, Unprovision, a dialog box should appear.
- Click Unprovision to confirm. The status should change back to: Kerberos Key Not Present.
- Verify the Keytab is False with the following command:
- Managing Service Certificate Verify that service certificate can be managed via the UI.
- As admin open the Web UI.
- Go to Identity -> Services.
- Create a new service (e.g. nfs/test.example.com), then view the service details. Don't use existing IPA services for this.
- Initially the certificate status should say: No Valid Certificate.
- Verify there is no certificate with the following command:
- Generate private key using the following command:
- Generate CSR using the following command:
- Open test.csr, copy the base-64 encoded CSR data not including the BEGIN/END CERTIFICATE REQUEST delimiters.
- Click New Certificate, paste the CSR data.
- Click Issue, the status should now say: Valid Certificate Present.
- Verify new certificate is created with the following command:
- Click Get, the base-64 encoded certificate should be displayed.
- Verify the base-64 encoded certificate against the output of the previous command.
- Close the dialog box. Click View, the certificate info should be displayed.
- Verify the certificate info against the output of the previous command.
- Close the dialog box.
HBAC Rules
- Finding HBAC Rules Verify that the UI can be used to find HBAC rules.
- As admin open the Web UI.
- Go to Policy -> HBAC.
- The page should display a list of all HBAC rules.
- The list should contain these columns: rule name, user category, host category, enabled, service category and source host category.
- Above the list there should be a search field.
- Enter a partial name of a known HBAC rule, then click Find.
- The list should show HBAC rules with matching names.
- Empty the search field, then click Find.
- The list should display all HBAC rules.
- Adding HBAC Rules Verify that the UI can be used to add HBAC rules.
- As admin open the Web UI.
- Go to Policy -> HBAC.
- The page should display a list of all HBAC rules.
- On the left click Add.
- Enter rule name and rule type.
- Click Add.
- The list should now contain the new HBAC rule.
- Editing HBAC Rule's General Attributes Verify that the UI can be used to edit HBAC rule's general attributes.
- As admin open the Web UI.
- Go to Policy -> HBAC.
- Click one of the HBAC rules in the list.
- The HBAC rule details should be displayed.
- Under the General section change the value of some attributes.
- Undo the changes on some attributes.
- On the left click Update, the Undo links should disappear.
- Editing HBAC Rule's Users Verify that the UI can be used to edit HBAC rule's users (Who).
- As admin open the Web UI.
- Go to Policy -> HBAC.
- Create a new HBAC rule, then edit it.
- Initially the user category should be: Specified Users and Groups. The list of Users and User Groups should be empty.
- On the Users list click Add, select some users, click >>, then click Enroll.
- The users should be added into the list.
- Select some users from the Users list, then click Remove.
- A dialog box should appear listing the users to be deleted. Click Delete, the users should disappear from the list.
- On the User Groups list click Add, select some groups, click >>, then click Enroll.
- The groups should be added into the list.
- Select some groups from the User Groups list, then click Remove.
- A dialog box should appear listing the groups to be deleted. Click Delete, the groups should disappear from the list.
- Change the user category to: Anyone. An undo link should appear. The Add/Remove links should become disabled.
- Click Update, the undo link should disappear. The Users and User Groups lists should become empty.
- Change the user category back to: Specified Users and Groups. An undo link should appear. The Add/Remove links should become enabled again.
- Click Update, the undo link should disappear.
- Editing HBAC Rule's Target Hosts Verify that the UI can be used to edit HBAC rule's target hosts (Accessing). Steps: Similar to Editing HBAC Rule's Users.
- Editing HBAC Rule's Services Verify that the UI can be used to edit HBAC rule's target services (Via Service). Steps: Similar to Editing HBAC Rule's Users.
- Editing HBAC Rule's Source Hosts Verify that the UI can be used to edit HBAC rule's source hosts (From). Steps: Similar to Editing HBAC Rule's Users.
- Deleting HBAC Rules Verify that the UI can be used to delete HBAC rules.
- As admin open the Web UI.
- Go to Policy -> HBAC.
- Check the checkboxes next to some of the HBAC rules in the list.
- On the left click Delete.
- A confirmation message should appear showing the HBAC rules to be deleted.
- Click Delete, the selected HBAC rules should disappear from the list.
HBAC Services
- Finding HBAC Services Verify that the UI can be used to find HBAC services.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Services.
- The page should display a list of all HBAC services.
- The list should contain these columns: service name and description.
- Above the list there should be a search field.
- Enter a partial name of a known HBAC service, then click Find.
- The list should show HBAC services with matching names.
- Empty the search field, then click Find.
- The list should display all HBAC services.
- Adding HBAC Services Verify that the UI can be used to add HBAC services.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Services.
- The page should display a list of all HBAC services.
- On the left click Add.
- Enter service name and description.
- Click Add.
- The list should now contain the new HBAC service.
- Editing HBAC Services Verify that the UI can be used to edit HBAC services.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Services.
- Click one of the HBAC services in the list.
- The HBAC service details should be displayed.
- Change the description. An Undo link should appear.
- On the left click Update, the Undo links should disappear.
- Deleting HBAC Services Verify that the UI can be used to delete HBAC services.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Services.
- Check the checkboxex next to some of the HBAC services in the list.
- On the left click Delete.
- A confirmation message should appear showing the HBAC services to be deleted.
- Click Delete, the selected HBAC services should disappear from the list.
HBAC Service Groups
- Finding HBAC Service Groups Verify that the UI can be used to find HBAC service groups.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Service Groups.
- The page should display a list of all HBAC service groups.
- The list should contain these columns: service group name and description.
- Above the list there should be a search field.
- Enter a partial name of a known HBAC service group, then click Find.
- The list should show HBAC service groups with matching names.
- Empty the search field, then click Find.
- The list should display all HBAC service groups.
- Adding HBAC Service Group Verify that the UI can be used to add HBAC service groups.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Service Groups.
- The page should display a list of all HBAC service groups.
- On the left click Add.
- Enter service group name and description.
- Click Add.
- The list should now contain the new HBAC service group.
- Editing HBAC Service Groups Verify that the UI can be used to edit HBAC service groups.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Service Groups.
- Click one of the HBAC service groups in the list.
- The HBAC service group details should be displayed.
- Change the description. An undo link should appear.
- On the left click Update, the undo links should disappear.
- Deleting HBAC Service Groups Verify that the UI can be used to delete HBAC service groups.
- As admin open the Web UI.
- Go to Policy -> HBAC -> HBAC Service Groups.
- Check the checkboxes next to some of the HBAC service groups in the list.
- On the left click Delete.
- A confirmation message should appear showing the HBAC service groups to be deleted.
- Click Delete, the selected HBAC service groups should disappear from the list.
SUDO Rules
- Finding SUDO Rules Verify that the UI can be used to find SUDO rules.
- As admin open the Web UI.
- Go to Policy -> SUDO.
- The page should display a list of all SUDO rules.
- The list should contain these columns: rule name, description, command category.
- Above the list there should be a search field.
- Enter a partial name of a known SUDO rule, then click Find.
- The list should show SUDO rules with matching names.
- Empty the search field, then click Find.
- The list should display all SUDO rules.
- Adding SUDO Rules Verify that the UI can be used to add SUDO rules.
- As admin open the Web UI.
- Go to Policy -> SUDO.
- The page should display a list of all SUDO rules.
- On the left click Add.
- Enter rule name.
- Click Add.
- The list should now contain the new SUDO rule.
- Editing SUDO Rule's General Attributes Verify that the UI can be used to edit SUDO rule's general attributes.
- As admin open the Web UI.
- Go to Policy -> SUDO.
- Click one of the SUDO rules in the list.
- The SUDO rule details should be displayed.
- Under the General section change the value of some attributes.
- Undo the changes on some attributes.
- On the left click Update, the undo links should disappear.
- Editing SUDO Rule's Users Verify that the UI can be used to edit SUDO rule's users (Who).
- As admin open the Web UI.
- Go to Policy -> SUDO.
- Create a new SUDO rule, then edit it.
- Initially the user category should be: Specified Users and Groups. The list of Users and User Groups should be empty.
- On the Users list click Add, select some users, click >>, then click Enroll.
- The users should be added into the list.
- Select some users from the Users list, then click Remove.
- A dialog box should appear listing the users to be deleted. Click Delete, the users should disappear from the list.
- On the User Groups list click Add, select some groups, click >>, then click Enroll.
- The groups should be added into the list.
- Select some groups from the User Groups list, then click Remove.
- A dialog box should appear listing the groups to be deleted. Click Delete, the groups should disappear from the list.
- Change the user category to: Anyone. An undo link should appear. The Add/Remove links should become disabled.
- Click Update, the undo link should disappear. The Users and User Groups lists should become empty.
- Change the user category back to: Specified Users and Groups. An undo link should appear. The Add/Remove links should become enabled again.
- Click Update, the undo link should disappear.
- Editing SUDO Rule's Hosts Verify that the UI can be used to edit SUDO rule's hosts (Accessing This Host). Steps: Similar to Editing SUDO Rule's Users.
- Editing SUDO Rule's Allow/Deny Commands Verify that the UI can be used to edit SUDO rule's allow/deny commands (Run Commands).
- As admin open the Web UI.
- Go to Policy -> SUDO.
- Create a new SUDO rule, then edit it. Go to Run Commands section.
- There should be 2 subsections: Allow and Deny.
- The Allow subsection should have a command category.
- Initially the command category should be: Specified Commands and Groups.
- Iniitally the list of Allow Commands/Groups should be empty.
- On the Allow Commands/Groups list click Add, select some commands/groups, click >>, then click Enroll.
- The commands/groups should be added into the list.
- Select some commands/groups from the Allow Commands/Groups list, then click Remove.
- A dialog box should appear listing the commands/groups to be deleted. Click Delete, the commands/groups should disappear from the list.
- The Deny subsection should not have a command category.
- Initially the list of Deny Commands/Groups should be empty.
- On the Deny Commands/Groups list click Add, select some commands/groups, click >>, then click Enroll.
- The commands/groups should be added into the list.
- Select some commands/groups from the Deny Commands/Groups list, then click Remove.
- A dialog box should appear listing the commands/groups to be deleted. Click Delete, the commands/groups should disappear from the list.
- Editing SUDO Rule's Run-As Users Verify that the UI can be used to edit SUDO rule's run-as users (As Whom). Steps: Similar to Editing SUDO Rule's Users.
- Deleting SUDO Rules Verify that the UI can be used to delete SUDO rules.
- As admin open the Web UI.
- Go to Policy -> SUDO.
- Check the checkboxes next to some of the SUDO rules in the list.
- On the left click Delete.
- A confirmation message should appear showing the SUDO rules to be deleted.
- Click Delete, the selected SUDO rules should disappear from the list.
SUDO Commands
- Finding SUDO Commands Verify that the UI can be used to find SUDO commands.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Commands.
- The page should display a list of all SUDO commands.
- The list should contain these columns: SUDO command and description.
- Above the list there should be a search field.
- Enter a partial name of a known SUDO command, then click Find.
- The list should show SUDO commands with matching commands.
- Empty the search field, then click Find.
- The list should display all SUDO commands.
- Adding SUDO Commands Verify that the UI can be used to add SUDO commands.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Commands.
- The page should display a list of all SUDO commands.
- On the left click Add.
- Enter SUDO command and description.
- Click Add.
- The list should now contain the new SUDO commands.
- Editing SUDO Commands Verify that the UI can be used to edit SUDO commands.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Commands.
- Click one of the SUDO commands in the list.
- The SUDO command details should be displayed.
- Change the description. An Undo link should appear.
- On the left click Update, the Undo link should disappear.
- Deleting SUDO Commands Verify that the UI can be used to delete SUDO commands.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Commands.
- Check the checkboxes next to some of the SUDO commands in the list.
- On the left click Delete.
- A confirmation message should appear showing the SUDO commands to be deleted.
- Click Delete, the selected SUDO commands should disappear from the list.
SUDO Command Groups
- Finding SUDO Command Groups Verify that the UI can be used to find SUDO command groups.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Command Groups.
- The page should display a list of all SUDO command groups.
- The list should contain these columns: SUDO command group and description.
- Above the list there should be a search field.
- Enter a partial name of a known SUDO command group, then click Find.
- The list should show SUDO command groups with matching names.
- Empty the search field, then click Find.
- The list should display all SUDO command groups.
- Adding SUDO Command Groups Verify that the UI can be used to add SUDO command groups.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Command Groups.
- The page should display a list of all SUDO command groups.
- On the left click Add.
- Enter SUDO command group and description.
- Click Add.
- The list should now contain the new SUDO command groups.
- Editing SUDO Command Groups Verify that the UI can be used to edit SUDO command groups.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Command Groups.
- Click one of the SUDO command groups in the list.
- The SUDO command group details should be displayed.
- Change the description. An Undo link should appear.
- On the left click Update, the Undo link should disappear.
- Deleting SUDO Command Groups Verify that the UI can be used to delete SUDO command groups.
- As admin open the Web UI.
- Go to Policy -> SUDO -> SUDO Command Groups.
- Check the checkboxes next to some of the SUDO command groups in the list.
- On the left click Delete.
- A confirmation message should appear showing the SUDO command groups to be deleted.
- Click Delete, the selected SUDO command groups should disappear from the list.
Role Based Access Control
- Add subtree permission
- In tabs click IPA Server->Role Based Access Control
- In left panel click Permission
- Click Add
- set the following fields:
- permission name:sample-subtree-permission
- rights: write
- Target On: Query
- ldap:///cn=*,cn=roles,cn=accounts,dc=example,dc=com
- Click Add and Add Another
- Fields should blank out and be set back to filter
- Add filter permission
- set the following fields:
- permission name:sample-filter-permission
- rights: write
- Target On: Filter
- ou=engineering
- Click Add and Add Another
- Fields should blank out and be set back to filter
- Add target group permission
- set the following fields:
- permission name:sample-targetgroup-permission
- rights: write
- Target On: targetgroup
- group:editors
- Click Add
- Permissions List will update with three new permissions at the end: sample-subtree-permission sample-filter-permission sample-targetgroup-permission
- Add type permission
- Click add in left Panel:
- set the following fields:
- permission name:sample-type-permission
- rights: write
- Target On: type
- Type: user
- attributes: scroll down and click title
- Click Add and Edit
- Settings page should display. The type select box should be displayed and set to user, the checkbox next to the title attribute should be checked
- Add privilege and assign permissions
- Click privileges in the left panel
- click on the add button
- Fill in the following fields
- Name: sample-privilege
- Description: Privilege for testing purposes only.
- click Add and Edit
- the privilege settings page should show.
- in the left panel, under Member Of, click Permissions
- Click enroll
- type sample into the text box at the top of the dialog and click Find
- the left column labeled Available should show the four permissions created above
- click the checkbox next to the word "Permissions" in the left column
- all the check boxes in the white area should now be checked
- click >>
- he selected permissions should move to to the right column, labeled prospective
- click enroll
- the list should now show the four permissions that start with sample
- Delete assigned permission
- click the checkbox next to sample-filter-permission
- click the deletebutton in the left panel
- a dialog box should show the selelcted permission
- click delete
- the dialog box should close, and a spinner should briefly appear, then the selected permission should disappear from the list.
- Create role and assign permissions
- In the left panel, click roles
- The list should be prepopulated with some entires.
- In he left panel, click the add button
- A dialog should open up
- fill out the following values:
- Role Name: sample-role
- Description: role for testing only
- click add
- the role sample-role should be appended to the list
- click the hyperlink sample-role
- the role details page should appear, with the name and description
- in the left panel, under member of click 'Privileges'
- the list should be empty.
- in the left panel, click the enroll button
- in the text box at the top of the dialog, type sample
- Click the find button
- The left column labeled privileges should reduce to a single entry, sample-privilege
- click the checkbox next to sample-privilege
- click >>
- click the enroll button
- The dialog should close, and the list should update with the sample-privilege
- click the hyperlink 'sample-privilege
- the privilege settings page should display with the information for sample-privilege
- Delete permission assignment
- You should still be on the settings page for sample-privilege
- In the left panel, under the word Member of click on the word permissions
- the four permissions starting with the word sample should be listed
- click the checkbox at the next to the word sample-type-permission
- click the delete button in the left panel
- the sample-type-permission value should be removed from the list
- Delete permissions
- in the left panel, click the word permissions
- the permission list should show.
- in the text field at the tope of the page, type the word sample
- click the find button
- the list should be reduced to the four permissions starting with the word sample
- click the checkbox at the top of the page to select all four permissions
- click delete
- the list should be empty
Self Service Permissions
- Verify that we can add and remove permissions for users to perform self service on various attributes
- open browser
- navigate to http://server.ipa.example.com
- Click IPA Server tab
- Click Self Service Permissions tab:
- Self Service Permisions should be listed, with only one value in there: user can change own password
- Click add
- set to following fields
- Self-Service name: change-homedir
- Under attributes, homedirectory
- Click Add and Edit
- Close browser
- open browser, login as psmith
- user settings page should be displayed. home directory field should now be editable.
- close broweser
- open browser. go to IPA Server->Self Service Permissions
- click checkbox next to change-homedir
- click delete
- Close browser
- kinit psmith
- open browser, login as psmith
- user settings page should be displayed. home directory field should not be editable anymore.
Delegation
- Verify that users assigned to one group can be delegated authority to modify fields for members of another group.
- open browser. go to http://server.ipa.example.com
- click IPA server Top tab
- click Delegation subtab
- Should be on delegation list page, and the list should be empty
- Click Add
- Fill out the following fileds with the specified values
- DelegationName: title-delegate
- scroll down and click title
- User Group: click editors
- Member User group: click ipausers
- Click add and edit.
- Settyings page should be displayed. Values should be what they were set on 'add'
- Go to Indentity->User tab.
- select user psmith
- User settings page for psmith should show.
- click on user Groups in the left panel
- click on the enroll button in the left panel
- select group editors
- click >> to move that to the right list of enrollments.
- click enroll
- click on Back to List
- create another user with uid of ptownshend
- close browser
- open browser
- go to http://server.ipa.example.com
- you should be on the psmith user page. click "Back to List"
- you should be on the user list page
- select user ptownshend
- You should be on that user settings page for ptownshend. Most of the fields should be unwritable, but the title field should be editable.
- Add the value "Lead Guitar" and click update.
- Click Back to list
- The Title field for the user ptownsend should say "Lead Guiter"
Undo and Reset
- Verify that the Undo and Reset links can be used to revert attribute values.
- As admin or user open the Web UI.
- Open one of the details page (e.g. go to Identity -> Users, click one of the users).
- Change the value on some of the attributes. An Undo link should appear next to each of the attribute changed.
- Click the Undo link, the attribute should revert to the original value.
- Click the Reset link, all attributes should revert to the original values, all Undo links should disappear.
Expected Results
- All the test steps should end with the specified results.