From Fedora Project Wiki

Description

This test case verifies that the ipa-migrate command in stage mode migrates users, groups, HBAC rules, and sudo rules from a remote IPA server to a local IPA server as expected.

Setup

  • Install Fedora 41 on both local and remote servers.
  • Set up a remote IPA server with the domain testrelm.test and ensure it is running.
  • Create the following on the remote IPA server:
 * A user (user1) with a valid configuration.
 * Groups.
 * HBAC rule (hbacrule1).
 * Sudo rule (sudorule1).
  • Set up a local IPA server with the same domain testrelm.test and ensure it is running.

How to test

  1. Install the IPA server on the remote system and configure it with domain testrelm.test.
  2. Create sample entries on the remote IPA server:
 * User user1
 * Groups
 * HBAC Rule: hbacrule1
 * Sudo Rule: sudorule1
  1. Install and configure the IPA server on the local system with the same domain testrelm.test.
  2. Run the ipa-migrate command in stage mode:
  3. [root@local ~]# ipa-migrate stage-mode remote.testrelm.test -w pwd
  4. Confirm the migration operation by checking the logs and reviewing the migration summary.

Expected Results

The following must be true to consider this a successful test run:

  1. The ipa-migrate command executes without errors and displays the migration summary.
  2. The output confirms successful migration of users, groups, HBAC rules, and sudo rules.
  3. The ipa user-find command on the local server lists user1 with expected details:

User login: user1 First name: user1 Last name: s Home directory: /home/user1 Login shell: /bin/sh Principal name: user1@TESTRELM.TEST Principal alias: user1@TESTRELM.TEST Email address: user1@testrelm.test UID: 473600007 GID: 473600007 Account disabled: False

  1. The ipa hbacrule-find command confirms the presence of the migrated rule:

Rule name: hbacrule1 Enabled: True

  1. The ipa sudorule-find command confirms the presence of the migrated rule: Rule name: sudorule1 Enabled: True
  2. Verify that IDs (UID, GID, SID, etc.) have been regenerated for migrated entities:
  • On remote server:
 `
 [root@remote ~]# id user1
 uid=1662400003(user1) gid=1662400003(user1) groups=1662400003(user1)
 `
  • On local server:
 `
 [root@local ~]# id user1
 uid=473600007(user1) gid=473600007(user1) groups=473600007(user1)
 `

Optional

  • Test migration with additional entities or custom configurations to ensure robustness.
  • Check if manually migrating configuration files improves system performance.